pulumi_wasm_providers_gcp_mini::compute

Module firewall

source
Expand description

Each network has its own firewall controlling access to and from the instances.

All traffic to instances, even from other instances, is blocked by the firewall unless firewall rules are created to allow it.

The default network has automatically created firewall rules that are shown in default firewall rules. No manually created network has automatically created firewall rules except for a default “allow” rule for outgoing traffic and a default “deny” for incoming traffic. For all networks except the default network, you must create any firewall rules you need.

To get more information about Firewall, see:

§Example Usage

§Firewall Basic

use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
    let default = firewall::create(
        "default",
        FirewallArgs::builder()
            .allows(
                vec![
                    FirewallAllow::builder().protocol("icmp").build_struct(),
                    FirewallAllow::builder().ports(vec!["80", "8080", "1000-2000",])
                    .protocol("tcp").build_struct(),
                ],
            )
            .name("test-firewall")
            .network("${defaultNetwork.name}")
            .source_tags(vec!["web",])
            .build_struct(),
    );
    let defaultNetwork = network::create(
        "defaultNetwork",
        NetworkArgs::builder().name("test-network").build_struct(),
    );
}

§Firewall With Target Tags

use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
    let rules = firewall::create(
        "rules",
        FirewallArgs::builder()
            .allows(
                vec![
                    FirewallAllow::builder().ports(vec!["80", "8080", "1000-2000",])
                    .protocol("tcp").build_struct(),
                ],
            )
            .description("Creates firewall rule targeting tagged instances")
            .name("my-firewall-rule")
            .network("default")
            .project("my-project-name")
            .source_tags(vec!["foo",])
            .target_tags(vec!["web",])
            .build_struct(),
    );
}

§Import

Firewall can be imported using any of these accepted formats:

  • projects/{{project}}/global/firewalls/{{name}}

  • {{project}}/{{name}}

  • {{name}}

When using the pulumi import command, Firewall can be imported using one of the formats above. For example:

$ pulumi import gcp:compute/firewall:Firewall default projects/{{project}}/global/firewalls/{{name}}
$ pulumi import gcp:compute/firewall:Firewall default {{project}}/{{name}}
$ pulumi import gcp:compute/firewall:Firewall default {{name}}

Structs§

Functions§

  • create
    Registers a new resource with the given unique name and arguments