1. Packages
  2. Google Cloud Native
  3. API Docs
  4. compute
  5. compute/alpha
  6. Firewall

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.compute/alpha.Firewall

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Creates a firewall rule in the specified project using the data included in the request.

    Create Firewall Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);
    @overload
    def Firewall(resource_name: str,
                 args: Optional[FirewallArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Firewall(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 allowed: Optional[Sequence[FirewallAllowedItemArgs]] = None,
                 denied: Optional[Sequence[FirewallDeniedItemArgs]] = None,
                 description: Optional[str] = None,
                 destination_ranges: Optional[Sequence[str]] = None,
                 direction: Optional[FirewallDirection] = None,
                 disabled: Optional[bool] = None,
                 enable_logging: Optional[bool] = None,
                 log_config: Optional[FirewallLogConfigArgs] = None,
                 name: Optional[str] = None,
                 network: Optional[str] = None,
                 priority: Optional[int] = None,
                 project: Optional[str] = None,
                 request_id: Optional[str] = None,
                 source_ranges: Optional[Sequence[str]] = None,
                 source_service_accounts: Optional[Sequence[str]] = None,
                 source_tags: Optional[Sequence[str]] = None,
                 target_service_accounts: Optional[Sequence[str]] = None,
                 target_tags: Optional[Sequence[str]] = None)
    func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)
    public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
    public Firewall(String name, FirewallArgs args)
    public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
    
    type: google-native:compute/alpha:Firewall
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var firewallResource = new GoogleNative.Compute.Alpha.Firewall("firewallResource", new()
    {
        Allowed = new[]
        {
            new GoogleNative.Compute.Alpha.Inputs.FirewallAllowedItemArgs
            {
                IpProtocol = "string",
                Ports = new[]
                {
                    "string",
                },
            },
        },
        Denied = new[]
        {
            new GoogleNative.Compute.Alpha.Inputs.FirewallDeniedItemArgs
            {
                IpProtocol = "string",
                Ports = new[]
                {
                    "string",
                },
            },
        },
        Description = "string",
        DestinationRanges = new[]
        {
            "string",
        },
        Direction = GoogleNative.Compute.Alpha.FirewallDirection.Egress,
        Disabled = false,
        LogConfig = new GoogleNative.Compute.Alpha.Inputs.FirewallLogConfigArgs
        {
            Enable = false,
            Metadata = GoogleNative.Compute.Alpha.FirewallLogConfigMetadata.ExcludeAllMetadata,
        },
        Name = "string",
        Network = "string",
        Priority = 0,
        Project = "string",
        RequestId = "string",
        SourceRanges = new[]
        {
            "string",
        },
        SourceServiceAccounts = new[]
        {
            "string",
        },
        SourceTags = new[]
        {
            "string",
        },
        TargetServiceAccounts = new[]
        {
            "string",
        },
        TargetTags = new[]
        {
            "string",
        },
    });
    
    example, err := compute.NewFirewall(ctx, "firewallResource", &compute.FirewallArgs{
    	Allowed: compute.FirewallAllowedItemArray{
    		&compute.FirewallAllowedItemArgs{
    			IpProtocol: pulumi.String("string"),
    			Ports: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	Denied: compute.FirewallDeniedItemArray{
    		&compute.FirewallDeniedItemArgs{
    			IpProtocol: pulumi.String("string"),
    			Ports: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	Description: pulumi.String("string"),
    	DestinationRanges: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Direction: compute.FirewallDirectionEgress,
    	Disabled:  pulumi.Bool(false),
    	LogConfig: &compute.FirewallLogConfigArgs{
    		Enable:   pulumi.Bool(false),
    		Metadata: compute.FirewallLogConfigMetadataExcludeAllMetadata,
    	},
    	Name:      pulumi.String("string"),
    	Network:   pulumi.String("string"),
    	Priority:  pulumi.Int(0),
    	Project:   pulumi.String("string"),
    	RequestId: pulumi.String("string"),
    	SourceRanges: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	SourceServiceAccounts: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	SourceTags: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TargetServiceAccounts: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TargetTags: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var firewallResource = new Firewall("firewallResource", FirewallArgs.builder()
        .allowed(FirewallAllowedItemArgs.builder()
            .ipProtocol("string")
            .ports("string")
            .build())
        .denied(FirewallDeniedItemArgs.builder()
            .ipProtocol("string")
            .ports("string")
            .build())
        .description("string")
        .destinationRanges("string")
        .direction("EGRESS")
        .disabled(false)
        .logConfig(FirewallLogConfigArgs.builder()
            .enable(false)
            .metadata("EXCLUDE_ALL_METADATA")
            .build())
        .name("string")
        .network("string")
        .priority(0)
        .project("string")
        .requestId("string")
        .sourceRanges("string")
        .sourceServiceAccounts("string")
        .sourceTags("string")
        .targetServiceAccounts("string")
        .targetTags("string")
        .build());
    
    firewall_resource = google_native.compute.alpha.Firewall("firewallResource",
        allowed=[{
            "ip_protocol": "string",
            "ports": ["string"],
        }],
        denied=[{
            "ip_protocol": "string",
            "ports": ["string"],
        }],
        description="string",
        destination_ranges=["string"],
        direction=google_native.compute.alpha.FirewallDirection.EGRESS,
        disabled=False,
        log_config={
            "enable": False,
            "metadata": google_native.compute.alpha.FirewallLogConfigMetadata.EXCLUDE_ALL_METADATA,
        },
        name="string",
        network="string",
        priority=0,
        project="string",
        request_id="string",
        source_ranges=["string"],
        source_service_accounts=["string"],
        source_tags=["string"],
        target_service_accounts=["string"],
        target_tags=["string"])
    
    const firewallResource = new google_native.compute.alpha.Firewall("firewallResource", {
        allowed: [{
            ipProtocol: "string",
            ports: ["string"],
        }],
        denied: [{
            ipProtocol: "string",
            ports: ["string"],
        }],
        description: "string",
        destinationRanges: ["string"],
        direction: google_native.compute.alpha.FirewallDirection.Egress,
        disabled: false,
        logConfig: {
            enable: false,
            metadata: google_native.compute.alpha.FirewallLogConfigMetadata.ExcludeAllMetadata,
        },
        name: "string",
        network: "string",
        priority: 0,
        project: "string",
        requestId: "string",
        sourceRanges: ["string"],
        sourceServiceAccounts: ["string"],
        sourceTags: ["string"],
        targetServiceAccounts: ["string"],
        targetTags: ["string"],
    });
    
    type: google-native:compute/alpha:Firewall
    properties:
        allowed:
            - ipProtocol: string
              ports:
                - string
        denied:
            - ipProtocol: string
              ports:
                - string
        description: string
        destinationRanges:
            - string
        direction: EGRESS
        disabled: false
        logConfig:
            enable: false
            metadata: EXCLUDE_ALL_METADATA
        name: string
        network: string
        priority: 0
        project: string
        requestId: string
        sourceRanges:
            - string
        sourceServiceAccounts:
            - string
        sourceTags:
            - string
        targetServiceAccounts:
            - string
        targetTags:
            - string
    

    Firewall Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Firewall resource accepts the following input properties:

