Deploy Lambda code and CloudFormation Template

The code for AWS Lambda functions is packed in advanced before it is made available to the AWS Lambda.

  1. On the Linux machine, open a terminal window where the file fp-ngfw-aws-TransitGateway-autoscaling.zip was unzipped.
  2. Navigate to the unzipped directory
  3. Run the script named package.sh. This creates the following two files:
    • autoscale-tg-ngfw.json - this file is uploaded to the CloudFormation.
    • myDeploymentPackage.zip - this archive file is uploaded to the S3 bucket.
  4. Navigate back to the AWS console, and then navigate to the S3 bucket that will be used to store the archive.
  5. In the config-smc folder upload myDeploymentPackage.zip.
  6. Now search for CloudFormation in the AWS console. Navigate to CloudFormation.
  7. The displayed console might look different if you already have a stack created in the region. Using the drop-down menu in the top right of the page, select the region you want to deploy to (same as the one used inside the configuration file) using.
  8. Select Create Stack > With new resources(standard).
  9. In the Specify template section, select Upload a template file
  10. Select Choose file.
  11. Upload the autoscale-tg-ngfw.json template file created in step 1.
  12. Select Next.
  13. Enter a name for the stack, and then click Next.
  14. Scroll to the bottom of the Configure stack options page, and then select Next.
  15. On the Review NGFW-TransitGateway, scroll to the bottom of the screen.
  16. Select the box to allow the necessary requirements.
  17. Click Create stack to proceed.

Note: To prevent unexpected failures in the deployment workflow, the AWS Security Groups are configured in a permissive way allowing both inbound and outbound traffic. This must be changed once deployment is completed, allowing only traffic from intended sources. Outbound traffic must be controlled as well based on existing security policies within the organization.