1. Packages
  2. Hcloud Provider
  3. API Docs
  4. Firewall
Hetzner Cloud v1.21.0 published on Tuesday, Nov 12, 2024 by Pulumi

hcloud.Firewall

Explore with Pulumi AI

hcloud logo
Hetzner Cloud v1.21.0 published on Tuesday, Nov 12, 2024 by Pulumi

    Provides a Hetzner Cloud Firewall to represent a Firewall in the Hetzner Cloud.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as hcloud from "@pulumi/hcloud";
    
    const myfirewall = new hcloud.Firewall("myfirewall", {
        name: "my-firewall",
        rules: [
            {
                direction: "in",
                protocol: "icmp",
                sourceIps: [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
            {
                direction: "in",
                protocol: "tcp",
                port: "80-85",
                sourceIps: [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
        ],
    });
    const node1 = new hcloud.Server("node1", {
        name: "node1",
        image: "debian-11",
        serverType: "cx22",
        firewallIds: [myfirewall.id],
    });
    
    import pulumi
    import pulumi_hcloud as hcloud
    
    myfirewall = hcloud.Firewall("myfirewall",
        name="my-firewall",
        rules=[
            {
                "direction": "in",
                "protocol": "icmp",
                "source_ips": [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
            {
                "direction": "in",
                "protocol": "tcp",
                "port": "80-85",
                "source_ips": [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
        ])
    node1 = hcloud.Server("node1",
        name="node1",
        image="debian-11",
        server_type="cx22",
        firewall_ids=[myfirewall.id])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-hcloud/sdk/go/hcloud"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		myfirewall, err := hcloud.NewFirewall(ctx, "myfirewall", &hcloud.FirewallArgs{
    			Name: pulumi.String("my-firewall"),
    			Rules: hcloud.FirewallRuleArray{
    				&hcloud.FirewallRuleArgs{
    					Direction: pulumi.String("in"),
    					Protocol:  pulumi.String("icmp"),
    					SourceIps: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    						pulumi.String("::/0"),
    					},
    				},
    				&hcloud.FirewallRuleArgs{
    					Direction: pulumi.String("in"),
    					Protocol:  pulumi.String("tcp"),
    					Port:      pulumi.String("80-85"),
    					SourceIps: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    						pulumi.String("::/0"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = hcloud.NewServer(ctx, "node1", &hcloud.ServerArgs{
    			Name:       pulumi.String("node1"),
    			Image:      pulumi.String("debian-11"),
    			ServerType: pulumi.String("cx22"),
    			FirewallIds: pulumi.IntArray{
    				myfirewall.ID(),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using HCloud = Pulumi.HCloud;
    
    return await Deployment.RunAsync(() => 
    {
        var myfirewall = new HCloud.Firewall("myfirewall", new()
        {
            Name = "my-firewall",
            Rules = new[]
            {
                new HCloud.Inputs.FirewallRuleArgs
                {
                    Direction = "in",
                    Protocol = "icmp",
                    SourceIps = new[]
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
                new HCloud.Inputs.FirewallRuleArgs
                {
                    Direction = "in",
                    Protocol = "tcp",
                    Port = "80-85",
                    SourceIps = new[]
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
            },
        });
    
        var node1 = new HCloud.Server("node1", new()
        {
            Name = "node1",
            Image = "debian-11",
            ServerType = "cx22",
            FirewallIds = new[]
            {
                myfirewall.Id,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.hcloud.Firewall;
    import com.pulumi.hcloud.FirewallArgs;
    import com.pulumi.hcloud.inputs.FirewallRuleArgs;
    import com.pulumi.hcloud.Server;
    import com.pulumi.hcloud.ServerArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var myfirewall = new Firewall("myfirewall", FirewallArgs.builder()
                .name("my-firewall")
                .rules(            
                    FirewallRuleArgs.builder()
                        .direction("in")
                        .protocol("icmp")
                        .sourceIps(                    
                            "0.0.0.0/0",
                            "::/0")
                        .build(),
                    FirewallRuleArgs.builder()
                        .direction("in")
                        .protocol("tcp")
                        .port("80-85")
                        .sourceIps(                    
                            "0.0.0.0/0",
                            "::/0")
                        .build())
                .build());
    
            var node1 = new Server("node1", ServerArgs.builder()
                .name("node1")
                .image("debian-11")
                .serverType("cx22")
                .firewallIds(myfirewall.id())
                .build());
    
        }
    }
    
    resources:
      myfirewall:
        type: hcloud:Firewall
        properties:
          name: my-firewall
          rules:
            - direction: in
              protocol: icmp
              sourceIps:
                - 0.0.0.0/0
                - ::/0
            - direction: in
              protocol: tcp
              port: 80-85
              sourceIps:
                - 0.0.0.0/0
                - ::/0
      node1:
        type: hcloud:Server
        properties:
          name: node1
          image: debian-11
          serverType: cx22
          firewallIds:
            - ${myfirewall.id}
    

    Create Firewall Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);
    @overload
    def Firewall(resource_name: str,
                 args: Optional[FirewallArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Firewall(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 apply_tos: Optional[Sequence[FirewallApplyToArgs]] = None,
                 labels: Optional[Mapping[str, str]] = None,
                 name: Optional[str] = None,
                 rules: Optional[Sequence[FirewallRuleArgs]] = None)
    func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)
    public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
    public Firewall(String name, FirewallArgs args)
    public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
    
    type: hcloud:Firewall
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var firewallResource = new HCloud.Firewall("firewallResource", new()
    {
        ApplyTos = new[]
        {
            new HCloud.Inputs.FirewallApplyToArgs
            {
                LabelSelector = "string",
                Server = 0,
            },
        },
        Labels = 
        {
            { "string", "string" },
        },
        Name = "string",
        Rules = new[]
        {
            new HCloud.Inputs.FirewallRuleArgs
            {
                Direction = "string",
                Protocol = "string",
                Description = "string",
                DestinationIps = new[]
                {
                    "string",
                },
                Port = "string",
                SourceIps = new[]
                {
                    "string",
                },
            },
        },
    });
    
    example, err := hcloud.NewFirewall(ctx, "firewallResource", &hcloud.FirewallArgs{
    	ApplyTos: hcloud.FirewallApplyToArray{
    		&hcloud.FirewallApplyToArgs{
    			LabelSelector: pulumi.String("string"),
    			Server:        pulumi.Int(0),
    		},
    	},
    	Labels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Name: pulumi.String("string"),
    	Rules: hcloud.FirewallRuleArray{
    		&hcloud.FirewallRuleArgs{
    			Direction:   pulumi.String("string"),
    			Protocol:    pulumi.String("string"),
    			Description: pulumi.String("string"),
    			DestinationIps: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Port: pulumi.String("string"),
    			SourceIps: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    })
    
    var firewallResource = new Firewall("firewallResource", FirewallArgs.builder()
        .applyTos(FirewallApplyToArgs.builder()
            .labelSelector("string")
            .server(0)
            .build())
        .labels(Map.of("string", "string"))
        .name("string")
        .rules(FirewallRuleArgs.builder()
            .direction("string")
            .protocol("string")
            .description("string")
            .destinationIps("string")
            .port("string")
            .sourceIps("string")
            .build())
        .build());
    
    firewall_resource = hcloud.Firewall("firewallResource",
        apply_tos=[{
            "label_selector": "string",
            "server": 0,
        }],
        labels={
            "string": "string",
        },
        name="string",
        rules=[{
            "direction": "string",
            "protocol": "string",
            "description": "string",
            "destination_ips": ["string"],
            "port": "string",
            "source_ips": ["string"],
        }])
    
    const firewallResource = new hcloud.Firewall("firewallResource", {
        applyTos: [{
            labelSelector: "string",
            server: 0,
        }],
        labels: {
            string: "string",
        },
        name: "string",
        rules: [{
            direction: "string",
            protocol: "string",
            description: "string",
            destinationIps: ["string"],
            port: "string",
            sourceIps: ["string"],
        }],
    });
    
    type: hcloud:Firewall
    properties:
        applyTos:
            - labelSelector: string
              server: 0
        labels:
            string: string
        name: string
        rules:
            - description: string
              destinationIps:
                - string
              direction: string
              port: string
              protocol: string
              sourceIps:
                - string
    

    Firewall Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Firewall resource accepts the following input properties:

    ApplyTos List<Pulumi.HCloud.Inputs.FirewallApplyTo>
    Resources the firewall should be assigned to
    Labels Dictionary<string, string>
    User-defined labels (key-value pairs) should be created with.
    Name string
    Name of the Firewall.
    Rules List<Pulumi.HCloud.Inputs.FirewallRule>
    Configuration of a Rule from this Firewall.
    ApplyTos []FirewallApplyToArgs
    Resources the firewall should be assigned to
    Labels map[string]string
    User-defined labels (key-value pairs) should be created with.
    Name string
    Name of the Firewall.
    Rules []FirewallRuleArgs
    Configuration of a Rule from this Firewall.
    applyTos List<FirewallApplyTo>
    Resources the firewall should be assigned to
    labels Map<String,String>
    User-defined labels (key-value pairs) should be created with.
    name String
    Name of the Firewall.
    rules List<FirewallRule>
    Configuration of a Rule from this Firewall.
    applyTos FirewallApplyTo[]
    Resources the firewall should be assigned to
    labels {[key: string]: string}
    User-defined labels (key-value pairs) should be created with.
    name string
    Name of the Firewall.
    rules FirewallRule[]
    Configuration of a Rule from this Firewall.
    apply_tos Sequence[FirewallApplyToArgs]
    Resources the firewall should be assigned to
    labels Mapping[str, str]
    User-defined labels (key-value pairs) should be created with.
    name str
    Name of the Firewall.
    rules Sequence[FirewallRuleArgs]
    Configuration of a Rule from this Firewall.
    applyTos List<Property Map>
    Resources the firewall should be assigned to
    labels Map<String>
    User-defined labels (key-value pairs) should be created with.
    name String
    Name of the Firewall.
    rules List<Property Map>
    Configuration of a Rule from this Firewall.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Firewall Resource

    Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            apply_tos: Optional[Sequence[FirewallApplyToArgs]] = None,
            labels: Optional[Mapping[str, str]] = None,
            name: Optional[str] = None,
            rules: Optional[Sequence[FirewallRuleArgs]] = None) -> Firewall
    func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
    public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
    public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApplyTos List<Pulumi.HCloud.Inputs.FirewallApplyTo>
    Resources the firewall should be assigned to
    Labels Dictionary<string, string>
    User-defined labels (key-value pairs) should be created with.
    Name string
    Name of the Firewall.
    Rules List<Pulumi.HCloud.Inputs.FirewallRule>
    Configuration of a Rule from this Firewall.
    ApplyTos []FirewallApplyToArgs
    Resources the firewall should be assigned to
    Labels map[string]string
    User-defined labels (key-value pairs) should be created with.
    Name string
    Name of the Firewall.
    Rules []FirewallRuleArgs
    Configuration of a Rule from this Firewall.
    applyTos List<FirewallApplyTo>
    Resources the firewall should be assigned to
    labels Map<String,String>
    User-defined labels (key-value pairs) should be created with.
    name String
    Name of the Firewall.
    rules List<FirewallRule>
    Configuration of a Rule from this Firewall.
    applyTos FirewallApplyTo[]
    Resources the firewall should be assigned to
    labels {[key: string]: string}
    User-defined labels (key-value pairs) should be created with.
    name string
    Name of the Firewall.
    rules FirewallRule[]
    Configuration of a Rule from this Firewall.
    apply_tos Sequence[FirewallApplyToArgs]
    Resources the firewall should be assigned to
    labels Mapping[str, str]
    User-defined labels (key-value pairs) should be created with.
    name str
    Name of the Firewall.
    rules Sequence[FirewallRuleArgs]
    Configuration of a Rule from this Firewall.
    applyTos List<Property Map>
    Resources the firewall should be assigned to
    labels Map<String>
    User-defined labels (key-value pairs) should be created with.
    name String
    Name of the Firewall.
    rules List<Property Map>
    Configuration of a Rule from this Firewall.

    Supporting Types

    FirewallApplyTo, FirewallApplyToArgs

    LabelSelector string
    Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)
    Server int
    ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)
    LabelSelector string
    Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)
    Server int
    ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)
    labelSelector String
    Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)
    server Integer
    ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)
    labelSelector string
    Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)
    server number
    ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)
    label_selector str
    Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)
    server int
    ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)
    labelSelector String
    Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)
    server Number
    ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)

    FirewallRule, FirewallRuleArgs

    Direction string
    Direction of the Firewall Rule. in
    Protocol string
    Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp
    Description string
    Description of the firewall rule
    DestinationIps List<string>
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is out)
    Port string
    Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.
    SourceIps List<string>
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is in)
    Direction string
    Direction of the Firewall Rule. in
    Protocol string
    Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp
    Description string
    Description of the firewall rule
    DestinationIps []string
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is out)
    Port string
    Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.
    SourceIps []string
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is in)
    direction String
    Direction of the Firewall Rule. in
    protocol String
    Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp
    description String
    Description of the firewall rule
    destinationIps List<String>
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is out)
    port String
    Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.
    sourceIps List<String>
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is in)
    direction string
    Direction of the Firewall Rule. in
    protocol string
    Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp
    description string
    Description of the firewall rule
    destinationIps string[]
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is out)
    port string
    Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.
    sourceIps string[]
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is in)
    direction str
    Direction of the Firewall Rule. in
    protocol str
    Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp
    description str
    Description of the firewall rule
    destination_ips Sequence[str]
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is out)
    port str
    Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.
    source_ips Sequence[str]
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is in)
    direction String
    Direction of the Firewall Rule. in
    protocol String
    Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp
    description String
    Description of the firewall rule
    destinationIps List<String>
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is out)
    port String
    Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.
    sourceIps List<String>
    List of IPs or CIDRs that are allowed within this Firewall Rule (when direction is in)

    Import

    Firewalls can be imported using its id:

    $ pulumi import hcloud:index/firewall:Firewall myfirewall id
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Hetzner Cloud pulumi/pulumi-hcloud
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the hcloud Terraform Provider.
    hcloud logo
    Hetzner Cloud v1.21.0 published on Tuesday, Nov 12, 2024 by Pulumi