Module firewall_policy_with_rules

Expand description

§Example Usage

§Compute Firewall Policy With Rules Full

resources:
  firewall-policy-with-rules:
    type: gcp:compute:FirewallPolicyWithRules
    properties:
      shortName: tf-fw-org-policy-with-rules
      description: Terraform test
      parent: organizations/123456789
      rules:
        - description: tcp rule
          priority: 1000
          enableLogging: true
          action: allow
          direction: EGRESS
          match:
            layer4Configs:
              - ipProtocol: tcp
                ports:
                  - 8080
                  - 7070
            destIpRanges:
              - 11.100.0.1/32
            destFqdns:
              - www.yyy.com
              - www.zzz.com
            destRegionCodes:
              - HK
              - IN
            destThreatIntelligences:
              - iplist-search-engines-crawlers
              - iplist-tor-exit-nodes
            destAddressGroups:
              - ${addressGroup1.id}
          targetResources:
            - https://www.googleapis.com/compute/beta/projects/${project.name}/global/networks/default
        - description: udp rule
          priority: 2000
          enableLogging: false
          action: deny
          direction: INGRESS
          match:
            layer4Configs:
              - ipProtocol: udp
            srcIpRanges:
              - 0.0.0.0/0
            srcFqdns:
              - www.abc.com
              - www.def.com
            srcRegionCodes:
              - US
              - CA
            srcThreatIntelligences:
              - iplist-known-malicious-ips
              - iplist-public-clouds
            srcAddressGroups:
              - ${addressGroup1.id}
          disabled: true
        - description: security profile group rule
          ruleName: tcp rule
          priority: 3000
          enableLogging: false
          action: apply_security_profile_group
          direction: INGRESS
          match:
            layer4Configs:
              - ipProtocol: tcp
            srcIpRanges:
              - 0.0.0.0/0
          targetServiceAccounts:
            - test@google.com
          securityProfileGroup: //networksecurity.googleapis.com/${securityProfileGroup1.id}
          tlsInspect: true
  addressGroup1:
    type: gcp:networksecurity:AddressGroup
    name: address_group_1
    properties:
      name: tf-address-group
      parent: organizations/123456789
      description: Global address group
      location: global
      items:
        - 208.80.154.224/32
      type: IPV4
      capacity: 100
  securityProfileGroup1:
    type: gcp:networksecurity:SecurityProfileGroup
    name: security_profile_group_1
    properties:
      name: tf-security-profile-group
      parent: organizations/123456789
      description: my description
      threatPreventionProfile: ${securityProfile1.id}
  securityProfile1:
    type: gcp:networksecurity:SecurityProfile
    name: security_profile_1
    properties:
      name: tf-security-profile
      type: THREAT_PREVENTION
      parent: organizations/123456789
      location: global
variables:
  project:
    fn::invoke:
      function: gcp:organizations:getProject
      arguments: {}

§Import

FirewallPolicyWithRules can be imported using any of these accepted formats:

locations/global/firewallPolicies/{{policy_id}}
{{policy_id}}

When using the pulumi import command, FirewallPolicyWithRules can be imported using one of the formats above. For example:

$ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default locations/global/firewallPolicies/{{policy_id}}

$ pulumi import gcp:compute/firewallPolicyWithRules:FirewallPolicyWithRules default {{policy_id}}

Structs§

FirewallPolicyWithRulesArgs
FirewallPolicyWithRulesArgsBuilder
Use builder syntax to set the inputs and finish with build_struct().
FirewallPolicyWithRulesResult

Functions§

create
Registers a new resource with the given unique name and arguments