Setting up Amazon Network Firewall - Amazon Network Firewall
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Setting up Amazon Network Firewall

This topic describes preliminary steps, such as getting an Amazon Web Services account, to prepare you to use Network Firewall. You aren't charged to set up your account or for the other preliminary items. You are charged only for Amazon services that you use.


Network Firewall is a network traffic firewall for your Amazon Virtual Private Cloud VPCs. If you're already working with VPCs, the setup described here shouldn't be necessary.

After you complete these steps, see Getting started with Network Firewall to continue getting started with Network Firewall.

Sign up for an Amazon Web Services account

If you do not have an Amazon Web Services account, use the following procedure to create one.

To sign up for Amazon Web Services
  1. Open and choose Sign Up.

  2. Follow the on-screen instructions.

Amazon sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to and choosing My Account.

Secure IAM users

After you sign up for an Amazon Web Services account, safeguard your administrative user by turning on multi-factor authentication (MFA). For instructions, see Enable a virtual MFA device for an IAM user (console) in the IAM User Guide.

To give other users access to your Amazon Web Services account resources, create IAM users. To secure your IAM users, turn on MFA and only give the IAM users the permissions needed to perform their tasks.

For more information about creating and securing IAM users, see the following topics in the IAM User Guide:

Setting up tool access

The Amazon Web Services Management Console includes a console for Network Firewall, but if you want to access Network Firewall programmatically or through the command line, the following documentation and tools will help you:

  • If you want to call the Network Firewall API without handling low-level details like assembling raw HTTP requests, you can use an Amazon SDK. The Amazon SDKs provide functions and data types that encapsulate the functionality of Network Firewall and other Amazon services. To download an Amazon SDK, see the applicable page, which also includes prerequisites and installation instructions:

    For a complete list of Amazon SDKs, see Tools for Amazon Web Services.

  • If you're using a programming language for which Amazon doesn't provide an SDK, the Amazon Network Firewall API Reference documents the operations that Network Firewall supports.

  • The Amazon Command Line Interface (Amazon CLI) supports Network Firewall. The Amazon CLI lets you control multiple Amazon services from the command line and automate them through scripts. For more information, see Amazon Command Line Interface.

  • Amazon Tools for Windows PowerShell supports Network Firewall. For more information, see Amazon Tools for PowerShell Cmdlet Reference.