1. Packages
  2. Cloudflare Provider
  3. API Docs
  4. MagicFirewallRuleset
Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi

cloudflare.MagicFirewallRuleset

Explore with Pulumi AI

cloudflare logo
Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi

    Magic Firewall is a network-level firewall to protect networks that are onboarded to Cloudflare’s Magic Transit. This resource creates a root ruleset on the account level and contains one or more rules. Rules can be crafted in Wireshark syntax and are evaluated in order, with the first rule having the highest priority.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as cloudflare from "@pulumi/cloudflare";
    
    const example = new cloudflare.MagicFirewallRuleset("example", {
        accountId: "d41d8cd98f00b204e9800998ecf8427e",
        name: "Magic Transit Ruleset",
        description: "Global mitigations",
        rules: [
            {
                action: "allow",
                expression: "tcp.dstport in { 32768..65535 }",
                description: "Allow TCP Ephemeral Ports",
                enabled: "true",
            },
            {
                action: "block",
                expression: "ip.len >= 0",
                description: "Block all",
                enabled: "true",
            },
        ],
    });
    
    import pulumi
    import pulumi_cloudflare as cloudflare
    
    example = cloudflare.MagicFirewallRuleset("example",
        account_id="d41d8cd98f00b204e9800998ecf8427e",
        name="Magic Transit Ruleset",
        description="Global mitigations",
        rules=[
            {
                "action": "allow",
                "expression": "tcp.dstport in { 32768..65535 }",
                "description": "Allow TCP Ephemeral Ports",
                "enabled": "true",
            },
            {
                "action": "block",
                "expression": "ip.len >= 0",
                "description": "Block all",
                "enabled": "true",
            },
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := cloudflare.NewMagicFirewallRuleset(ctx, "example", &cloudflare.MagicFirewallRulesetArgs{
    			AccountId:   pulumi.String("d41d8cd98f00b204e9800998ecf8427e"),
    			Name:        pulumi.String("Magic Transit Ruleset"),
    			Description: pulumi.String("Global mitigations"),
    			Rules: pulumi.StringMapArray{
    				pulumi.StringMap{
    					"action":      pulumi.String("allow"),
    					"expression":  pulumi.String("tcp.dstport in { 32768..65535 }"),
    					"description": pulumi.String("Allow TCP Ephemeral Ports"),
    					"enabled":     pulumi.String("true"),
    				},
    				pulumi.StringMap{
    					"action":      pulumi.String("block"),
    					"expression":  pulumi.String("ip.len >= 0"),
    					"description": pulumi.String("Block all"),
    					"enabled":     pulumi.String("true"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Cloudflare = Pulumi.Cloudflare;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Cloudflare.MagicFirewallRuleset("example", new()
        {
            AccountId = "d41d8cd98f00b204e9800998ecf8427e",
            Name = "Magic Transit Ruleset",
            Description = "Global mitigations",
            Rules = new[]
            {
                
                {
                    { "action", "allow" },
                    { "expression", "tcp.dstport in { 32768..65535 }" },
                    { "description", "Allow TCP Ephemeral Ports" },
                    { "enabled", "true" },
                },
                
                {
                    { "action", "block" },
                    { "expression", "ip.len >= 0" },
                    { "description", "Block all" },
                    { "enabled", "true" },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.cloudflare.MagicFirewallRuleset;
    import com.pulumi.cloudflare.MagicFirewallRulesetArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new MagicFirewallRuleset("example", MagicFirewallRulesetArgs.builder()
                .accountId("d41d8cd98f00b204e9800998ecf8427e")
                .name("Magic Transit Ruleset")
                .description("Global mitigations")
                .rules(            
                    Map.ofEntries(
                        Map.entry("action", "allow"),
                        Map.entry("expression", "tcp.dstport in { 32768..65535 }"),
                        Map.entry("description", "Allow TCP Ephemeral Ports"),
                        Map.entry("enabled", "true")
                    ),
                    Map.ofEntries(
                        Map.entry("action", "block"),
                        Map.entry("expression", "ip.len >= 0"),
                        Map.entry("description", "Block all"),
                        Map.entry("enabled", "true")
                    ))
                .build());
    
        }
    }
    
    resources:
      example:
        type: cloudflare:MagicFirewallRuleset
        properties:
          accountId: d41d8cd98f00b204e9800998ecf8427e
          name: Magic Transit Ruleset
          description: Global mitigations
          rules:
            - action: allow
              expression: tcp.dstport in { 32768..65535 }
              description: Allow TCP Ephemeral Ports
              enabled: 'true'
            - action: block
              expression: ip.len >= 0
              description: Block all
              enabled: 'true'
    

    Create MagicFirewallRuleset Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new MagicFirewallRuleset(name: string, args: MagicFirewallRulesetArgs, opts?: CustomResourceOptions);
    @overload
    def MagicFirewallRuleset(resource_name: str,
                             args: MagicFirewallRulesetArgs,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def MagicFirewallRuleset(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             account_id: Optional[str] = None,
                             name: Optional[str] = None,
                             description: Optional[str] = None,
                             rules: Optional[Sequence[Mapping[str, str]]] = None)
    func NewMagicFirewallRuleset(ctx *Context, name string, args MagicFirewallRulesetArgs, opts ...ResourceOption) (*MagicFirewallRuleset, error)
    public MagicFirewallRuleset(string name, MagicFirewallRulesetArgs args, CustomResourceOptions? opts = null)
    public MagicFirewallRuleset(String name, MagicFirewallRulesetArgs args)
    public MagicFirewallRuleset(String name, MagicFirewallRulesetArgs args, CustomResourceOptions options)
    
    type: cloudflare:MagicFirewallRuleset
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args MagicFirewallRulesetArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args MagicFirewallRulesetArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args MagicFirewallRulesetArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args MagicFirewallRulesetArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args MagicFirewallRulesetArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var magicFirewallRulesetResource = new Cloudflare.MagicFirewallRuleset("magicFirewallRulesetResource", new()
    {
        AccountId = "string",
        Name = "string",
        Description = "string",
        Rules = new[]
        {
            
