Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.compute/v1.FirewallPolicy
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Creates a new policy in the specified project using the data included in the request.
Create FirewallPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallPolicy(name: string, args?: FirewallPolicyArgs, opts?: CustomResourceOptions);
@overload
def FirewallPolicy(resource_name: str,
args: Optional[FirewallPolicyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
associations: Optional[Sequence[FirewallPolicyAssociationArgs]] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
name: Optional[str] = None,
parent_id: Optional[str] = None,
request_id: Optional[str] = None,
rules: Optional[Sequence[FirewallPolicyRuleArgs]] = None,
short_name: Optional[str] = None)
func NewFirewallPolicy(ctx *Context, name string, args *FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)
public FirewallPolicy(string name, FirewallPolicyArgs? args = null, CustomResourceOptions? opts = null)
public FirewallPolicy(String name, FirewallPolicyArgs args)
public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
type: google-native:compute/v1:FirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplefirewallPolicyResourceResourceFromComputev1 = new GoogleNative.Compute.V1.FirewallPolicy("examplefirewallPolicyResourceResourceFromComputev1", new()
{
Associations = new[]
{
new GoogleNative.Compute.V1.Inputs.FirewallPolicyAssociationArgs
{
AttachmentTarget = "string",
Name = "string",
},
},
Description = "string",
Name = "string",
ParentId = "string",
RequestId = "string",
Rules = new[]
{
new GoogleNative.Compute.V1.Inputs.FirewallPolicyRuleArgs
{
Action = "string",
Description = "string",
Direction = GoogleNative.Compute.V1.FirewallPolicyRuleDirection.Egress,
Disabled = false,
EnableLogging = false,
Match = new GoogleNative.Compute.V1.Inputs.FirewallPolicyRuleMatcherArgs
{
DestAddressGroups = new[]
{
"string",
},
DestFqdns = new[]
{
"string",
},
DestIpRanges = new[]
{
"string",
},
DestRegionCodes = new[]
{
"string",
},
DestThreatIntelligences = new[]
{
"string",
},
Layer4Configs = new[]
{
new GoogleNative.Compute.V1.Inputs.FirewallPolicyRuleMatcherLayer4ConfigArgs
{
IpProtocol = "string",
Ports = new[]
{
"string",
},
},
},
SrcAddressGroups = new[]
{
"string",
},
SrcFqdns = new[]
{
"string",
},
SrcIpRanges = new[]
{
"string",
},
SrcRegionCodes = new[]
{
"string",
},
SrcSecureTags = new[]
{
new GoogleNative.Compute.V1.Inputs.FirewallPolicyRuleSecureTagArgs
{
Name = "string",
},
},
SrcThreatIntelligences = new[]
{
"string",
},
},
Priority = 0,
RuleName = "string",
TargetResources = new[]
{
"string",
},
TargetSecureTags = new[]
{
new GoogleNative.Compute.V1.Inputs.FirewallPolicyRuleSecureTagArgs
{
Name = "string",
},
},
TargetServiceAccounts = new[]
{
"string",
},
},
},
ShortName = "string",
});
example, err := computev1.NewFirewallPolicy(ctx, "examplefirewallPolicyResourceResourceFromComputev1", &computev1.FirewallPolicyArgs{
Associations: compute.FirewallPolicyAssociationArray{
&compute.FirewallPolicyAssociationArgs{
AttachmentTarget: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Name: pulumi.String("string"),
ParentId: pulumi.String("string"),
RequestId: pulumi.String("string"),
Rules: compute.FirewallPolicyRuleArray{
&compute.FirewallPolicyRuleArgs{
Action: pulumi.String("string"),
Description: pulumi.String("string"),
Direction: computev1.FirewallPolicyRuleDirectionEgress,
Disabled: pulumi.Bool(false),
EnableLogging: pulumi.Bool(false),
Match: &compute.FirewallPolicyRuleMatcherArgs{
DestAddressGroups: pulumi.StringArray{
pulumi.String("string"),
},
DestFqdns: pulumi.StringArray{
pulumi.String("string"),
},
DestIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
DestRegionCodes: pulumi.StringArray{
pulumi.String("string"),
},
DestThreatIntelligences: pulumi.StringArray{
pulumi.String("string"),
},
Layer4Configs: compute.FirewallPolicyRuleMatcherLayer4ConfigArray{
&compute.FirewallPolicyRuleMatcherLayer4ConfigArgs{
IpProtocol: pulumi.String("string"),
Ports: pulumi.StringArray{
pulumi.String("string"),
},
},
},
SrcAddressGroups: pulumi.StringArray{
pulumi.String("string"),
},
SrcFqdns: pulumi.StringArray{
pulumi.String("string"),
},
SrcIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
SrcRegionCodes: pulumi.StringArray{
pulumi.String("string"),
},
SrcSecureTags: compute.FirewallPolicyRuleSecureTagArray{
&compute.FirewallPolicyRuleSecureTagArgs{
Name: pulumi.String("string"),
},
},
SrcThreatIntelligences: pulumi.StringArray{
pulumi.String("string"),
},
},
Priority: pulumi.Int(0),
RuleName: pulumi.String("string"),
TargetResources: pulumi.StringArray{
pulumi.String("string"),
},
TargetSecureTags: compute.FirewallPolicyRuleSecureTagArray{
&compute.FirewallPolicyRuleSecureTagArgs{
Name: pulumi.String("string"),
},
},
TargetServiceAccounts: pulumi.StringArray{
pulumi.String("string"),
},
},
},
ShortName: pulumi.String("string"),
})
var examplefirewallPolicyResourceResourceFromComputev1 = new FirewallPolicy("examplefirewallPolicyResourceResourceFromComputev1", FirewallPolicyArgs.builder()
.associations(FirewallPolicyAssociationArgs.builder()
.attachmentTarget("string")
.name("string")
.build())
.description("string")
.name("string")
.parentId("string")
.requestId("string")
.rules(FirewallPolicyRuleArgs.builder()
.action("string")
.description("string")
.direction("EGRESS")
.disabled(false)
.enableLogging(false)
.match(FirewallPolicyRuleMatcherArgs.builder()
.destAddressGroups("string")
.destFqdns("string")
.destIpRanges("string")
.destRegionCodes("string")
.destThreatIntelligences("string")
.layer4Configs(FirewallPolicyRuleMatcherLayer4ConfigArgs.builder()
.ipProtocol("string")
.ports("string")
.build())
.srcAddressGroups("string")
.srcFqdns("string")
.srcIpRanges("string")
.srcRegionCodes("string")
.srcSecureTags(FirewallPolicyRuleSecureTagArgs.builder()
.name("string")
.build())
.srcThreatIntelligences("string")
.build())
.priority(0)
.ruleName("string")
.targetResources("string")
.targetSecureTags(FirewallPolicyRuleSecureTagArgs.builder()
.name("string")
.build())
.targetServiceAccounts("string")
.build())
.shortName("string")
.build());
examplefirewall_policy_resource_resource_from_computev1 = google_native.compute.v1.FirewallPolicy("examplefirewallPolicyResourceResourceFromComputev1",
associations=[{
"attachment_target": "string",
"name": "string",
}],
description="string",
name="string",
parent_id="string",
request_id="string",
rules=[{
"action": "string",
"description": "string",
"direction": google_native.compute.v1.FirewallPolicyRuleDirection.EGRESS,
"disabled": False,
"enable_logging": False,
"match": {
"dest_address_groups": ["string"],
"dest_fqdns": ["string"],
"dest_ip_ranges": ["string"],
"dest_region_codes": ["string"],
"dest_threat_intelligences": ["string"],
"layer4_configs": [{
"ip_protocol": "string",
"ports": ["string"],
}],
"src_address_groups": ["string"],
"src_fqdns": ["string"],
"src_ip_ranges": ["string"],
"src_region_codes": ["string"],
"src_secure_tags": [{
"name": "string",
}],
"src_threat_intelligences": ["string"],
},
"priority": 0,
"rule_name": "string",
"target_resources": ["string"],
"target_secure_tags": [{
"name": "string",
}],
"target_service_accounts": ["string"],
}],
short_name="string")
const examplefirewallPolicyResourceResourceFromComputev1 = new google_native.compute.v1.FirewallPolicy("examplefirewallPolicyResourceResourceFromComputev1", {
associations: [{
attachmentTarget: "string",
name: "string",
}],
description: "string",
name: "string",
parentId: "string",
requestId: "string",
rules: [{
action: "string",
description: "string",
direction: google_native.compute.v1.FirewallPolicyRuleDirection.Egress,
disabled: false,
enableLogging: false,
match: {
destAddressGroups: ["string"],
destFqdns: ["string"],
destIpRanges: ["string"],
destRegionCodes: ["string"],
destThreatIntelligences: ["string"],
layer4Configs: [{
ipProtocol: "string",
ports: ["string"],
}],
srcAddressGroups: ["string"],
srcFqdns: ["string"],
srcIpRanges: ["string"],
srcRegionCodes: ["string"],
srcSecureTags: [{
name: "string",
}],
srcThreatIntelligences: ["string"],
},
priority: 0,
ruleName: "string",
targetResources: ["string"],
targetSecureTags: [{
name: "string",
}],
targetServiceAccounts: ["string"],
}],
shortName: "string",
});
type: google-native:compute/v1:FirewallPolicy
properties:
associations:
- attachmentTarget: string
name: string
description: string
name: string
parentId: string
requestId: string
rules:
- action: string
description: string
direction: EGRESS
disabled: false
enableLogging: false
match:
destAddressGroups:
- string
destFqdns:
- string
destIpRanges:
- string
destRegionCodes:
- string
destThreatIntelligences:
- string
layer4Configs:
- ipProtocol: string
ports:
- string
srcAddressGroups:
- string
srcFqdns:
- string
srcIpRanges:
- string
srcRegionCodes:
- string
srcSecureTags:
- name: string
srcThreatIntelligences:
- string
priority: 0
ruleName: string
targetResources:
- string
targetSecureTags:
- name: string
targetServiceAccounts:
- string
shortName: string
FirewallPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallPolicy resource accepts the following input properties:
- Associations
List<Pulumi.
Google Native. Compute. V1. Inputs. Firewall Policy Association> - A list of associations that belong to this firewall policy.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Display
Name string - Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Name string
- Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.
- Parent
Id string - Parent ID for this request. The ID can be either be "folders/[FOLDER_ID]" if the parent is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an organization.
- Request
Id string - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- Rules
List<Pulumi.
Google Native. Compute. V1. Inputs. Firewall Policy Rule> - A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.
- Short
Name string - User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
- Associations
[]Firewall
Policy Association Args - A list of associations that belong to this firewall policy.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Display
Name string - Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Name string
- Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.
- Parent
Id string - Parent ID for this request. The ID can be either be "folders/[FOLDER_ID]" if the parent is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an organization.
- Request
Id string - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- Rules
[]Firewall
Policy Rule Args - A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.
- Short
Name string - User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
- associations
List<Firewall
Policy Association> - A list of associations that belong to this firewall policy.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- display
Name String - Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - name String
- Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.
- parent
Id String - Parent ID for this request. The ID can be either be "folders/[FOLDER_ID]" if the parent is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an organization.
- request
Id String - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- rules
List<Firewall
Policy Rule> - A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.
- short
Name String - User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
- associations
Firewall
Policy Association[] - A list of associations that belong to this firewall policy.
- description string
- An optional description of this resource. Provide this property when you create the resource.
- display
Name string - Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - name string
- Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.
- parent
Id string - Parent ID for this request. The ID can be either be "folders/[FOLDER_ID]" if the parent is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an organization.
- request
Id string - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- rules
Firewall
Policy Rule[] - A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.
- short
Name string - User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
- associations
Sequence[Firewall
Policy Association Args] - A list of associations that belong to this firewall policy.
- description str
- An optional description of this resource. Provide this property when you create the resource.
- display_
name str - Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - name str
- Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.
- parent_
id str - Parent ID for this request. The ID can be either be "folders/[FOLDER_ID]" if the parent is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an organization.
- request_
id str - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- rules
Sequence[Firewall
Policy Rule Args] - A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.
- short_
name str - User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
- associations List<Property Map>
- A list of associations that belong to this firewall policy.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- display
Name String - Deprecated, please use short name instead. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - name String
- Name of the resource. For Organization Firewall Policies it's a [Output Only] numeric ID allocated by Google Cloud which uniquely identifies the Organization Firewall Policy.
