pulumi-gcp-kotlin/com.pulumi.gcp.compute.kotlin/OrganizationSecurityPolicyRule

OrganizationSecurityPolicyRule

class OrganizationSecurityPolicyRule : KotlinCustomResource

A rule for the OrganizationSecurityPolicy. To get more information about OrganizationSecurityPolicyRule, see:

API documentation
How-to Guides

Creating firewall rules

Example Usage

Organization Security Policy Rule Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.OrganizationSecurityPolicy;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyArgs;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRule;
import com.pulumi.gcp.compute.OrganizationSecurityPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchArgs;
import com.pulumi.gcp.compute.inputs.OrganizationSecurityPolicyRuleMatchConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var policyOrganizationSecurityPolicy = new OrganizationSecurityPolicy("policyOrganizationSecurityPolicy", OrganizationSecurityPolicyArgs.builder()
            .displayName("tf-test")
            .parent("organizations/123456789")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());
        var policyOrganizationSecurityPolicyRule = new OrganizationSecurityPolicyRule("policyOrganizationSecurityPolicyRule", OrganizationSecurityPolicyRuleArgs.builder()
            .policyId(policyOrganizationSecurityPolicy.id())
            .action("allow")
            .direction("INGRESS")
            .enableLogging(true)
            .match(OrganizationSecurityPolicyRuleMatchArgs.builder()
                .config(OrganizationSecurityPolicyRuleMatchConfigArgs.builder()
                    .srcIpRanges(
                        "192.168.0.0/16",
                        "10.0.0.0/8")
                    .layer4Configs(
                        OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
                            .ipProtocol("tcp")
                            .ports("22")
                            .build(),
                        OrganizationSecurityPolicyRuleMatchConfigLayer4ConfigArgs.builder()
                            .ipProtocol("icmp")
                            .build())
                    .build())
                .build())
            .priority(100)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());
    }
}

Import

OrganizationSecurityPolicyRule can be imported using any of these accepted formats:

$ pulumi import gcp:compute/organizationSecurityPolicyRule:OrganizationSecurityPolicyRule default {{policy_id}}/priority/{{priority}}

Properties

action

val action: Output<String>

The Action to perform when the client connection triggers the rule. Can currently be either "allow", "deny" or "goto_next".

description

val description: Output<String>?

A description of the rule. (Optional) A description of the rule.

direction

val direction: Output<String>?

The direction in which this rule applies. If unspecified an INGRESS rule is created. Possible values are: INGRESS, EGRESS.

enableLogging

val enableLogging: Output<Boolean>?

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver.

val id: Output<String>

match

val match: Output<OrganizationSecurityPolicyRuleMatch>

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced. Structure is documented below.

policyId

val policyId: Output<String>

The ID of the OrganizationSecurityPolicy this rule applies to.

preview

val preview: Output<Boolean>?

If set to true, the specified action is not enforced.

priority

val priority: Output<Int>

An integer indicating the priority of a rule in the list. The priority must be a value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

targetResources

val targetResources: Output<List<String>>?

A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.

targetServiceAccounts

val targetServiceAccounts: Output<List<String>>?

A list of service accounts indicating the sets of instances that are applied with this rule.

urn

val urn: Output<String>