            {
                { "string", "string" },
            },
        },
    });
    
    example, err := cloudflare.NewMagicFirewallRuleset(ctx, "magicFirewallRulesetResource", &cloudflare.MagicFirewallRulesetArgs{
    	AccountId:   pulumi.String("string"),
    	Name:        pulumi.String("string"),
    	Description: pulumi.String("string"),
    	Rules: pulumi.StringMapArray{
    		pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    	},
    })
    
    var magicFirewallRulesetResource = new MagicFirewallRuleset("magicFirewallRulesetResource", MagicFirewallRulesetArgs.builder()
        .accountId("string")
        .name("string")
        .description("string")
        .rules(Map.of("string", "string"))
        .build());
    
    magic_firewall_ruleset_resource = cloudflare.MagicFirewallRuleset("magicFirewallRulesetResource",
        account_id="string",
        name="string",
        description="string",
        rules=[{
            "string": "string",
        }])
    
    const magicFirewallRulesetResource = new cloudflare.MagicFirewallRuleset("magicFirewallRulesetResource", {
        accountId: "string",
        name: "string",
        description: "string",
        rules: [{
            string: "string",
        }],
    });
    
    type: cloudflare:MagicFirewallRuleset
    properties:
        accountId: string
        description: string
        name: string
        rules:
            - string: string
    

    MagicFirewallRuleset Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The MagicFirewallRuleset resource accepts the following input properties:

    AccountId string
    The ID of the account where the ruleset is being created.
    Name string
    The name of the ruleset.
    Description string
    A note that can be used to annotate the rule.
    Rules List<ImmutableDictionary<string, string>>
    AccountId string
    The ID of the account where the ruleset is being created.
    Name string
    The name of the ruleset.
    Description string
    A note that can be used to annotate the rule.
    Rules []map[string]string
    accountId String
    The ID of the account where the ruleset is being created.
    name String
    The name of the ruleset.
    description String
    A note that can be used to annotate the rule.
    rules List<Map<String,String>>
    accountId string
    The ID of the account where the ruleset is being created.
    name string
    The name of the ruleset.
    description string
    A note that can be used to annotate the rule.
    rules {[key: string]: string}[]
    account_id str
    The ID of the account where the ruleset is being created.
    name str
    The name of the ruleset.
    description str
    A note that can be used to annotate the rule.
    rules Sequence[Mapping[str, str]]
    accountId String
    The ID of the account where the ruleset is being created.
    name String
    The name of the ruleset.
    description String
    A note that can be used to annotate the rule.
    rules List<Map<String>>

    Outputs

    All input properties are implicitly available as output properties. Additionally, the MagicFirewallRuleset resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing MagicFirewallRuleset Resource

    Get an existing MagicFirewallRuleset resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: MagicFirewallRulesetState, opts?: CustomResourceOptions): MagicFirewallRuleset
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_id: Optional[str] = None,
            description: Optional[str] = None,
            name: Optional[str] = None,
            rules: Optional[Sequence[Mapping[str, str]]] = None) -> MagicFirewallRuleset
    func GetMagicFirewallRuleset(ctx *Context, name string, id IDInput, state *MagicFirewallRulesetState, opts ...ResourceOption) (*MagicFirewallRuleset, error)
    public static MagicFirewallRuleset Get(string name, Input<string> id, MagicFirewallRulesetState? state, CustomResourceOptions? opts = null)
    public static MagicFirewallRuleset get(String name, Output<String> id, MagicFirewallRulesetState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountId string
    The ID of the account where the ruleset is being created.
    Description string
    A note that can be used to annotate the rule.
    Name string
    The name of the ruleset.
    Rules List<ImmutableDictionary<string, string>>
    AccountId string
    The ID of the account where the ruleset is being created.
    Description string
    A note that can be used to annotate the rule.
    Name string
    The name of the ruleset.
    Rules []map[string]string
    accountId String
    The ID of the account where the ruleset is being created.
    description String
    A note that can be used to annotate the rule.
    name String
    The name of the ruleset.
    rules List<Map<String,String>>
    accountId string
    The ID of the account where the ruleset is being created.
    description string
    A note that can be used to annotate the rule.
    name string
    The name of the ruleset.
    rules {[key: string]: string}[]
    account_id str
    The ID of the account where the ruleset is being created.
    description str
    A note that can be used to annotate the rule.
    name str
    The name of the ruleset.
    rules Sequence[Mapping[str, str]]
    accountId String
    The ID of the account where the ruleset is being created.
    description String
    A note that can be used to annotate the rule.
    name String
    The name of the ruleset.
    rules List<Map<String>>

    Import

    An existing Magic Firewall Ruleset can be imported using the account ID and ruleset ID

    $ pulumi import cloudflare:index/magicFirewallRuleset:MagicFirewallRuleset example d41d8cd98f00b204e9800998ecf8427e/cb029e245cfdd66dc8d2e570d5dd3322
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Cloudflare pulumi/pulumi-cloudflare
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the cloudflare Terraform Provider.
    cloudflare logo
    Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi