Ready to level-up your engineering skills? Join a Pulumi Workshop. Register Now

MagicFirewallRuleset

Magic Firewall is a network-level firewall to protect networks that are onboarded to Cloudflare’s Magic Transit. This resource creates a root ruleset on the account level and contains one or more rules. Rules can be crafted in Wireshark syntax and are evaluated in order, with the first rule having the highest priority.

Example Usage

using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Cloudflare.MagicFirewallRuleset("example", new Cloudflare.MagicFirewallRulesetArgs
        {
            AccountId = "d41d8cd98f00b204e9800998ecf8427e",
            Description = "Global mitigations",
            Name = "Magic Transit Ruleset",
            Rules = 
            {
                
                {
                    { "action", "allow" },
                    { "description", "Allow TCP Ephemeral Ports" },
                    { "enabled", "true" },
                    { "expression", "tcp.dstport in { 32768..65535 }" },
                },
                
                {
                    { "action", "block" },
                    { "description", "Block all" },
                    { "enabled", "true" },
                    { "expression", "ip.len >= 0" },
                },
            },
        });
    }

}
package main

import (
    "github.com/pulumi/pulumi-cloudflare/sdk/v2/go/cloudflare"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := cloudflare.NewMagicFirewallRuleset(ctx, "example", &cloudflare.MagicFirewallRulesetArgs{
            AccountId:   pulumi.String("d41d8cd98f00b204e9800998ecf8427e"),
            Description: pulumi.String("Global mitigations"),
            Name:        pulumi.String("Magic Transit Ruleset"),
            Rules: pulumi.StringMapArray{
                pulumi.StringMap{
                    "action":      pulumi.String("allow"),
                    "description": pulumi.String("Allow TCP Ephemeral Ports"),
                    "enabled":     pulumi.String("true"),
                    "expression":  pulumi.String("tcp.dstport in { 32768..65535 }"),
                },
                pulumi.StringMap{
                    "action":      pulumi.String("block"),
                    "description": pulumi.String("Block all"),
                    "enabled":     pulumi.String("true"),
                    "expression":  pulumi.String("ip.len >= 0"),
                },
            },
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_cloudflare as cloudflare

example = cloudflare.MagicFirewallRuleset("example",
    account_id="d41d8cd98f00b204e9800998ecf8427e",
    description="Global mitigations",
    name="Magic Transit Ruleset",
    rules=[
        {
            "action": "allow",
            "description": "Allow TCP Ephemeral Ports",
            "enabled": "true",
            "expression": "tcp.dstport in { 32768..65535 }",
        },
        {
            "action": "block",
            "description": "Block all",
            "enabled": "true",
            "expression": "ip.len >= 0",
        },
    ])
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const example = new cloudflare.MagicFirewallRuleset("example", {
    accountId: "d41d8cd98f00b204e9800998ecf8427e",
    description: "Global mitigations",
    name: "Magic Transit Ruleset",
    rules: [
        {
            action: "allow",
            description: "Allow TCP Ephemeral Ports",
            enabled: "true",
            expression: "tcp.dstport in { 32768..65535 }",
        },
        {
            action: "block",
            description: "Block all",
            enabled: "true",
            expression: "ip.len >= 0",
        },
    ],
});

Create a MagicFirewallRuleset Resource

new MagicFirewallRuleset(name: string, args: MagicFirewallRulesetArgs, opts?: CustomResourceOptions);
def MagicFirewallRuleset(resource_name: str, opts: Optional[ResourceOptions] = None, account_id: Optional[str] = None, description: Optional[str] = None, name: Optional[str] = None, rules: Optional[Sequence[Mapping[str, str]]] = None)
func NewMagicFirewallRuleset(ctx *Context, name string, args MagicFirewallRulesetArgs, opts ...ResourceOption) (*MagicFirewallRuleset, error)
public MagicFirewallRuleset(string name, MagicFirewallRulesetArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args MagicFirewallRulesetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args MagicFirewallRulesetArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args MagicFirewallRulesetArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

MagicFirewallRuleset Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The MagicFirewallRuleset resource accepts the following input properties:

AccountId string

The ID of the account where the ruleset is being created.

Name string

The name of the ruleset.

Description string

A note that can be used to annotate the rule.

Rules List<ImmutableDictionary<string, string>>
AccountId string

The ID of the account where the ruleset is being created.

Name string

The name of the ruleset.

Description string

A note that can be used to annotate the rule.

Rules []map[string]string
accountId string

The ID of the account where the ruleset is being created.

name string

The name of the ruleset.

description string

A note that can be used to annotate the rule.

rules {[key: string]: string}[]
account_id str

The ID of the account where the ruleset is being created.

name str

The name of the ruleset.

description str

A note that can be used to annotate the rule.

rules Sequence[Mapping[str, str]]

Outputs

All input properties are implicitly available as output properties. Additionally, the MagicFirewallRuleset resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing MagicFirewallRuleset Resource

Get an existing MagicFirewallRuleset resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: MagicFirewallRulesetState, opts?: CustomResourceOptions): MagicFirewallRuleset
@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, account_id: Optional[str] = None, description: Optional[str] = None, name: Optional[str] = None, rules: Optional[Sequence[Mapping[str, str]]] = None) -> MagicFirewallRuleset
func GetMagicFirewallRuleset(ctx *Context, name string, id IDInput, state *MagicFirewallRulesetState, opts ...ResourceOption) (*MagicFirewallRuleset, error)
public static MagicFirewallRuleset Get(string name, Input<string> id, MagicFirewallRulesetState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId string

The ID of the account where the ruleset is being created.

Description string

A note that can be used to annotate the rule.

Name string

The name of the ruleset.

Rules List<ImmutableDictionary<string, string>>
AccountId string

The ID of the account where the ruleset is being created.

Description string

A note that can be used to annotate the rule.

Name string

The name of the ruleset.

Rules []map[string]string
accountId string

The ID of the account where the ruleset is being created.

description string

A note that can be used to annotate the rule.

name string

The name of the ruleset.

rules {[key: string]: string}[]
account_id str

The ID of the account where the ruleset is being created.

description str

A note that can be used to annotate the rule.

name str

The name of the ruleset.

rules Sequence[Mapping[str, str]]

Import

An existing Magic Firewall Ruleset can be imported using the account ID and ruleset ID

 $ pulumi import cloudflare:index/magicFirewallRuleset:MagicFirewallRuleset example d41d8cd98f00b204e9800998ecf8427e/cb029e245cfdd66dc8d2e570d5dd3322

Package Details

Repository
https://github.com/pulumi/pulumi-cloudflare
License
Apache-2.0
Notes
This Pulumi package is based on the cloudflare Terraform Provider.