- parent
Id String - Parent ID for this request. The ID can be either be "folders/[FOLDER_ID]" if the parent is a folder or "organizations/[ORGANIZATION_ID]" if the parent is an organization.
- request
Id String - An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).
- rules List<Property Map>
- A list of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a firewall policy, a default rule with action "allow" will be added.
- short
Name String - User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Fingerprint string
- Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kind string
- [Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies
- Parent string
- The parent of the firewall policy. This field is not applicable to network firewall policies.
- Region string
- URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
- Rule
Tuple intCount - Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
- Self
Link string - Server-defined URL for the resource.
- Self
Link stringWith Id - Server-defined URL for this resource with the resource id.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Fingerprint string
- Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kind string
- [Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies
- Parent string
- The parent of the firewall policy. This field is not applicable to network firewall policies.
- Region string
- URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
- Rule
Tuple intCount - Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
- Self
Link string - Server-defined URL for the resource.
- Self
Link stringWith Id - Server-defined URL for this resource with the resource id.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- fingerprint String
- Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.
- id String
- The provider-assigned unique ID for this managed resource.
- kind String
- [Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies
- parent String
- The parent of the firewall policy. This field is not applicable to network firewall policies.
- region String
- URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
- rule
Tuple IntegerCount - Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
- self
Link String - Server-defined URL for the resource.
- self
Link StringWith Id - Server-defined URL for this resource with the resource id.
- creation
Timestamp string - Creation timestamp in RFC3339 text format.
- fingerprint string
- Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.
- id string
- The provider-assigned unique ID for this managed resource.
- kind string
- [Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies
- parent string
- The parent of the firewall policy. This field is not applicable to network firewall policies.
- region string
- URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
- rule
Tuple numberCount - Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
- self
Link string - Server-defined URL for the resource.
- self
Link stringWith Id - Server-defined URL for this resource with the resource id.
- creation_
timestamp str - Creation timestamp in RFC3339 text format.
- fingerprint str
- Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.
- id str
- The provider-assigned unique ID for this managed resource.
- kind str
- [Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies
- parent str
- The parent of the firewall policy. This field is not applicable to network firewall policies.
- region str
- URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
- rule_
tuple_ intcount - Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
- self_
link str - Server-defined URL for the resource.
- self_
link_ strwith_ id - Server-defined URL for this resource with the resource id.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- fingerprint String
- Specifies a fingerprint for this resource, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make get() request to the firewall policy.
- id String
- The provider-assigned unique ID for this managed resource.
- kind String
- [Output only] Type of the resource. Always compute#firewallPolicyfor firewall policies
- parent String
- The parent of the firewall policy. This field is not applicable to network firewall policies.
- region String
- URL of the region where the regional firewall policy resides. This field is not applicable to global firewall policies. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.
- rule
Tuple NumberCount - Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
- self
Link String - Server-defined URL for the resource.
- self
Link StringWith Id - Server-defined URL for this resource with the resource id.
Supporting Types
FirewallPolicyAssociation, FirewallPolicyAssociationArgs
- Attachment
Target string - The target that the firewall policy is attached to.
- Name string
- The name for an association.
- Attachment
Target string - The target that the firewall policy is attached to.
- Name string
- The name for an association.
- attachment
Target String - The target that the firewall policy is attached to.
- name String
- The name for an association.
- attachment
Target string - The target that the firewall policy is attached to.
- name string
- The name for an association.
- attachment_
target str - The target that the firewall policy is attached to.
- name str
- The name for an association.
- attachment
Target String - The target that the firewall policy is attached to.
- name String
- The name for an association.
FirewallPolicyAssociationResponse, FirewallPolicyAssociationResponseArgs
- Attachment
Target string - The target that the firewall policy is attached to.
- Display
Name string - Deprecated, please use short name instead. The display name of the firewall policy of the association.
- Firewall
Policy stringId - The firewall policy ID of the association.
- Name string
- The name for an association.
- Short
Name string - The short name of the firewall policy of the association.
- Attachment
Target string - The target that the firewall policy is attached to.
