Module firewall_policy_rule

Expand description

Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).

To get more information about FirewallPolicyRule, see:

API documentation

§Example Usage

§Firewall Policy Rule

resources:
  basicGlobalNetworksecurityAddressGroup:
    type: gcp:networksecurity:AddressGroup
    name: basic_global_networksecurity_address_group
    properties:
      name: address
      parent: organizations/123456789
      description: Sample global networksecurity_address_group
      location: global
      items:
        - 208.80.154.224/32
      type: IPV4
      capacity: 100
  folder:
    type: gcp:organizations:Folder
    properties:
      displayName: folder
      parent: organizations/123456789
      deletionProtection: false
  default:
    type: gcp:compute:FirewallPolicy
    properties:
      parent: ${folder.id}
      shortName: policy
      description: Resource created for Terraform acceptance testing
  policyRule:
    type: gcp:compute:FirewallPolicyRule
    name: policy_rule
    properties:
      firewallPolicy: ${default.name}
      description: Resource created for Terraform acceptance testing
      priority: 9000
      enableLogging: true
      action: allow
      direction: EGRESS
      disabled: false
      match:
        layer4Configs:
          - ipProtocol: tcp
            ports:
              - 8080
          - ipProtocol: udp
            ports:
              - 22
        destIpRanges:
          - 11.100.0.1/32
        destFqdns: []
        destRegionCodes:
          - US
        destThreatIntelligences:
          - iplist-known-malicious-ips
        srcAddressGroups: []
        destAddressGroups:
          - ${basicGlobalNetworksecurityAddressGroup.id}
      targetServiceAccounts:
        - my@service-account.com

§Import

FirewallPolicyRule can be imported using any of these accepted formats:

locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}
{{firewall_policy}}/{{priority}}

When using the pulumi import command, FirewallPolicyRule can be imported using one of the formats above. For example:

$ pulumi import gcp:compute/firewallPolicyRule:FirewallPolicyRule default locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}

$ pulumi import gcp:compute/firewallPolicyRule:FirewallPolicyRule default {{firewall_policy}}/{{priority}}

Structs§

FirewallPolicyRuleArgs
FirewallPolicyRuleArgsBuilder
Use builder syntax to set the inputs and finish with build_struct().
FirewallPolicyRuleResult

Functions§

create
Registers a new resource with the given unique name and arguments