pulumi-gcp-kotlin/com.pulumi.gcp.compute.kotlin/NetworkFirewallPolicyRule

NetworkFirewallPolicyRule

class NetworkFirewallPolicyRule : KotlinCustomResource

The Compute NetworkFirewallPolicyRule resource

Example Usage

Global

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.networksecurity.AddressGroup;
import com.pulumi.gcp.networksecurity.AddressGroupArgs;
import com.pulumi.gcp.compute.NetworkFirewallPolicy;
import com.pulumi.gcp.compute.NetworkFirewallPolicyArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.tags.TagKey;
import com.pulumi.gcp.tags.TagKeyArgs;
import com.pulumi.gcp.tags.TagValue;
import com.pulumi.gcp.tags.TagValueArgs;
import com.pulumi.gcp.compute.NetworkFirewallPolicyRule;
import com.pulumi.gcp.compute.NetworkFirewallPolicyRuleArgs;
import com.pulumi.gcp.compute.inputs.NetworkFirewallPolicyRuleMatchArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var basicGlobalNetworksecurityAddressGroup = new AddressGroup("basicGlobalNetworksecurityAddressGroup", AddressGroupArgs.builder()
            .parent("projects/my-project-name")
            .description("Sample global networksecurity_address_group")
            .location("global")
            .items("208.80.154.224/32")
            .type("IPV4")
            .capacity(100)
            .build());
        var basicNetworkFirewallPolicy = new NetworkFirewallPolicy("basicNetworkFirewallPolicy", NetworkFirewallPolicyArgs.builder()
            .description("Sample global network firewall policy")
            .project("my-project-name")
            .build());
        var basicNetwork = new Network("basicNetwork");
        var basicKey = new TagKey("basicKey", TagKeyArgs.builder()
            .description("For keyname resources.")
            .parent("organizations/123456789")
            .purpose("GCE_FIREWALL")
            .shortName("tagkey")
            .purposeData(Map.of("network", basicNetwork.name().applyValue(name -> String.format("my-project-name/%s", name))))
            .build());
        var basicValue = new TagValue("basicValue", TagValueArgs.builder()
            .description("For valuename resources.")
            .parent(basicKey.name().applyValue(name -> String.format("tagKeys/%s", name)))
            .shortName("tagvalue")
            .build());
        var primary = new NetworkFirewallPolicyRule("primary", NetworkFirewallPolicyRuleArgs.builder()
            .action("allow")
            .description("This is a simple rule description")
            .direction("INGRESS")
            .disabled(false)
            .enableLogging(true)
            .firewallPolicy(basicNetworkFirewallPolicy.name())
            .priority(1000)
            .ruleName("test-rule")
            .targetServiceAccounts("my@service-account.com")
            .match(NetworkFirewallPolicyRuleMatchArgs.builder()
                .srcIpRanges("10.100.0.1/32")
                .srcFqdns("google.com")
                .srcRegionCodes("US")
                .srcThreatIntelligences("iplist-known-malicious-ips")
                .srcSecureTags(NetworkFirewallPolicyRuleMatchSrcSecureTagArgs.builder()
                    .name(basicValue.name().applyValue(name -> String.format("tagValues/%s", name)))
                    .build())
                .layer4Configs(NetworkFirewallPolicyRuleMatchLayer4ConfigArgs.builder()
                    .ipProtocol("all")
                    .build())
                .srcAddressGroups(basicGlobalNetworksecurityAddressGroup.id())
                .build())
            .build());
    }
}

Import

NetworkFirewallPolicyRule can be imported using any of these accepted formats

$ pulumi import gcp:compute/networkFirewallPolicyRule:NetworkFirewallPolicyRule default projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}

$ pulumi import gcp:compute/networkFirewallPolicyRule:NetworkFirewallPolicyRule default {{project}}/{{firewall_policy}}/{{priority}}

$ pulumi import gcp:compute/networkFirewallPolicyRule:NetworkFirewallPolicyRule default {{firewall_policy}}/{{priority}}

Properties

action

val action: Output<String>

The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".

description

val description: Output<String>?

An optional description for this resource.

direction

val direction: Output<String>

The direction in which this rule applies. Possible values: INGRESS, EGRESS

disabled

val disabled: Output<Boolean>?

Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.

enableLogging

val enableLogging: Output<Boolean>?

Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.

firewallPolicy

val firewallPolicy: Output<String>

The firewall policy of the resource.

val id: Output<String>

kind

val kind: Output<String>

Type of the resource. Always compute#firewallPolicyRule for firewall policy rules

match

val match: Output<NetworkFirewallPolicyRuleMatch>

A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.

priority

val priority: Output<Int>

An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.

project

val project: Output<String>

The project for the resource

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

ruleName

val ruleName: Output<String>?

An optional name for the rule. This field is not a unique identifier and can be updated.

ruleTupleCount

val ruleTupleCount: Output<Int>

Calculation of the complexity of a single firewall policy rule.

targetSecureTags

val targetSecureTags: Output<List<NetworkFirewallPolicyRuleTargetSecureTag>>?

A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.

targetServiceAccounts

val targetServiceAccounts: Output<List<String>>?

A list of service accounts indicating the sets of instances that are applied with this rule.

urn

val urn: Output<String>