- Display
Name string - Deprecated, please use short name instead. The display name of the firewall policy of the association.
- Firewall
Policy stringId - The firewall policy ID of the association.
- Name string
- The name for an association.
- Short
Name string - The short name of the firewall policy of the association.
- attachment
Target String - The target that the firewall policy is attached to.
- display
Name String - Deprecated, please use short name instead. The display name of the firewall policy of the association.
- firewall
Policy StringId - The firewall policy ID of the association.
- name String
- The name for an association.
- short
Name String - The short name of the firewall policy of the association.
- attachment
Target string - The target that the firewall policy is attached to.
- display
Name string - Deprecated, please use short name instead. The display name of the firewall policy of the association.
- firewall
Policy stringId - The firewall policy ID of the association.
- name string
- The name for an association.
- short
Name string - The short name of the firewall policy of the association.
- attachment_
target str - The target that the firewall policy is attached to.
- display_
name str - Deprecated, please use short name instead. The display name of the firewall policy of the association.
- firewall_
policy_ strid - The firewall policy ID of the association.
- name str
- The name for an association.
- short_
name str - The short name of the firewall policy of the association.
- attachment
Target String - The target that the firewall policy is attached to.
- display
Name String - Deprecated, please use short name instead. The display name of the firewall policy of the association.
- firewall
Policy StringId - The firewall policy ID of the association.
- name String
- The name for an association.
- short
Name String - The short name of the firewall policy of the association.
FirewallPolicyRule, FirewallPolicyRuleArgs
- Action string
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- Description string
- An optional description for this resource.
- Direction
Pulumi.
Google Native. Compute. V1. Firewall Policy Rule Direction - The direction in which this rule applies.
- Disabled bool
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- Enable
Logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- Match
Pulumi.
Google Native. Compute. V1. Inputs. Firewall Policy Rule Matcher - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Rule
Name string - An optional name for the rule. This field is not a unique identifier and can be updated.
- Target
Resources List<string> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- List<Pulumi.
Google Native. Compute. V1. Inputs. Firewall Policy Rule Secure Tag> - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- Target
Service List<string>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- Action string
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- Description string
- An optional description for this resource.
- Direction
Firewall
Policy Rule Direction - The direction in which this rule applies.
- Disabled bool
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- Enable
Logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- Match
Firewall
Policy Rule Matcher - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Rule
Name string - An optional name for the rule. This field is not a unique identifier and can be updated.
- Target
Resources []string - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- []Firewall
Policy Rule Secure Tag - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- Target
Service []stringAccounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- description String
- An optional description for this resource.
- direction
Firewall
Policy Rule Direction - The direction in which this rule applies.
- disabled Boolean
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- enable
Logging Boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- match
Firewall
Policy Rule Matcher - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- priority Integer
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- rule
Name String - An optional name for the rule. This field is not a unique identifier and can be updated.
- target
Resources List<String> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- List<Firewall
Policy Rule Secure Tag> - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- target
Service List<String>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action string
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- description string
- An optional description for this resource.
- direction
Firewall
Policy Rule Direction - The direction in which this rule applies.
- disabled boolean
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- enable
Logging boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- match
Firewall
Policy Rule Matcher - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- priority number
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- rule
Name string - An optional name for the rule. This field is not a unique identifier and can be updated.
- target
Resources string[] - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Firewall
Policy Rule Secure Tag[] - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- target
Service string[]Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action str
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- description str
- An optional description for this resource.
- direction
Firewall
Policy Rule Direction - The direction in which this rule applies.
- disabled bool
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- enable_
logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- match
Firewall
Policy Rule Matcher - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- priority int
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- rule_
name str - An optional name for the rule. This field is not a unique identifier and can be updated.
- target_
resources Sequence[str] - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Sequence[Firewall
Policy Rule Secure Tag] - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- target_
service_ Sequence[str]accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- description String
- An optional description for this resource.
- direction "EGRESS" | "INGRESS"
- The direction in which this rule applies.
- disabled Boolean
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- enable
Logging Boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- match Property Map
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- priority Number
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- rule
Name String - An optional name for the rule. This field is not a unique identifier and can be updated.
