cloudflare.MagicFirewallRuleset
Explore with Pulumi AI
Magic Firewall is a network-level firewall to protect networks that are onboarded to Cloudflare’s Magic Transit. This resource creates a root ruleset on the account level and contains one or more rules. Rules can be crafted in Wireshark syntax and are evaluated in order, with the first rule having the highest priority.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
const example = new cloudflare.MagicFirewallRuleset("example", {
accountId: "d41d8cd98f00b204e9800998ecf8427e",
name: "Magic Transit Ruleset",
description: "Global mitigations",
rules: [
{
action: "allow",
expression: "tcp.dstport in { 32768..65535 }",
description: "Allow TCP Ephemeral Ports",
enabled: "true",
},
{
action: "block",
expression: "ip.len >= 0",
description: "Block all",
enabled: "true",
},
],
});
import pulumi
import pulumi_cloudflare as cloudflare
example = cloudflare.MagicFirewallRuleset("example",
account_id="d41d8cd98f00b204e9800998ecf8427e",
name="Magic Transit Ruleset",
description="Global mitigations",
rules=[
{
"action": "allow",
"expression": "tcp.dstport in { 32768..65535 }",
"description": "Allow TCP Ephemeral Ports",
"enabled": "true",
},
{
"action": "block",
"expression": "ip.len >= 0",
"description": "Block all",
"enabled": "true",
},
])
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudflare.NewMagicFirewallRuleset(ctx, "example", &cloudflare.MagicFirewallRulesetArgs{
AccountId: pulumi.String("d41d8cd98f00b204e9800998ecf8427e"),
Name: pulumi.String("Magic Transit Ruleset"),
Description: pulumi.String("Global mitigations"),
Rules: pulumi.StringMapArray{
pulumi.StringMap{
"action": pulumi.String("allow"),
"expression": pulumi.String("tcp.dstport in { 32768..65535 }"),
"description": pulumi.String("Allow TCP Ephemeral Ports"),
"enabled": pulumi.String("true"),
},
pulumi.StringMap{
"action": pulumi.String("block"),
"expression": pulumi.String("ip.len >= 0"),
"description": pulumi.String("Block all"),
"enabled": pulumi.String("true"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
var example = new Cloudflare.MagicFirewallRuleset("example", new()
{
AccountId = "d41d8cd98f00b204e9800998ecf8427e",
Name = "Magic Transit Ruleset",
Description = "Global mitigations",
Rules = new[]
{
{
{ "action", "allow" },
{ "expression", "tcp.dstport in { 32768..65535 }" },
{ "description", "Allow TCP Ephemeral Ports" },
{ "enabled", "true" },
},
{
{ "action", "block" },
{ "expression", "ip.len >= 0" },
{ "description", "Block all" },
{ "enabled", "true" },
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.MagicFirewallRuleset;
import com.pulumi.cloudflare.MagicFirewallRulesetArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new MagicFirewallRuleset("example", MagicFirewallRulesetArgs.builder()
.accountId("d41d8cd98f00b204e9800998ecf8427e")
.name("Magic Transit Ruleset")
.description("Global mitigations")
.rules(
Map.ofEntries(
Map.entry("action", "allow"),
Map.entry("expression", "tcp.dstport in { 32768..65535 }"),
Map.entry("description", "Allow TCP Ephemeral Ports"),
Map.entry("enabled", "true")
),
Map.ofEntries(
Map.entry("action", "block"),
Map.entry("expression", "ip.len >= 0"),
Map.entry("description", "Block all"),
Map.entry("enabled", "true")
))
.build());
}
}
resources:
example:
type: cloudflare:MagicFirewallRuleset
properties:
accountId: d41d8cd98f00b204e9800998ecf8427e
name: Magic Transit Ruleset
description: Global mitigations
rules:
- action: allow
expression: tcp.dstport in { 32768..65535 }
description: Allow TCP Ephemeral Ports
enabled: 'true'
- action: block
expression: ip.len >= 0
description: Block all
enabled: 'true'
Create MagicFirewallRuleset Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new MagicFirewallRuleset(name: string, args: MagicFirewallRulesetArgs, opts?: CustomResourceOptions);
@overload
def MagicFirewallRuleset(resource_name: str,
args: MagicFirewallRulesetArgs,
opts: Optional[ResourceOptions] = None)
@overload
def MagicFirewallRuleset(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
name: Optional[str] = None,
description: Optional[str] = None,
rules: Optional[Sequence[Mapping[str, str]]] = None)
func NewMagicFirewallRuleset(ctx *Context, name string, args MagicFirewallRulesetArgs, opts ...ResourceOption) (*MagicFirewallRuleset, error)
public MagicFirewallRuleset(string name, MagicFirewallRulesetArgs args, CustomResourceOptions? opts = null)
public MagicFirewallRuleset(String name, MagicFirewallRulesetArgs args)
public MagicFirewallRuleset(String name, MagicFirewallRulesetArgs args, CustomResourceOptions options)
type: cloudflare:MagicFirewallRuleset
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args MagicFirewallRulesetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args MagicFirewallRulesetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args MagicFirewallRulesetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MagicFirewallRulesetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args MagicFirewallRulesetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var magicFirewallRulesetResource = new Cloudflare.MagicFirewallRuleset("magicFirewallRulesetResource", new()
{
AccountId = "string",
Name = "string",
Description = "string",
Rules = new[]
{
{
{ "string", "string" },
},
},
});
example, err := cloudflare.NewMagicFirewallRuleset(ctx, "magicFirewallRulesetResource", &cloudflare.MagicFirewallRulesetArgs{
AccountId: pulumi.String("string"),
Name: pulumi.String("string"),
Description: pulumi.String("string"),
Rules: pulumi.StringMapArray{
pulumi.StringMap{
"string": pulumi.String("string"),
},
},
})
var magicFirewallRulesetResource = new MagicFirewallRuleset("magicFirewallRulesetResource", MagicFirewallRulesetArgs.builder()
.accountId("string")
.name("string")
.description("string")
.rules(Map.of("string", "string"))
.build());
magic_firewall_ruleset_resource = cloudflare.MagicFirewallRuleset("magicFirewallRulesetResource",
account_id="string",
name="string",
description="string",
rules=[{
"string": "string",
}])
const magicFirewallRulesetResource = new cloudflare.MagicFirewallRuleset("magicFirewallRulesetResource", {
accountId: "string",
name: "string",
description: "string",
rules: [{
string: "string",
}],
});
type: cloudflare:MagicFirewallRuleset
properties:
accountId: string
description: string
name: string
rules:
- string: string
MagicFirewallRuleset Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The MagicFirewallRuleset resource accepts the following input properties:
- Account
Id string - The ID of the account where the ruleset is being created.
- Name string
- The name of the ruleset.
- Description string
- A note that can be used to annotate the rule.
- Rules
List<Immutable
Dictionary<string, string>>
- Account
Id string - The ID of the account where the ruleset is being created.
- Name string
- The name of the ruleset.
- Description string
- A note that can be used to annotate the rule.
- Rules []map[string]string
- account
Id String - The ID of the account where the ruleset is being created.
- name String
- The name of the ruleset.
- description String
- A note that can be used to annotate the rule.
- rules List<Map<String,String>>
- account
Id string - The ID of the account where the ruleset is being created.
- name string
- The name of the ruleset.
- description string
- A note that can be used to annotate the rule.
- rules {[key: string]: string}[]
- account_
id str - The ID of the account where the ruleset is being created.
- name str
- The name of the ruleset.
- description str
- A note that can be used to annotate the rule.
- rules Sequence[Mapping[str, str]]
- account
Id String - The ID of the account where the ruleset is being created.
- name String
- The name of the ruleset.
- description String
- A note that can be used to annotate the rule.
- rules List<Map<String>>
Outputs
All input properties are implicitly available as output properties. Additionally, the MagicFirewallRuleset resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing MagicFirewallRuleset Resource
Get an existing MagicFirewallRuleset resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: MagicFirewallRulesetState, opts?: CustomResourceOptions): MagicFirewallRuleset
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
description: Optional[str] = None,
name: Optional[str] = None,
rules: Optional[Sequence[Mapping[str, str]]] = None) -> MagicFirewallRuleset
func GetMagicFirewallRuleset(ctx *Context, name string, id IDInput, state *MagicFirewallRulesetState, opts ...ResourceOption) (*MagicFirewallRuleset, error)
public static MagicFirewallRuleset Get(string name, Input<string> id, MagicFirewallRulesetState? state, CustomResourceOptions? opts = null)
public static MagicFirewallRuleset get(String name, Output<String> id, MagicFirewallRulesetState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The ID of the account where the ruleset is being created.
- Description string
- A note that can be used to annotate the rule.
- Name string
- The name of the ruleset.
- Rules
List<Immutable
Dictionary<string, string>>
- Account
Id string - The ID of the account where the ruleset is being created.
- Description string
- A note that can be used to annotate the rule.
- Name string
- The name of the ruleset.
- Rules []map[string]string
- account
Id String - The ID of the account where the ruleset is being created.
- description String
- A note that can be used to annotate the rule.
- name String
- The name of the ruleset.
- rules List<Map<String,String>>
- account
Id string - The ID of the account where the ruleset is being created.
- description string
- A note that can be used to annotate the rule.
- name string
- The name of the ruleset.
- rules {[key: string]: string}[]
- account_
id str - The ID of the account where the ruleset is being created.
- description str
- A note that can be used to annotate the rule.
- name str
- The name of the ruleset.
- rules Sequence[Mapping[str, str]]
- account
Id String - The ID of the account where the ruleset is being created.
- description String
- A note that can be used to annotate the rule.
- name String
- The name of the ruleset.
- rules List<Map<String>>
Import
An existing Magic Firewall Ruleset can be imported using the account ID and ruleset ID
$ pulumi import cloudflare:index/magicFirewallRuleset:MagicFirewallRuleset example d41d8cd98f00b204e9800998ecf8427e/cb029e245cfdd66dc8d2e570d5dd3322
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflare
Terraform Provider.