Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.compute/alpha.Firewall
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates a firewall rule in the specified project using the data included in the request.
Create Firewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
args: Optional[FirewallArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Firewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
allowed: Optional[Sequence[FirewallAllowedItemArgs]] = None,
denied: Optional[Sequence[FirewallDeniedItemArgs]] = None,
description: Optional[str] = None,
destination_ranges: Optional[Sequence[str]] = None,
direction: Optional[FirewallDirection] = None,
disabled: Optional[bool] = None,
enable_logging: Optional[bool] = None,
log_config: Optional[FirewallLogConfigArgs] = None,
name: Optional[str] = None,
network: Optional[str] = None,
priority: Optional[int] = None,
project: Optional[str] = None,
request_id: Optional[str] = None,
source_ranges: Optional[Sequence[str]] = None,
source_service_accounts: Optional[Sequence[str]] = None,
source_tags: Optional[Sequence[str]] = None,
target_service_accounts: Optional[Sequence[str]] = None,
target_tags: Optional[Sequence[str]] = None)
func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: google-native:compute/alpha:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallResource = new GoogleNative.Compute.Alpha.Firewall("firewallResource", new()
{
Allowed = new[]
{
new GoogleNative.Compute.Alpha.Inputs.FirewallAllowedItemArgs
{
IpProtocol = "string",
Ports = new[]
{
"string",
},
},
},
Denied = new[]
{
new GoogleNative.Compute.Alpha.Inputs.FirewallDeniedItemArgs
{
IpProtocol = "string",
Ports = new[]
{
"string",
},
},
},
Description = "string",
DestinationRanges = new[]
{
"string",
},
Direction = GoogleNative.Compute.Alpha.FirewallDirection.Egress,
Disabled = false,
LogConfig = new GoogleNative.Compute.Alpha.Inputs.FirewallLogConfigArgs
{
Enable = false,
Metadata = GoogleNative.Compute.Alpha.FirewallLogConfigMetadata.ExcludeAllMetadata,
},
Name = "string",
Network = "string",
Priority = 0,
Project = "string",
RequestId = "string",
SourceRanges = new[]
{
"string",
},
SourceServiceAccounts = new[]
{
"string",
},
SourceTags = new[]
{
"string",
},
TargetServiceAccounts = new[]
{
"string",
},
TargetTags = new[]
{
"string",
},
});
example, err := compute.NewFirewall(ctx, "firewallResource", &compute.FirewallArgs{
Allowed: compute.FirewallAllowedItemArray{
&compute.FirewallAllowedItemArgs{
IpProtocol: pulumi.String("string"),
Ports: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Denied: compute.FirewallDeniedItemArray{
&compute.FirewallDeniedItemArgs{
IpProtocol: pulumi.String("string"),
Ports: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Description: pulumi.String("string"),
DestinationRanges: pulumi.StringArray{
pulumi.String("string"),
},
Direction: compute.FirewallDirectionEgress,
Disabled: pulumi.Bool(false),
LogConfig: &compute.FirewallLogConfigArgs{
Enable: pulumi.Bool(false),
Metadata: compute.FirewallLogConfigMetadataExcludeAllMetadata,
},
Name: pulumi.String("string"),
Network: pulumi.String("string"),
Priority: pulumi.Int(0),
Project: pulumi.String("string"),
RequestId: pulumi.String("string"),
SourceRanges: pulumi.StringArray{
pulumi.String("string"),
},
SourceServiceAccounts: pulumi.StringArray{
pulumi.String("string"),
},
SourceTags: pulumi.StringArray{
pulumi.String("string"),
},
TargetServiceAccounts: pulumi.StringArray{
pulumi.String("string"),
},
TargetTags: pulumi.StringArray{
pulumi.String("string"),
},
})
var firewallResource = new Firewall("firewallResource", FirewallArgs.builder()
.allowed(FirewallAllowedItemArgs.builder()
.ipProtocol("string")
.ports("string")
.build())
.denied(FirewallDeniedItemArgs.builder()
.ipProtocol("string")
.ports("string")
.build())
.description("string")
.destinationRanges("string")
.direction("EGRESS")
.disabled(false)
.logConfig(FirewallLogConfigArgs.builder()
.enable(false)
.metadata("EXCLUDE_ALL_METADATA")
.build())
.name("string")
.network("string")
.priority(0)
.project("string")
.requestId("string")
.sourceRanges("string")
.sourceServiceAccounts("string")
.sourceTags("string")
.targetServiceAccounts("string")
.targetTags("string")
.build());
firewall_resource = google_native.compute.alpha.Firewall("firewallResource",
allowed=[{
"ip_protocol": "string",
"ports": ["string"],
}],
denied=[{
"ip_protocol": "string",
"ports": ["string"],
}],
description="string",
destination_ranges=["string"],
direction=google_native.compute.alpha.FirewallDirection.EGRESS,
disabled=False,
log_config={
"enable": False,
"metadata": google_native.compute.alpha.FirewallLogConfigMetadata.EXCLUDE_ALL_METADATA,
},
name="string",
network="string",
priority=0,
project="string",
request_id="string",
source_ranges=["string"],
source_service_accounts=["string"],
source_tags=["string"],
target_service_accounts=["string"],
target_tags=["string"])
const firewallResource = new google_native.compute.alpha.Firewall("firewallResource", {
allowed: [{
ipProtocol: "string",
ports: ["string"],
}],
denied: [{
ipProtocol: "string",
ports: ["string"],
}],
description: "string",
destinationRanges: ["string"],
direction: google_native.compute.alpha.FirewallDirection.Egress,
disabled: false,
logConfig: {
enable: false,
metadata: google_native.compute.alpha.FirewallLogConfigMetadata.ExcludeAllMetadata,
},
name: "string",
network: "string",
priority: 0,
project: "string",
requestId: "string",
sourceRanges: ["string"],
sourceServiceAccounts: ["string"],
sourceTags: ["string"],
targetServiceAccounts: ["string"],
targetTags: ["string"],
});
type: google-native:compute/alpha:Firewall
properties:
allowed:
- ipProtocol: string
ports:
- string
denied:
- ipProtocol: string
ports:
- string
description: string
destinationRanges:
- string
direction: EGRESS
disabled: false
logConfig:
enable: false
metadata: EXCLUDE_ALL_METADATA
name: string
network: string
priority: 0
project: string
requestId: string
sourceRanges:
- string
sourceServiceAccounts:
- string
sourceTags:
- string
targetServiceAccounts:
- string
targetTags:
- string
Firewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Firewall resource accepts the following input properties:
- Allowed
List<Pulumi.
Google Native. Compute. Alpha. Inputs. Firewall Allowed Item> - The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
- Denied
List<Pulumi.
Google Native. Compute. Alpha. Inputs. Firewall Denied Item> - The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
- Description string
- An optional description of this resource. Provide this field when you create the resource.
- Destination
Ranges List<string> - If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
- Direction
Pulumi.
Google Native. Compute. Alpha. Firewall Direction - Direction of traffic to which this firewall applies, either
INGRESS
orEGRESS
. The default isINGRESS
. ForEGRESS
traffic, you cannot specify the sourceTags fields. - Disabled bool
- Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
- Enable
Logging bool - Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.
- Log
Config Pulumi.Google Native. Compute. Alpha. Inputs. Firewall Log Config - This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
- Name string
- Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. - Network string
- URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
- Priority int
- Priority for this rule. This is an integer between
0
and65535
, both inclusive. The default value is1000
. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority0
has higher precedence than a rule with priority1
. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of65535
. To avoid conflicts with the implied rules, use a priority number less than65535
. - Project string
- Request
Id string - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- Source
Ranges List<string> - If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
- Source
Service List<string>Accounts - If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
- List<string>
- If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
- Target
Service List<string>Accounts - A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
- List<string>
- A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
- Allowed
[]Firewall
Allowed Item Args - The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
- Denied
[]Firewall
Denied Item Args - The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
- Description string
- An optional description of this resource. Provide this field when you create the resource.
- Destination
Ranges []string - If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
- Direction
Firewall
Direction - Direction of traffic to which this firewall applies, either
INGRESS
orEGRESS
. The default isINGRESS
. ForEGRESS
traffic, you cannot specify the sourceTags fields. - Disabled bool
- Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
- Enable
Logging bool - Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.
- Log
Config FirewallLog Config Args - This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
- Name string
- Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. - Network string
- URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
- Priority int
- Priority for this rule. This is an integer between
0
and65535
, both inclusive. The default value is1000
. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority0
has higher precedence than a rule with priority1
. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of65535
. To avoid conflicts with the implied rules, use a priority number less than65535
. - Project string
- Request
Id string - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- Source
Ranges []string - If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
- Source
Service []stringAccounts - If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
- []string
- If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
- Target
Service []stringAccounts - A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
- []string
- A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
- allowed
List<Firewall
Allowed Item> - The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
- denied
List<Firewall
Denied Item> - The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
- description String
- An optional description of this resource. Provide this field when you create the resource.
- destination
Ranges List<String> - If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
- direction
Firewall
Direction - Direction of traffic to which this firewall applies, either
INGRESS
orEGRESS
. The default isINGRESS
. ForEGRESS
traffic, you cannot specify the sourceTags fields. - disabled Boolean
- Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
- enable
Logging Boolean - Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.
- log
Config FirewallLog Config - This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
- name String
- Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. - network String
- URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
- priority Integer
- Priority for this rule. This is an integer between
0
and65535
, both inclusive. The default value is1000
. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority0
has higher precedence than a rule with priority1
. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of65535
. To avoid conflicts with the implied rules, use a priority number less than65535
. - project String
- request
Id String - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- source
Ranges List<String> - If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
- source
Service List<String>Accounts - If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
- List<String>
- If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
- target
Service List<String>Accounts - A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
- List<String>
- A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
- allowed
Firewall
Allowed Item[] - The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
- denied
Firewall
Denied Item[] - The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
- description string
- An optional description of this resource. Provide this field when you create the resource.
- destination
Ranges string[] - If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
- direction
Firewall
Direction - Direction of traffic to which this firewall applies, either
INGRESS
orEGRESS
. The default isINGRESS
. ForEGRESS
traffic, you cannot specify the sourceTags fields. - disabled boolean
- Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
- enable
Logging boolean - Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.
- log
Config FirewallLog Config - This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
- name string
- Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. - network string
- URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
- priority number
- Priority for this rule. This is an integer between
0
and65535
, both inclusive. The default value is1000
. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority0
has higher precedence than a rule with priority1
. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of65535
. To avoid conflicts with the implied rules, use a priority number less than65535
. - project string
- request
Id string - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- source
Ranges string[] - If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
- source
Service string[]Accounts - If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
- string[]
- If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
- target
Service string[]Accounts - A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
- string[]
- A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
- allowed
Sequence[Firewall
Allowed Item Args] - The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
- denied
Sequence[Firewall
Denied Item Args] - The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
- description str
- An optional description of this resource. Provide this field when you create the resource.
- destination_
ranges Sequence[str] - If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
- direction
Firewall
Direction - Direction of traffic to which this firewall applies, either
INGRESS
orEGRESS
. The default isINGRESS
. ForEGRESS
traffic, you cannot specify the sourceTags fields. - disabled bool
- Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
- enable_
logging bool - Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.
- log_
config FirewallLog Config Args - This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
- name str
- Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. - network str
- URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
- priority int
- Priority for this rule. This is an integer between
0
and65535
, both inclusive. The default value is1000
. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority0
has higher precedence than a rule with priority1
. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of65535
. To avoid conflicts with the implied rules, use a priority number less than65535
. - project str
- request_
id str - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- source_
ranges Sequence[str] - If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
- source_
service_ Sequence[str]accounts - If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
- Sequence[str]
- If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
- target_
service_ Sequence[str]accounts - A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
- Sequence[str]
- A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
- allowed List<Property Map>
- The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
- denied List<Property Map>
- The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
- description String
- An optional description of this resource. Provide this field when you create the resource.
- destination
Ranges List<String> - If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
- direction "EGRESS" | "INGRESS"
- Direction of traffic to which this firewall applies, either
INGRESS
orEGRESS
. The default isINGRESS
. ForEGRESS
traffic, you cannot specify the sourceTags fields. - disabled Boolean
- Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
- enable
Logging Boolean - Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.
- log
Config Property Map - This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
- name String
- Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit. - network String
- URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
- priority Number
- Priority for this rule. This is an integer between
0
and65535
, both inclusive. The default value is1000
. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority0
has higher precedence than a rule with priority1
. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of65535
. To avoid conflicts with the implied rules, use a priority number less than65535
. - project String
- request
Id String - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- source
Ranges List<String> - If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
- source
Service List<String>Accounts - If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
- List<String>
- If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
- target
Service List<String>Accounts - A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
- List<String>
- A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
Outputs
All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kind string
- Type of the resource. Always compute#firewall for firewall rules.
- Self
Link string - Server-defined URL for the resource.
- Self
Link stringWith Id - Server-defined URL for this resource with the resource id.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kind string
- Type of the resource. Always compute#firewall for firewall rules.
- Self
Link string - Server-defined URL for the resource.
- Self
Link stringWith Id - Server-defined URL for this resource with the resource id.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- id String
- The provider-assigned unique ID for this managed resource.
- kind String
- Type of the resource. Always compute#firewall for firewall rules.
- self
Link String - Server-defined URL for the resource.
- self
Link StringWith Id - Server-defined URL for this resource with the resource id.
- creation
Timestamp string - Creation timestamp in RFC3339 text format.
- id string
- The provider-assigned unique ID for this managed resource.
- kind string
- Type of the resource. Always compute#firewall for firewall rules.
- self
Link string - Server-defined URL for the resource.
- self
Link stringWith Id - Server-defined URL for this resource with the resource id.
- creation_
timestamp str - Creation timestamp in RFC3339 text format.
- id str
- The provider-assigned unique ID for this managed resource.
- kind str
- Type of the resource. Always compute#firewall for firewall rules.
- self_
link str - Server-defined URL for the resource.
- self_
link_ strwith_ id - Server-defined URL for this resource with the resource id.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- id String
- The provider-assigned unique ID for this managed resource.
- kind String
- Type of the resource. Always compute#firewall for firewall rules.
- self
Link String - Server-defined URL for the resource.
- self
Link StringWith Id - Server-defined URL for this resource with the resource id.
Supporting Types
FirewallAllowedItem, FirewallAllowedItemArgs
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- Ports List<string>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- Ports []string
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports string[]
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip_
protocol str - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports Sequence[str]
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
FirewallAllowedItemResponse, FirewallAllowedItemResponseArgs
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- Ports List<string>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- Ports []string
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports string[]
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip_
protocol str - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports Sequence[str]
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
FirewallDeniedItem, FirewallDeniedItemArgs
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- Ports List<string>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- Ports []string
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports string[]
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip_
protocol str - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports Sequence[str]
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
FirewallDeniedItemResponse, FirewallDeniedItemResponseArgs
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- Ports List<string>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- Ports []string
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports string[]
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip_
protocol str - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports Sequence[str]
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
FirewallDirection, FirewallDirectionArgs
- Egress
- EGRESSIndicates that firewall should apply to outgoing traffic.
- Ingress
- INGRESSIndicates that firewall should apply to incoming traffic.
- Firewall
Direction Egress - EGRESSIndicates that firewall should apply to outgoing traffic.
- Firewall
Direction Ingress - INGRESSIndicates that firewall should apply to incoming traffic.
- Egress
- EGRESSIndicates that firewall should apply to outgoing traffic.
- Ingress
- INGRESSIndicates that firewall should apply to incoming traffic.
- Egress
- EGRESSIndicates that firewall should apply to outgoing traffic.
- Ingress
- INGRESSIndicates that firewall should apply to incoming traffic.
- EGRESS
- EGRESSIndicates that firewall should apply to outgoing traffic.
- INGRESS
- INGRESSIndicates that firewall should apply to incoming traffic.
- "EGRESS"
- EGRESSIndicates that firewall should apply to outgoing traffic.
- "INGRESS"
- INGRESSIndicates that firewall should apply to incoming traffic.
FirewallLogConfig, FirewallLogConfigArgs
- Enable bool
- This field denotes whether to enable logging for a particular firewall rule.
- Metadata
Pulumi.
Google Native. Compute. Alpha. Firewall Log Config Metadata - This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
- Enable bool
- This field denotes whether to enable logging for a particular firewall rule.
- Metadata
Firewall
Log Config Metadata - This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
- enable Boolean
- This field denotes whether to enable logging for a particular firewall rule.
- metadata
Firewall
Log Config Metadata - This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
- enable boolean
- This field denotes whether to enable logging for a particular firewall rule.
- metadata
Firewall
Log Config Metadata - This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
- enable bool
- This field denotes whether to enable logging for a particular firewall rule.
- metadata
Firewall
Log Config Metadata - This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
- enable Boolean
- This field denotes whether to enable logging for a particular firewall rule.
- metadata "EXCLUDE_ALL_METADATA" | "INCLUDE_ALL_METADATA"
- This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
FirewallLogConfigMetadata, FirewallLogConfigMetadataArgs
- Exclude
All Metadata - EXCLUDE_ALL_METADATA
- Include
All Metadata - INCLUDE_ALL_METADATA
- Firewall
Log Config Metadata Exclude All Metadata - EXCLUDE_ALL_METADATA
- Firewall
Log Config Metadata Include All Metadata - INCLUDE_ALL_METADATA
- Exclude
All Metadata - EXCLUDE_ALL_METADATA
- Include
All Metadata - INCLUDE_ALL_METADATA
- Exclude
All Metadata - EXCLUDE_ALL_METADATA
- Include
All Metadata - INCLUDE_ALL_METADATA
- EXCLUDE_ALL_METADATA
- EXCLUDE_ALL_METADATA
- INCLUDE_ALL_METADATA
- INCLUDE_ALL_METADATA
- "EXCLUDE_ALL_METADATA"
- EXCLUDE_ALL_METADATA
- "INCLUDE_ALL_METADATA"
- INCLUDE_ALL_METADATA
FirewallLogConfigResponse, FirewallLogConfigResponseArgs
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.