- target
Resources List<String> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- List<Property Map>
- A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- target
Service List<String>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
FirewallPolicyRuleDirection, FirewallPolicyRuleDirectionArgs
- Egress
- EGRESS
- Ingress
- INGRESS
- Firewall
Policy Rule Direction Egress - EGRESS
- Firewall
Policy Rule Direction Ingress - INGRESS
- Egress
- EGRESS
- Ingress
- INGRESS
- Egress
- EGRESS
- Ingress
- INGRESS
- EGRESS
- EGRESS
- INGRESS
- INGRESS
- "EGRESS"
- EGRESS
- "INGRESS"
- INGRESS
FirewallPolicyRuleMatcher, FirewallPolicyRuleMatcherArgs
- Dest
Address List<string>Groups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- Dest
Fqdns List<string> - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- Dest
Ip List<string>Ranges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- Dest
Region List<string>Codes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- Dest
Threat List<string>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- Layer4Configs
List<Pulumi.
Google Native. Compute. V1. Inputs. Firewall Policy Rule Matcher Layer4Config> - Pairs of IP protocols and ports that the rule should match.
- Src
Address List<string>Groups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- Src
Fqdns List<string> - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- Src
Ip List<string>Ranges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- Src
Region List<string>Codes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- List<Pulumi.
Google Native. Compute. V1. Inputs. Firewall Policy Rule Secure Tag> - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- Src
Threat List<string>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
- Dest
Address []stringGroups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- Dest
Fqdns []string - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- Dest
Ip []stringRanges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- Dest
Region []stringCodes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- Dest
Threat []stringIntelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- Layer4Configs
[]Firewall
Policy Rule Matcher Layer4Config - Pairs of IP protocols and ports that the rule should match.
- Src
Address []stringGroups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- Src
Fqdns []string - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- Src
Ip []stringRanges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- Src
Region []stringCodes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- []Firewall
Policy Rule Secure Tag - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- Src
Threat []stringIntelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
- dest
Address List<String>Groups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- dest
Fqdns List<String> - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- dest
Ip List<String>Ranges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- dest
Region List<String>Codes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- dest
Threat List<String>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- layer4Configs
List<Firewall
Policy Rule Matcher Layer4Config> - Pairs of IP protocols and ports that the rule should match.
- src
Address List<String>Groups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- src
Fqdns List<String> - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- src
Ip List<String>Ranges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- src
Region List<String>Codes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- List<Firewall
Policy Rule Secure Tag> - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- src
Threat List<String>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
- dest
Address string[]Groups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- dest
Fqdns string[] - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- dest
Ip string[]Ranges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- dest
Region string[]Codes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- dest
Threat string[]Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- layer4Configs
Firewall
Policy Rule Matcher Layer4Config[] - Pairs of IP protocols and ports that the rule should match.
- src
Address string[]Groups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- src
Fqdns string[] - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- src
Ip string[]Ranges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- src
Region string[]Codes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- Firewall
Policy Rule Secure Tag[] - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- src
Threat string[]Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
- dest_
address_ Sequence[str]groups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- dest_
fqdns Sequence[str] - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- dest_
ip_ Sequence[str]ranges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- dest_
region_ Sequence[str]codes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- dest_
threat_ Sequence[str]intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- layer4_
configs Sequence[FirewallPolicy Rule Matcher Layer4Config] - Pairs of IP protocols and ports that the rule should match.
- src_
address_ Sequence[str]groups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- src_
fqdns Sequence[str] - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- src_
ip_ Sequence[str]ranges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- src_
region_ Sequence[str]codes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- Sequence[Firewall
Policy Rule Secure Tag] - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- src_
threat_ Sequence[str]intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
- dest
Address List<String>Groups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- dest
Fqdns List<String> - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- dest
Ip List<String>Ranges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- dest
Region List<String>Codes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- dest
Threat List<String>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- layer4Configs List<Property Map>
- Pairs of IP protocols and ports that the rule should match.
- src
Address List<String>Groups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- src
Fqdns List<String> - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- src
Ip List<String>Ranges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- src
Region List<String>Codes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- List<Property Map>
- List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- src
Threat List<String>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
FirewallPolicyRuleMatcherLayer4Config, FirewallPolicyRuleMatcherLayer4ConfigArgs
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- Ports List<string>
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- Ports []string
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports string[]
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip_
protocol str - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports Sequence[str]
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
FirewallPolicyRuleMatcherLayer4ConfigResponse, FirewallPolicyRuleMatcherLayer4ConfigResponseArgs
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- Ports List<string>
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- Ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- Ports []string
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol string - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports string[]
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip_
protocol str - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports Sequence[str]
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
- ip
Protocol String - The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), or the IP protocol number.
- ports List<String>
- An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
FirewallPolicyRuleMatcherResponse, FirewallPolicyRuleMatcherResponseArgs
- Dest
Address List<string>Groups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- Dest
Fqdns List<string> - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- Dest
Ip List<string>Ranges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- Dest
Region List<string>Codes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- Dest
Threat List<string>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- Layer4Configs
List<Pulumi.
Google Native. Compute. V1. Inputs. Firewall Policy Rule Matcher Layer4Config Response> - Pairs of IP protocols and ports that the rule should match.
- Src
Address List<string>Groups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- Src
Fqdns List<string> - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- Src
Ip List<string>Ranges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- Src
Region List<string>Codes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- List<Pulumi.
Google Native. Compute. V1. Inputs. Firewall Policy Rule Secure Tag Response> - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- Src
Threat List<string>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
- Dest
Address []stringGroups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- Dest
Fqdns []string - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- Dest
Ip []stringRanges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- Dest
Region []stringCodes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- Dest
Threat []stringIntelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- Layer4Configs
[]Firewall
Policy Rule Matcher Layer4Config Response - Pairs of IP protocols and ports that the rule should match.
- Src
Address []stringGroups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- Src
Fqdns []string - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- Src
Ip []stringRanges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- Src
Region []stringCodes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- []Firewall
Policy Rule Secure Tag Response - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- Src
Threat []stringIntelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
- dest
Address List<String>Groups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- dest
Fqdns List<String> - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- dest
Ip List<String>Ranges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- dest
Region List<String>Codes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- dest
Threat List<String>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- layer4Configs
List<Firewall
Policy Rule Matcher Layer4Config Response> - Pairs of IP protocols and ports that the rule should match.
- src
Address List<String>Groups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- src
Fqdns List<String> - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- src
Ip List<String>Ranges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- src
Region List<String>Codes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- List<Firewall
Policy Rule Secure Tag Response> - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- src
Threat List<String>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
- dest
Address string[]Groups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- dest
Fqdns string[] - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- dest
Ip string[]Ranges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- dest
Region string[]Codes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- dest
Threat string[]Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- layer4Configs
Firewall
Policy Rule Matcher Layer4Config Response[] - Pairs of IP protocols and ports that the rule should match.
- src
Address string[]Groups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- src
Fqdns string[] - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- src
Ip string[]Ranges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- src
Region string[]Codes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- Firewall
Policy Rule Secure Tag Response[] - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- src
Threat string[]Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
- dest_
address_ Sequence[str]groups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- dest_
fqdns Sequence[str] - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- dest_
ip_ Sequence[str]ranges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- dest_
region_ Sequence[str]codes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- dest_
threat_ Sequence[str]intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- layer4_
configs Sequence[FirewallPolicy Rule Matcher Layer4Config Response] - Pairs of IP protocols and ports that the rule should match.
- src_
address_ Sequence[str]groups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- src_
fqdns Sequence[str] - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- src_
ip_ Sequence[str]ranges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- src_
region_ Sequence[str]codes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- Sequence[Firewall
Policy Rule Secure Tag Response] - List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- src_
threat_ Sequence[str]intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
- dest
Address List<String>Groups - Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
- dest
Fqdns List<String> - Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
- dest
Ip List<String>Ranges - CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
- dest
Region List<String>Codes - Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
- dest
Threat List<String>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
- layer4Configs List<Property Map>
- Pairs of IP protocols and ports that the rule should match.
- src
Address List<String>Groups - Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
- src
Fqdns List<String> - Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
- src
Ip List<String>Ranges - CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
- src
Region List<String>Codes - Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
- List<Property Map>
- List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
- src
Threat List<String>Intelligences - Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.
