pulumi-azure-native-kotlin/com.pulumi.azurenative.network.kotlin/FirewallPolicy

FirewallPolicy

class FirewallPolicy : KotlinCustomResource

FirewallPolicy Resource. API Version: 2020-11-01.

Example Usage

Create FirewallPolicy

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var firewallPolicy = new AzureNative.Network.FirewallPolicy("firewallPolicy", new()
    {
        DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
        {
            EnableProxy = true,
            RequireProxyForNetworkRules = false,
            Servers = new[]
            {
                "30.3.4.5",
            },
        },
        FirewallPolicyName = "firewallPolicy",
        Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
        {
            IsEnabled = true,
            LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
            {
                DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
                },
                Workspaces = new[]
                {
                    new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                    {
                        Region = "westus",
                        WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                        {
                            Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                        },
                    },
                    new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                    {
                        Region = "eastus",
                        WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                        {
                            Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                        },
                    },
                },
            },
            RetentionDays = 100,
        },
        IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
        {
            Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
            {
                BypassTrafficSettings = new[]
                {
                    new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
                    {
                        Description = "Rule 1",
                        DestinationAddresses = new[]
                        {
                            "5.6.7.8",
                        },
                        DestinationPorts = new[]
                        {
                            "*",
                        },
                        Name = "bypassRule1",
                        Protocol = "TCP",
                        SourceAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                    },
                },
                SignatureOverrides = new[]
                {
                    new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
                    {
                        Id = "2525004",
                        Mode = "Deny",
                    },
                },
            },
            Mode = "Alert",
        },
        Location = "West US",
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.FirewallPolicySkuArgs
        {
            Tier = "Premium",
        },
        Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
        {
            PrivateRanges = new[]
            {
                "IANAPrivateRanges",
            },
        },
        Tags =
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = "Alert",
        ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
        {
            Fqdns = new[]
            {
                "*.microsoft.com",
            },
            IpAddresses = new[]
            {
                "20.3.4.5",
            },
        },
        TransportSecurity = new AzureNative.Network.Inputs.FirewallPolicyTransportSecurityArgs
        {
            CertificateAuthority = new AzureNative.Network.Inputs.FirewallPolicyCertificateAuthorityArgs
            {
                KeyVaultSecretId = "https://kv/secret",
                Name = "clientcert",
            },
        },
    });
});

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.FirewallPolicy;
import com.pulumi.azurenative.network.FirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var firewallPolicy = new FirewallPolicy("firewallPolicy", FirewallPolicyArgs.builder()
            .dnsSettings(Map.ofEntries(
                Map.entry("enableProxy", true),
                Map.entry("requireProxyForNetworkRules", false),
                Map.entry("servers", "30.3.4.5")
            ))
            .firewallPolicyName("firewallPolicy")
            .insights(Map.ofEntries(
                Map.entry("isEnabled", true),
                Map.entry("logAnalyticsResources", Map.ofEntries(
                    Map.entry("defaultWorkspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace")),
                    Map.entry("workspaces",
                        Map.ofEntries(
                            Map.entry("region", "westus"),
                            Map.entry("workspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"))
                        ),
                        Map.ofEntries(
                            Map.entry("region", "eastus"),
                            Map.entry("workspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"))
                        ))
                )),
                Map.entry("retentionDays", 100)
            ))
            .intrusionDetection(Map.ofEntries(
                Map.entry("configuration", Map.ofEntries(
                    Map.entry("bypassTrafficSettings", Map.ofEntries(
                        Map.entry("description", "Rule 1"),
                        Map.entry("destinationAddresses", "5.6.7.8"),
                        Map.entry("destinationPorts", "*"),
                        Map.entry("name", "bypassRule1"),
                        Map.entry("protocol", "TCP"),
                        Map.entry("sourceAddresses", "1.2.3.4")
                    )),
                    Map.entry("signatureOverrides", Map.ofEntries(
                        Map.entry("id", "2525004"),
                        Map.entry("mode", "Deny")
                    ))
                )),
                Map.entry("mode", "Alert")
            ))
            .location("West US")
            .resourceGroupName("rg1")
            .sku(Map.of("tier", "Premium"))
            .snat(Map.of("privateRanges", "IANAPrivateRanges"))
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .threatIntelWhitelist(Map.ofEntries(
                Map.entry("fqdns", "*.microsoft.com"),
                Map.entry("ipAddresses", "20.3.4.5")
            ))
            .transportSecurity(Map.of("certificateAuthority", Map.ofEntries(
                Map.entry("keyVaultSecretId", "https://kv/secret"),
                Map.entry("name", "clientcert")
            )))
            .build());
    }
}

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:network:FirewallPolicy firewallPolicy /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy