Docs Home
Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi
cloudngfwaws.AccountOnboardingStack
Explore with Pulumi AI
Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi
Resource for Account Onboarding.
Admin Permission Type
Rulestack(forscope="Local")Global Rulestack(forscope="Global")
Create AccountOnboardingStack Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccountOnboardingStack(name: string, args: AccountOnboardingStackArgs, opts?: CustomResourceOptions);@overload
def AccountOnboardingStack(resource_name: str,
args: AccountOnboardingStackArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccountOnboardingStack(resource_name: str,
opts: Optional[ResourceOptions] = None,
external_id: Optional[str] = None,
trusted_account: Optional[str] = None,
cft_role_name: Optional[str] = None,
account_id: Optional[str] = None,
sns_topic_arn: Optional[str] = None,
onboarding_cft: Optional[str] = None,
cloudwatch_log_group: Optional[str] = None,
endpoint_mode: Optional[str] = None,
kinesis_firehose: Optional[str] = None,
decryption_cert: Optional[str] = None,
s3_bucket: Optional[str] = None,
cloudwatch_namespace: Optional[str] = None,
stack_id: Optional[str] = None,
stack_status: Optional[str] = None,
auditlog_group: Optional[str] = None)func NewAccountOnboardingStack(ctx *Context, name string, args AccountOnboardingStackArgs, opts ...ResourceOption) (*AccountOnboardingStack, error)public AccountOnboardingStack(string name, AccountOnboardingStackArgs args, CustomResourceOptions? opts = null)
public AccountOnboardingStack(String name, AccountOnboardingStackArgs args)
public AccountOnboardingStack(String name, AccountOnboardingStackArgs args, CustomResourceOptions options)
type: cloudngfwaws:AccountOnboardingStack
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccountOnboardingStackArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccountOnboardingStackArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccountOnboardingStackArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccountOnboardingStackArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccountOnboardingStackArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accountOnboardingStackResource = new CloudNgfwAws.AccountOnboardingStack("accountOnboardingStackResource", new()
{
ExternalId = "string",
TrustedAccount = "string",
CftRoleName = "string",
AccountId = "string",
SnsTopicArn = "string",
OnboardingCft = "string",
CloudwatchLogGroup = "string",
EndpointMode = "string",
KinesisFirehose = "string",
DecryptionCert = "string",
S3Bucket = "string",
CloudwatchNamespace = "string",
StackId = "string",
StackStatus = "string",
AuditlogGroup = "string",
});
example, err := cloudngfwaws.NewAccountOnboardingStack(ctx, "accountOnboardingStackResource", &cloudngfwaws.AccountOnboardingStackArgs{
ExternalId: pulumi.String("string"),
TrustedAccount: pulumi.String("string"),
CftRoleName: pulumi.String("string"),
AccountId: pulumi.String("string"),
SnsTopicArn: pulumi.String("string"),
OnboardingCft: pulumi.String("string"),
CloudwatchLogGroup: pulumi.String("string"),
EndpointMode: pulumi.String("string"),
KinesisFirehose: pulumi.String("string"),
DecryptionCert: pulumi.String("string"),
S3Bucket: pulumi.String("string"),
CloudwatchNamespace: pulumi.String("string"),
StackId: pulumi.String("string"),
StackStatus: pulumi.String("string"),
AuditlogGroup: pulumi.String("string"),
})
var accountOnboardingStackResource = new AccountOnboardingStack("accountOnboardingStackResource", AccountOnboardingStackArgs.builder()
.externalId("string")
.trustedAccount("string")
.cftRoleName("string")
.accountId("string")
.snsTopicArn("string")
.onboardingCft("string")
.cloudwatchLogGroup("string")
.endpointMode("string")
.kinesisFirehose("string")
.decryptionCert("string")
.s3Bucket("string")
.cloudwatchNamespace("string")
.stackId("string")
.stackStatus("string")
.auditlogGroup("string")
.build());
account_onboarding_stack_resource = cloudngfwaws.AccountOnboardingStack("accountOnboardingStackResource",
external_id="string",
trusted_account="string",
cft_role_name="string",
account_id="string",
sns_topic_arn="string",
onboarding_cft="string",
cloudwatch_log_group="string",
endpoint_mode="string",
kinesis_firehose="string",
decryption_cert="string",
s3_bucket="string",
cloudwatch_namespace="string",
stack_id="string",
stack_status="string",
auditlog_group="string")
const accountOnboardingStackResource = new cloudngfwaws.AccountOnboardingStack("accountOnboardingStackResource", {
externalId: "string",
trustedAccount: "string",
cftRoleName: "string",
accountId: "string",
snsTopicArn: "string",
onboardingCft: "string",
cloudwatchLogGroup: "string",
endpointMode: "string",
kinesisFirehose: "string",
decryptionCert: "string",
s3Bucket: "string",
cloudwatchNamespace: "string",
stackId: "string",
stackStatus: "string",
auditlogGroup: "string",
});
type: cloudngfwaws:AccountOnboardingStack
properties:
accountId: string
auditlogGroup: string
cftRoleName: string
cloudwatchLogGroup: string
cloudwatchNamespace: string
decryptionCert: string
endpointMode: string
externalId: string
kinesisFirehose: string
onboardingCft: string
s3Bucket: string
snsTopicArn: string
stackId: string
stackStatus: string
trustedAccount: string
AccountOnboardingStack Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccountOnboardingStack resource accepts the following input properties:
- Account
Id string - The account IDs
- Cft
Role stringName - Role name to run the account onboarding CFT in each account to be onboarded.