FirewallPolicyRuleResponse, FirewallPolicyRuleResponseArgs
- Action string
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- Description string
- An optional description for this resource.
- Direction string
- The direction in which this rule applies.
- Disabled bool
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- Enable
Logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- Kind string
- [Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules
- Match
Pulumi.
Google Native. Compute. V1. Inputs. Firewall Policy Rule Matcher Response - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Rule
Name string - An optional name for the rule. This field is not a unique identifier and can be updated.
- Rule
Tuple intCount - Calculation of the complexity of a single firewall policy rule.
- Target
Resources List<string> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- List<Pulumi.
Google Native. Compute. V1. Inputs. Firewall Policy Rule Secure Tag Response> - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- Target
Service List<string>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- Action string
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- Description string
- An optional description for this resource.
- Direction string
- The direction in which this rule applies.
- Disabled bool
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- Enable
Logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- Kind string
- [Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules
- Match
Firewall
Policy Rule Matcher Response - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- Priority int
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- Rule
Name string - An optional name for the rule. This field is not a unique identifier and can be updated.
- Rule
Tuple intCount - Calculation of the complexity of a single firewall policy rule.
- Target
Resources []string - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- []Firewall
Policy Rule Secure Tag Response - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- Target
Service []stringAccounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- description String
- An optional description for this resource.
- direction String
- The direction in which this rule applies.
- disabled Boolean
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- enable
Logging Boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- kind String
- [Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules
- match
Firewall
Policy Rule Matcher Response - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- priority Integer
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- rule
Name String - An optional name for the rule. This field is not a unique identifier and can be updated.
- rule
Tuple IntegerCount - Calculation of the complexity of a single firewall policy rule.
- target
Resources List<String> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- List<Firewall
Policy Rule Secure Tag Response> - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- target
Service List<String>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action string
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- description string
- An optional description for this resource.
- direction string
- The direction in which this rule applies.
- disabled boolean
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- enable
Logging boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- kind string
- [Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules
- match
Firewall
Policy Rule Matcher Response - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- priority number
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- rule
Name string - An optional name for the rule. This field is not a unique identifier and can be updated.
- rule
Tuple numberCount - Calculation of the complexity of a single firewall policy rule.
- target
Resources string[] - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Firewall
Policy Rule Secure Tag Response[] - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- target
Service string[]Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action str
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- description str
- An optional description for this resource.
- direction str
- The direction in which this rule applies.
- disabled bool
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- enable_
logging bool - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- kind str
- [Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules
- match
Firewall
Policy Rule Matcher Response - A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- priority int
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- rule_
name str - An optional name for the rule. This field is not a unique identifier and can be updated.
- rule_
tuple_ intcount - Calculation of the complexity of a single firewall policy rule.
- target_
resources Sequence[str] - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- Sequence[Firewall
Policy Rule Secure Tag Response] - A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- target_
service_ Sequence[str]accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
- action String
- The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny" and "goto_next".
- description String
- An optional description for this resource.
- direction String
- The direction in which this rule applies.
- disabled Boolean
- Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
- enable
Logging Boolean - Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on "goto_next" rules.
- kind String
- [Output only] Type of the resource. Always compute#firewallPolicyRule for firewall policy rules
- match Property Map
- A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
- priority Number
- An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
- rule
Name String - An optional name for the rule. This field is not a unique identifier and can be updated.
- rule
Tuple NumberCount - Calculation of the complexity of a single firewall policy rule.
- target
Resources List<String> - A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.
- List<Property Map>
- A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
- target
Service List<String>Accounts - A list of service accounts indicating the sets of instances that are applied with this rule.
FirewallPolicyRuleSecureTag, FirewallPolicyRuleSecureTagArgs
- Name string
- Name of the secure tag, created with TagManager's TagValue API.
- Name string
- Name of the secure tag, created with TagManager's TagValue API.
- name String
- Name of the secure tag, created with TagManager's TagValue API.
- name string
- Name of the secure tag, created with TagManager's TagValue API.
- name str
- Name of the secure tag, created with TagManager's TagValue API.
- name String
- Name of the secure tag, created with TagManager's TagValue API.
FirewallPolicyRuleSecureTagResponse, FirewallPolicyRuleSecureTagResponseArgs
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.