    Allowed List<Pulumi.GoogleNative.Compute.Alpha.Inputs.FirewallAllowedItem>
    The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
    Denied List<Pulumi.GoogleNative.Compute.Alpha.Inputs.FirewallDeniedItem>
    The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
    Description string
    An optional description of this resource. Provide this field when you create the resource.
    DestinationRanges List<string>
    If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
    Direction Pulumi.GoogleNative.Compute.Alpha.FirewallDirection
    Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.
    Disabled bool
    Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
    EnableLogging bool
    Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    Deprecated: Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    LogConfig Pulumi.GoogleNative.Compute.Alpha.Inputs.FirewallLogConfig
    This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
    Name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
    Network string
    URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
    Priority int
    Priority for this rule. This is an integer between 0 and 65535, both inclusive. The default value is 1000. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority 0 has higher precedence than a rule with priority 1. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of 65535. To avoid conflicts with the implied rules, use a priority number less than 65535.
    Project string
    RequestId string
    An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
    SourceRanges List<string>
    If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
    SourceServiceAccounts List<string>
    If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
    SourceTags List<string>
    If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
    TargetServiceAccounts List<string>
    A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
    TargetTags List<string>
    A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
    Allowed []FirewallAllowedItemArgs
    The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
    Denied []FirewallDeniedItemArgs
    The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
    Description string
    An optional description of this resource. Provide this field when you create the resource.
    DestinationRanges []string
    If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
    Direction FirewallDirection
    Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.
    Disabled bool
    Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
    EnableLogging bool
    Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    Deprecated: Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    LogConfig FirewallLogConfigArgs
    This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
    Name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
    Network string
    URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
    Priority int
    Priority for this rule. This is an integer between 0 and 65535, both inclusive. The default value is 1000. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority 0 has higher precedence than a rule with priority 1. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of 65535. To avoid conflicts with the implied rules, use a priority number less than 65535.
    Project string
    RequestId string
    An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
    SourceRanges []string
    If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
    SourceServiceAccounts []string
    If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
    SourceTags []string
    If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
    TargetServiceAccounts []string
    A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
    TargetTags []string
    A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
    allowed List<FirewallAllowedItem>
    The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
    denied List<FirewallDeniedItem>
    The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
    description String
    An optional description of this resource. Provide this field when you create the resource.
    destinationRanges List<String>
    If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
    direction FirewallDirection
    Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.
    disabled Boolean
    Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
    enableLogging Boolean
    Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    Deprecated: Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    logConfig FirewallLogConfig
    This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
    name String
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
    network String
    URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
    priority Integer
    Priority for this rule. This is an integer between 0 and 65535, both inclusive. The default value is 1000. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority 0 has higher precedence than a rule with priority 1. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of 65535. To avoid conflicts with the implied rules, use a priority number less than 65535.
    project String
    requestId String
    An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
    sourceRanges List<String>
    If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
    sourceServiceAccounts List<String>
    If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
    sourceTags List<String>
    If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
    targetServiceAccounts List<String>
    A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
    targetTags List<String>
    A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
    allowed FirewallAllowedItem[]
    The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
    denied FirewallDeniedItem[]
    The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
    description string
    An optional description of this resource. Provide this field when you create the resource.
    destinationRanges string[]
    If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
    direction FirewallDirection
    Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.
    disabled boolean
    Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
    enableLogging boolean
    Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    Deprecated: Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    logConfig FirewallLogConfig
    This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
    name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
    network string
    URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
    priority number
    Priority for this rule. This is an integer between 0 and 65535, both inclusive. The default value is 1000. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority 0 has higher precedence than a rule with priority 1. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of 65535. To avoid conflicts with the implied rules, use a priority number less than 65535.
    project string
    requestId string
    An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
    sourceRanges string[]
    If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
    sourceServiceAccounts string[]
    If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
    sourceTags string[]
    If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
    targetServiceAccounts string[]
    A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
    targetTags string[]
    A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
    allowed Sequence[FirewallAllowedItemArgs]
    The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
    denied Sequence[FirewallDeniedItemArgs]
    The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
    description str
    An optional description of this resource. Provide this field when you create the resource.
    destination_ranges Sequence[str]
    If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
    direction FirewallDirection
    Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.
    disabled bool
    Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
    enable_logging bool
    Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    Deprecated: Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    log_config FirewallLogConfigArgs
    This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
    name str
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
    network str
    URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
    priority int
    Priority for this rule. This is an integer between 0 and 65535, both inclusive. The default value is 1000. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority 0 has higher precedence than a rule with priority 1. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of 65535. To avoid conflicts with the implied rules, use a priority number less than 65535.
    project str
    request_id str
    An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
    source_ranges Sequence[str]
    If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
    source_service_accounts Sequence[str]
    If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
    source_tags Sequence[str]
    If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
    target_service_accounts Sequence[str]
    A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
    target_tags Sequence[str]
    A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
    allowed List<Property Map>
    The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
    denied List<Property Map>
    The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
    description String
    An optional description of this resource. Provide this field when you create the resource.
    destinationRanges List<String>
    If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.
    direction "EGRESS" | "INGRESS"
    Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.
    disabled Boolean
    Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
    enableLogging Boolean
    Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    Deprecated: Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