- External
Id string - External Id of the onboarded account
- Onboarding
Cft string - Role name to run the account onboarding CFT in each account to be onboarded.
- Sns
Topic stringArn - SNS topic ARN to publish the role ARNs
- Trusted
Account string - PANW Cloud NGFW trusted account Id
- Auditlog
Group string - Audit Log Group Name
- Cloudwatch
Log stringGroup - Cloudwatch Log Group
- Cloudwatch
Namespace string - Cloudwatch Namespace
- Decryption
Cert string - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- Endpoint
Mode string - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- Kinesis
Firehose string - Kinesis Firehose for logging
- S3Bucket string
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- Stack
Id string - ID of the account onboarding CFT stack
- Stack
Status string - Status of the account onboarding CFT stack.
- Account
Id string - The account IDs
- Cft
Role stringName - Role name to run the account onboarding CFT in each account to be onboarded.
- External
Id string - External Id of the onboarded account
- Onboarding
Cft string - Role name to run the account onboarding CFT in each account to be onboarded.
- Sns
Topic stringArn - SNS topic ARN to publish the role ARNs
- Trusted
Account string - PANW Cloud NGFW trusted account Id
- Auditlog
Group string - Audit Log Group Name
- Cloudwatch
Log stringGroup - Cloudwatch Log Group
- Cloudwatch
Namespace string - Cloudwatch Namespace
- Decryption
Cert string - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- Endpoint
Mode string - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- Kinesis
Firehose string - Kinesis Firehose for logging
- S3Bucket string
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- Stack
Id string - ID of the account onboarding CFT stack
- Stack
Status string - Status of the account onboarding CFT stack.
- account
Id String - The account IDs
- cft
Role StringName - Role name to run the account onboarding CFT in each account to be onboarded.
- external
Id String - External Id of the onboarded account
- onboarding
Cft String - Role name to run the account onboarding CFT in each account to be onboarded.
- sns
Topic StringArn - SNS topic ARN to publish the role ARNs
- trusted
Account String - PANW Cloud NGFW trusted account Id
- auditlog
Group String - Audit Log Group Name
- cloudwatch
Log StringGroup - Cloudwatch Log Group
- cloudwatch
Namespace String - Cloudwatch Namespace
- decryption
Cert String - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode String - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- kinesis
Firehose String - Kinesis Firehose for logging
- s3Bucket String
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- stack
Id String - ID of the account onboarding CFT stack
- stack
Status String - Status of the account onboarding CFT stack.
- account
Id string - The account IDs
- cft
Role stringName - Role name to run the account onboarding CFT in each account to be onboarded.
- external
Id string - External Id of the onboarded account
- onboarding
Cft string - Role name to run the account onboarding CFT in each account to be onboarded.
- sns
Topic stringArn - SNS topic ARN to publish the role ARNs
- trusted
Account string - PANW Cloud NGFW trusted account Id
- auditlog
Group string - Audit Log Group Name
- cloudwatch
Log stringGroup - Cloudwatch Log Group
- cloudwatch
Namespace string - Cloudwatch Namespace
- decryption
Cert string - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode string - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- kinesis
Firehose string - Kinesis Firehose for logging
- s3Bucket string
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- stack
Id string - ID of the account onboarding CFT stack
- stack
Status string - Status of the account onboarding CFT stack.
