Class VpcEndpointAssociation

java.lang.Object
software.amazon.awssdk.services.networkfirewall.model.VpcEndpointAssociation
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<VpcEndpointAssociation.Builder,VpcEndpointAssociation>
@Generated("software.amazon.awssdk:codegen") public final class VpcEndpointAssociation extends Object implements SdkPojo, Serializable, ToCopyableBuilder<VpcEndpointAssociation.Builder,VpcEndpointAssociation>

A VPC endpoint association defines a single subnet to use for a firewall endpoint for a Firewall. You can define VPC endpoint associations only in the Availability Zones that already have a subnet mapping defined in the Firewall resource.

You can retrieve the list of Availability Zones that are available for use by calling DescribeFirewallMetadata.

To manage firewall endpoints, first, in the Firewall specification, you specify a single VPC and one subnet for each of the Availability Zones where you want to use the firewall. Then you can define additional endpoints as VPC endpoint associations.

You can use VPC endpoint associations to expand the protections of the firewall as follows:

  • Protect multiple VPCs with a single firewall - You can use the firewall to protect other VPCs, either in your account or in accounts where the firewall is shared. You can only specify Availability Zones that already have a firewall endpoint defined in the Firewall subnet mappings.

  • Define multiple firewall endpoints for a VPC in an Availability Zone - You can create additional firewall endpoints for the VPC that you have defined in the firewall, in any Availability Zone that already has an endpoint defined in the Firewall subnet mappings. You can create multiple VPC endpoint associations for any other VPC where you use the firewall.

You can use Resource Access Manager to share a Firewall that you own with other accounts, which gives them the ability to use the firewall to create VPC endpoint associations. For information about sharing a firewall, see PutResourcePolicy in this guide and see Sharing Network Firewall resources in the Network Firewall Developer Guide.

The status of the VPC endpoint association, which indicates whether it's ready to filter network traffic, is provided in the corresponding VpcEndpointAssociationStatus. You can retrieve both the association and its status by calling DescribeVpcEndpointAssociation.

See Also:

  • Method Details

    • vpcEndpointAssociationId

      public final String vpcEndpointAssociationId()

      The unique identifier of the VPC endpoint association.

      Returns:
      The unique identifier of the VPC endpoint association.

    • vpcEndpointAssociationArn

      public final String vpcEndpointAssociationArn()

      The Amazon Resource Name (ARN) of a VPC endpoint association.

      Returns:
      The Amazon Resource Name (ARN) of a VPC endpoint association.

    • firewallArn

      public final String firewallArn()

      The Amazon Resource Name (ARN) of the firewall.

      Returns:
      The Amazon Resource Name (ARN) of the firewall.

    • vpcId

      public final String vpcId()

      The unique identifier of the VPC for the endpoint association.

      Returns:
      The unique identifier of the VPC for the endpoint association.

    • subnetMapping

      public final SubnetMapping subnetMapping()
      Returns the value of the SubnetMapping property for this object.
      Returns:
      The value of the SubnetMapping property for this object.

    • description

      public final String description()

      A description of the VPC endpoint association.

      Returns:
      A description of the VPC endpoint association.

    • hasTags

      public final boolean hasTags()
      For responses, this returns true if the service returned a value for the Tags property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • tags

      public final List<Tag> tags()

      The key:value pairs to associate with the resource.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasTags() method.

      Returns:
      The key:value pairs to associate with the resource.

    • toBuilder

      public VpcEndpointAssociation.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<VpcEndpointAssociation.Builder,VpcEndpointAssociation>
      Returns:
      a builder for type T

    • builder

      public static VpcEndpointAssociation.Builder builder()

    • serializableBuilderClass

      public static Class<? extends VpcEndpointAssociation.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.

    • sdkFieldNameToField

      public final Map<String,SdkField<?>> sdkFieldNameToField()
      Specified by:
      sdkFieldNameToField in interface SdkPojo
      Returns:
      The mapping between the field name and its corresponding field.