    logConfig Property Map
    This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.
    name String
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.
    network String
    URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default
    priority Number
    Priority for this rule. This is an integer between 0 and 65535, both inclusive. The default value is 1000. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority 0 has higher precedence than a rule with priority 1. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of 65535. To avoid conflicts with the implied rules, use a priority number less than 65535.
    project String
    requestId String
    An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
    sourceRanges List<String>
    If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.
    sourceServiceAccounts List<String>
    If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
    sourceTags List<String>
    If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.
    targetServiceAccounts List<String>
    A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
    targetTags List<String>
    A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    Id string
    The provider-assigned unique ID for this managed resource.
    Kind string
    Type of the resource. Always compute#firewall for firewall rules.
    SelfLink string
    Server-defined URL for the resource.
    SelfLinkWithId string
    Server-defined URL for this resource with the resource id.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    Id string
    The provider-assigned unique ID for this managed resource.
    Kind string
    Type of the resource. Always compute#firewall for firewall rules.
    SelfLink string
    Server-defined URL for the resource.
    SelfLinkWithId string
    Server-defined URL for this resource with the resource id.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    id String
    The provider-assigned unique ID for this managed resource.
    kind String
    Type of the resource. Always compute#firewall for firewall rules.
    selfLink String
    Server-defined URL for the resource.
    selfLinkWithId String
    Server-defined URL for this resource with the resource id.
    creationTimestamp string
    Creation timestamp in RFC3339 text format.
    id string
    The provider-assigned unique ID for this managed resource.
    kind string
    Type of the resource. Always compute#firewall for firewall rules.
    selfLink string
    Server-defined URL for the resource.
    selfLinkWithId string
    Server-defined URL for this resource with the resource id.
    creation_timestamp str
    Creation timestamp in RFC3339 text format.
    id str
    The provider-assigned unique ID for this managed resource.
    kind str
    Type of the resource. Always compute#firewall for firewall rules.
    self_link str
    Server-defined URL for the resource.
    self_link_with_id str
    Server-defined URL for this resource with the resource id.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    id String
    The provider-assigned unique ID for this managed resource.
    kind String
    Type of the resource. Always compute#firewall for firewall rules.
    selfLink String
    Server-defined URL for the resource.
    selfLinkWithId String
    Server-defined URL for this resource with the resource id.

    Supporting Types

    FirewallAllowedItem, FirewallAllowedItemArgs

    IpProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    Ports List<string>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    IpProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    Ports []string
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports List<String>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports string[]
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ip_protocol str
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports Sequence[str]
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports List<String>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    FirewallAllowedItemResponse, FirewallAllowedItemResponseArgs

    IpProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    Ports List<string>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    IpProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    Ports []string
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports List<String>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports string[]
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ip_protocol str
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports Sequence[str]
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports List<String>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    FirewallDeniedItem, FirewallDeniedItemArgs

    IpProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    Ports List<string>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    IpProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    Ports []string
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports List<String>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports string[]
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ip_protocol str
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports Sequence[str]
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports List<String>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    FirewallDeniedItemResponse, FirewallDeniedItemResponseArgs

    IpProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    Ports List<string>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    IpProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    Ports []string
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports List<String>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol string
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports string[]
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ip_protocol str
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports Sequence[str]
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
    ipProtocol String
    The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
    ports List<String>
    An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

    FirewallDirection, FirewallDirectionArgs

    Egress
    EGRESSIndicates that firewall should apply to outgoing traffic.
    Ingress
    INGRESSIndicates that firewall should apply to incoming traffic.
    FirewallDirectionEgress
    EGRESSIndicates that firewall should apply to outgoing traffic.
    FirewallDirectionIngress
    INGRESSIndicates that firewall should apply to incoming traffic.
    Egress
    EGRESSIndicates that firewall should apply to outgoing traffic.
    Ingress
    INGRESSIndicates that firewall should apply to incoming traffic.
    Egress
    EGRESSIndicates that firewall should apply to outgoing traffic.
    Ingress
    INGRESSIndicates that firewall should apply to incoming traffic.
    EGRESS
    EGRESSIndicates that firewall should apply to outgoing traffic.
    INGRESS
    INGRESSIndicates that firewall should apply to incoming traffic.
    "EGRESS"
    EGRESSIndicates that firewall should apply to outgoing traffic.
    "INGRESS"
    INGRESSIndicates that firewall should apply to incoming traffic.

    FirewallLogConfig, FirewallLogConfigArgs

    Enable bool
    This field denotes whether to enable logging for a particular firewall rule.
    Metadata Pulumi.GoogleNative.Compute.Alpha.FirewallLogConfigMetadata
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
    Enable bool
    This field denotes whether to enable logging for a particular firewall rule.
    Metadata FirewallLogConfigMetadata
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
    enable Boolean
    This field denotes whether to enable logging for a particular firewall rule.
    metadata FirewallLogConfigMetadata
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
    enable boolean
    This field denotes whether to enable logging for a particular firewall rule.
    metadata FirewallLogConfigMetadata
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
    enable bool
    This field denotes whether to enable logging for a particular firewall rule.
    metadata FirewallLogConfigMetadata
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
    enable Boolean
    This field denotes whether to enable logging for a particular firewall rule.
    metadata "EXCLUDE_ALL_METADATA" | "INCLUDE_ALL_METADATA"
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

    FirewallLogConfigMetadata, FirewallLogConfigMetadataArgs

    ExcludeAllMetadata
    EXCLUDE_ALL_METADATA
    IncludeAllMetadata
    INCLUDE_ALL_METADATA
    FirewallLogConfigMetadataExcludeAllMetadata
    EXCLUDE_ALL_METADATA
    FirewallLogConfigMetadataIncludeAllMetadata
    INCLUDE_ALL_METADATA
    ExcludeAllMetadata
    EXCLUDE_ALL_METADATA
    IncludeAllMetadata
    INCLUDE_ALL_METADATA
    ExcludeAllMetadata
    EXCLUDE_ALL_METADATA
    IncludeAllMetadata
    INCLUDE_ALL_METADATA
    EXCLUDE_ALL_METADATA
    EXCLUDE_ALL_METADATA
    INCLUDE_ALL_METADATA
    INCLUDE_ALL_METADATA
    "EXCLUDE_ALL_METADATA"
    EXCLUDE_ALL_METADATA
    "INCLUDE_ALL_METADATA"
    INCLUDE_ALL_METADATA

    FirewallLogConfigResponse, FirewallLogConfigResponseArgs

    Enable bool
    This field denotes whether to enable logging for a particular firewall rule.
    Metadata string
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
    Enable bool
    This field denotes whether to enable logging for a particular firewall rule.
    Metadata string
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
    enable Boolean
    This field denotes whether to enable logging for a particular firewall rule.
    metadata String
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
    enable boolean
    This field denotes whether to enable logging for a particular firewall rule.
    metadata string
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
    enable bool
    This field denotes whether to enable logging for a particular firewall rule.
    metadata str
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.
    enable Boolean
    This field denotes whether to enable logging for a particular firewall rule.
    metadata String
    This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi