Resource
data class ResourcePolicyArgs(val policy: Output<String>? = null, val resourceArn: Output<String>? = null) : ConvertibleToJava<ResourcePolicyArgs>
Provides an AWS Network Firewall Resource Policy Resource for a rule group or firewall policy.
Example Usage
For a Firewall Policy resource
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.ResourcePolicy;
import com.pulumi.aws.networkfirewall.ResourcePolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourcePolicy("example", ResourcePolicyArgs.builder()
.resourceArn(aws_networkfirewall_firewall_policy.example().arn())
.policy(serializeJson(
jsonObject(
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", jsonArray(
"network-firewall:ListFirewallPolicies",
"network-firewall:CreateFirewall",
"network-firewall:UpdateFirewall",
"network-firewall:AssociateFirewallPolicy"
)),
jsonProperty("Effect", "Allow"),
jsonProperty("Resource", aws_networkfirewall_firewall_policy.example().arn()),
jsonProperty("Principal", jsonObject(
jsonProperty("AWS", "arn:aws:iam::123456789012:root")
))
))),
jsonProperty("Version", "2012-10-17")
)))
.build());
}
}Content copied to clipboard
For a Rule Group resource
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.ResourcePolicy;
import com.pulumi.aws.networkfirewall.ResourcePolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourcePolicy("example", ResourcePolicyArgs.builder()
.resourceArn(aws_networkfirewall_rule_group.example().arn())
.policy(serializeJson(
jsonObject(
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", jsonArray(
"network-firewall:ListRuleGroups",
"network-firewall:CreateFirewallPolicy",
"network-firewall:UpdateFirewallPolicy"
)),
jsonProperty("Effect", "Allow"),
jsonProperty("Resource", aws_networkfirewall_rule_group.example().arn()),
jsonProperty("Principal", jsonObject(
jsonProperty("AWS", "arn:aws:iam::123456789012:root")
))
))),
jsonProperty("Version", "2012-10-17")
)))
.build());
}
}Content copied to clipboard
Import
Network Firewall Resource Policies can be imported using the resource_arn e.g.,
$ pulumi import aws:networkfirewall/resourcePolicy:ResourcePolicy example aws_networkfirewall_rule_group.example arn:aws:network-firewall:us-west-1:123456789012:stateful-rulegroup/exampleContent copied to clipboard
Properties
Link copied to clipboard
JSON formatted policy document that controls access to the Network Firewall resource. The policy must be provided without whitespaces. We recommend using jsonencode for formatting as seen in the examples above. For more details, including available policy statement Actions, see the Policy parameter in the AWS API documentation.
Link copied to clipboard
The Amazon Resource Name (ARN) of the rule group or firewall policy.