Module network_firewall_policy_rule

Expand description

Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).

To get more information about NetworkFirewallPolicyRule, see:

API documentation

§Example Usage

§Network Firewall Policy Rule

resources:
  basicGlobalNetworksecurityAddressGroup:
    type: gcp:networksecurity:AddressGroup
    name: basic_global_networksecurity_address_group
    properties:
      name: address
      parent: projects/my-project-name
      description: Sample global networksecurity_address_group
      location: global
      items:
        - 208.80.154.224/32
      type: IPV4
      capacity: 100
  basicNetworkFirewallPolicy:
    type: gcp:compute:NetworkFirewallPolicy
    name: basic_network_firewall_policy
    properties:
      name: policy
      description: Sample global network firewall policy
      project: my-project-name
  primary:
    type: gcp:compute:NetworkFirewallPolicyRule
    properties:
      action: allow
      description: This is a simple rule description
      direction: INGRESS
      disabled: false
      enableLogging: true
      firewallPolicy: ${basicNetworkFirewallPolicy.name}
      priority: 1000
      ruleName: test-rule
      targetServiceAccounts:
        - my@service-account.com
      match:
        srcIpRanges:
          - 10.100.0.1/32
        srcFqdns:
          - google.com
        srcRegionCodes:
          - US
        srcThreatIntelligences:
          - iplist-known-malicious-ips
        srcSecureTags:
          - name: ${basicValue.id}
        layer4Configs:
          - ipProtocol: all
        srcAddressGroups:
          - ${basicGlobalNetworksecurityAddressGroup.id}
  basicNetwork:
    type: gcp:compute:Network
    name: basic_network
    properties:
      name: network
  basicKey:
    type: gcp:tags:TagKey
    name: basic_key
    properties:
      description: For keyname resources.
      parent: organizations/123456789
      purpose: GCE_FIREWALL
      shortName: tagkey
      purposeData:
        network: my-project-name/${basicNetwork.name}
  basicValue:
    type: gcp:tags:TagValue
    name: basic_value
    properties:
      description: For valuename resources.
      parent: ${basicKey.id}
      shortName: tagvalue

§Import

NetworkFirewallPolicyRule can be imported using any of these accepted formats:

projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}
{{project}}/{{firewall_policy}}/{{priority}}
{{firewall_policy}}/{{priority}}

When using the pulumi import command, NetworkFirewallPolicyRule can be imported using one of the formats above. For example:

$ pulumi import gcp:compute/networkFirewallPolicyRule:NetworkFirewallPolicyRule default projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}

$ pulumi import gcp:compute/networkFirewallPolicyRule:NetworkFirewallPolicyRule default {{project}}/{{firewall_policy}}/{{priority}}

$ pulumi import gcp:compute/networkFirewallPolicyRule:NetworkFirewallPolicyRule default {{firewall_policy}}/{{priority}}

Structs§

NetworkFirewallPolicyRuleArgs
NetworkFirewallPolicyRuleArgsBuilder
Use builder syntax to set the inputs and finish with build_struct().
NetworkFirewallPolicyRuleResult

Functions§

create
Registers a new resource with the given unique name and arguments