- account_
id str - The account IDs
- cft_
role_ strname - Role name to run the account onboarding CFT in each account to be onboarded.
- external_
id str - External Id of the onboarded account
- onboarding_
cft str - Role name to run the account onboarding CFT in each account to be onboarded.
- sns_
topic_ strarn - SNS topic ARN to publish the role ARNs
- trusted_
account str - PANW Cloud NGFW trusted account Id
- auditlog_
group str - Audit Log Group Name
- cloudwatch_
log_ strgroup - Cloudwatch Log Group
- cloudwatch_
namespace str - Cloudwatch Namespace
- decryption_
cert str - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint_
mode str - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- kinesis_
firehose str - Kinesis Firehose for logging
- s3_
bucket str - S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- stack_
id str - ID of the account onboarding CFT stack
- stack_
status str - Status of the account onboarding CFT stack.
- account
Id String - The account IDs
- cft
Role StringName - Role name to run the account onboarding CFT in each account to be onboarded.
- external
Id String - External Id of the onboarded account
- onboarding
Cft String - Role name to run the account onboarding CFT in each account to be onboarded.
- sns
Topic StringArn - SNS topic ARN to publish the role ARNs
- trusted
Account String - PANW Cloud NGFW trusted account Id
- auditlog
Group String - Audit Log Group Name
- cloudwatch
Log StringGroup - Cloudwatch Log Group
- cloudwatch
Namespace String - Cloudwatch Namespace
- decryption
Cert String - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode String - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- kinesis
Firehose String - Kinesis Firehose for logging
- s3Bucket String
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- stack
Id String - ID of the account onboarding CFT stack
- stack
Status String - Status of the account onboarding CFT stack.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccountOnboardingStack resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing AccountOnboardingStack Resource
Get an existing AccountOnboardingStack resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccountOnboardingStackState, opts?: CustomResourceOptions): AccountOnboardingStack@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
auditlog_group: Optional[str] = None,
cft_role_name: Optional[str] = None,
cloudwatch_log_group: Optional[str] = None,
cloudwatch_namespace: Optional[str] = None,
decryption_cert: Optional[str] = None,
endpoint_mode: Optional[str] = None,
external_id: Optional[str] = None,
kinesis_firehose: Optional[str] = None,
onboarding_cft: Optional[str] = None,
s3_bucket: Optional[str] = None,
sns_topic_arn: Optional[str] = None,
stack_id: Optional[str] = None,
stack_status: Optional[str] = None,
trusted_account: Optional[str] = None) -> AccountOnboardingStackfunc GetAccountOnboardingStack(ctx *Context, name string, id IDInput, state *AccountOnboardingStackState, opts ...ResourceOption) (*AccountOnboardingStack, error)public static AccountOnboardingStack Get(string name, Input<string> id, AccountOnboardingStackState? state, CustomResourceOptions? opts = null)public static AccountOnboardingStack get(String name, Output<String> id, AccountOnboardingStackState state, CustomResourceOptions options)resources: _: type: cloudngfwaws:AccountOnboardingStack get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The account IDs
- Auditlog
Group string - Audit Log Group Name
- Cft
Role stringName - Role name to run the account onboarding CFT in each account to be onboarded.
- Cloudwatch
Log stringGroup - Cloudwatch Log Group
- Cloudwatch
Namespace string - Cloudwatch Namespace
- Decryption
Cert string - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- Endpoint
Mode string - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- External
Id string - External Id of the onboarded account
- Kinesis
Firehose string - Kinesis Firehose for logging
- Onboarding
Cft string - Role name to run the account onboarding CFT in each account to be onboarded.
- S3Bucket string
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- Sns
Topic stringArn - SNS topic ARN to publish the role ARNs
- Stack
Id string - ID of the account onboarding CFT stack
- Stack
Status string - Status of the account onboarding CFT stack.
- Trusted
Account string - PANW Cloud NGFW trusted account Id
- Account
Id string - The account IDs
- Auditlog
Group string - Audit Log Group Name
- Cft
Role stringName - Role name to run the account onboarding CFT in each account to be onboarded.
- Cloudwatch
Log stringGroup - Cloudwatch Log Group
- Cloudwatch
Namespace string - Cloudwatch Namespace
- Decryption
Cert string - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- Endpoint
Mode string - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- External
Id string - External Id of the onboarded account
- Kinesis
Firehose string - Kinesis Firehose for logging
- Onboarding
Cft string - Role name to run the account onboarding CFT in each account to be onboarded.
- S3Bucket string
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- Sns
Topic stringArn - SNS topic ARN to publish the role ARNs
- Stack
Id string - ID of the account onboarding CFT stack
- Stack
Status string - Status of the account onboarding CFT stack.
- Trusted
Account string - PANW Cloud NGFW trusted account Id
- account
Id String - The account IDs
- auditlog
Group String - Audit Log Group Name
- cft
Role StringName - Role name to run the account onboarding CFT in each account to be onboarded.
- cloudwatch
Log StringGroup - Cloudwatch Log Group
- cloudwatch
Namespace String - Cloudwatch Namespace
- decryption
Cert String - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode String - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- external
Id String - External Id of the onboarded account
- kinesis
Firehose String - Kinesis Firehose for logging
- onboarding
Cft String - Role name to run the account onboarding CFT in each account to be onboarded.
- s3Bucket String
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- sns
Topic StringArn - SNS topic ARN to publish the role ARNs
- stack
Id String - ID of the account onboarding CFT stack
- stack
Status String - Status of the account onboarding CFT stack.
- trusted
Account String - PANW Cloud NGFW trusted account Id
- account
Id string - The account IDs
- auditlog
Group string - Audit Log Group Name
- cft
Role stringName - Role name to run the account onboarding CFT in each account to be onboarded.
- cloudwatch
Log stringGroup - Cloudwatch Log Group
- cloudwatch
Namespace string - Cloudwatch Namespace
- decryption
Cert string - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode string - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- external
Id string - External Id of the onboarded account
- kinesis
Firehose string - Kinesis Firehose for logging
- onboarding
Cft string - Role name to run the account onboarding CFT in each account to be onboarded.
- s3Bucket string
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- sns
Topic stringArn - SNS topic ARN to publish the role ARNs
- stack
Id string - ID of the account onboarding CFT stack
- stack
Status string - Status of the account onboarding CFT stack.
- trusted
Account string - PANW Cloud NGFW trusted account Id
- account_
id str - The account IDs
- auditlog_
group str - Audit Log Group Name
- cft_
role_ strname - Role name to run the account onboarding CFT in each account to be onboarded.
- cloudwatch_
log_ strgroup - Cloudwatch Log Group
- cloudwatch_
namespace str - Cloudwatch Namespace
- decryption_
cert str - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint_
mode str - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- external_
id str - External Id of the onboarded account
- kinesis_
firehose str - Kinesis Firehose for logging
- onboarding_
cft str - Role name to run the account onboarding CFT in each account to be onboarded.
- s3_
bucket str - S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- sns_
topic_ strarn - SNS topic ARN to publish the role ARNs
- stack_
id str - ID of the account onboarding CFT stack
- stack_
status str - Status of the account onboarding CFT stack.
- trusted_
account str - PANW Cloud NGFW trusted account Id
- account
Id String - The account IDs
- auditlog
Group String - Audit Log Group Name
- cft
Role StringName - Role name to run the account onboarding CFT in each account to be onboarded.
- cloudwatch
Log StringGroup - Cloudwatch Log Group
- cloudwatch
Namespace String - Cloudwatch Namespace
- decryption
Cert String - The CloudNGFW can decrypt inbound and outbound traffic by providing a certificate stored in secret Manager. The role allows the service to access a certificate configured in the rulestack. Only certificated tagged with PaloAltoCloudNGFW can be accessed
- endpoint
Mode String - Controls whether cloud NGFW will create firewall endpoints automatitically in customer subnets
- external
Id String - External Id of the onboarded account
- kinesis
Firehose String - Kinesis Firehose for logging
- onboarding
Cft String - Role name to run the account onboarding CFT in each account to be onboarded.
- s3Bucket String
- S3 Bucket Name for Logging. Logging roles provide access to create log contents in this bucket.
- sns
Topic StringArn - SNS topic ARN to publish the role ARNs
- stack
Id String - ID of the account onboarding CFT stack
- stack
Status String - Status of the account onboarding CFT stack.
- trusted
Account String - PANW Cloud NGFW trusted account Id
Package Details
- Repository
- cloudngfwaws pulumi/pulumi-cloudngfwaws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudngfwawsTerraform Provider.
Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi