Alibaba Cloud v3.37.0, May 15 23

alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy

Explore with Pulumi AI

Provides a Cloud Firewall Vpc Firewall Control Policy resource.

For information about Cloud Firewall Vpc Firewall Control Policy and how to use it, see What is Vpc Firewall Control Policy.

NOTE: Available in v1.194.0+.

Example Usage

Basic Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var defaultAccount = AliCloud.GetAccount.Invoke();

    var defaultInstance = new AliCloud.Cen.Instance("defaultInstance", new()
    {
        CenInstanceName = @var.Name,
        Description = "example_value",
        Tags = 
        {
            { "Created", "TF" },
            { "For", "acceptance test" },
        },
    });

    var defaultFirewallVpcFirewallControlPolicy = new AliCloud.CloudFirewall.FirewallVpcFirewallControlPolicy("defaultFirewallVpcFirewallControlPolicy", new()
    {
        Order = 1,
        Destination = "127.0.0.2/32",
        ApplicationName = "ANY",
        Description = "example_value",
        SourceType = "net",
        DestPort = "80/88",
        AclAction = "accept",
        Lang = "zh",
        DestinationType = "net",
        Source = "127.0.0.1/32",
        DestPortType = "port",
        Proto = "TCP",
        Release = true,
        MemberUid = defaultAccount.Apply(getAccountResult => getAccountResult.Id),
        VpcFirewallId = defaultInstance.Id,
    });

});

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud"
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/cen"
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/cloudfirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		defaultAccount, err := alicloud.GetAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		defaultInstance, err := cen.NewInstance(ctx, "defaultInstance", &cen.InstanceArgs{
			CenInstanceName: pulumi.Any(_var.Name),
			Description:     pulumi.String("example_value"),
			Tags: pulumi.AnyMap{
				"Created": pulumi.Any("TF"),
				"For":     pulumi.Any("acceptance test"),
			},
		})
		if err != nil {
			return err
		}
		_, err = cloudfirewall.NewFirewallVpcFirewallControlPolicy(ctx, "defaultFirewallVpcFirewallControlPolicy", &cloudfirewall.FirewallVpcFirewallControlPolicyArgs{
			Order:           pulumi.Int(1),
			Destination:     pulumi.String("127.0.0.2/32"),
			ApplicationName: pulumi.String("ANY"),
			Description:     pulumi.String("example_value"),
			SourceType:      pulumi.String("net"),
			DestPort:        pulumi.String("80/88"),
			AclAction:       pulumi.String("accept"),
			Lang:            pulumi.String("zh"),
			DestinationType: pulumi.String("net"),
			Source:          pulumi.String("127.0.0.1/32"),
			DestPortType:    pulumi.String("port"),
			Proto:           pulumi.String("TCP"),
			Release:         pulumi.Bool(true),
			MemberUid:       *pulumi.String(defaultAccount.Id),
			VpcFirewallId:   defaultInstance.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.AlicloudFunctions;
import com.pulumi.alicloud.cen.Instance;
import com.pulumi.alicloud.cen.InstanceArgs;
import com.pulumi.alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy;
import com.pulumi.alicloud.cloudfirewall.FirewallVpcFirewallControlPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var defaultAccount = AlicloudFunctions.getAccount();

        var defaultInstance = new Instance("defaultInstance", InstanceArgs.builder()        
            .cenInstanceName(var_.name())
            .description("example_value")
            .tags(Map.ofEntries(
                Map.entry("Created", "TF"),
                Map.entry("For", "acceptance test")
            ))
            .build());

        var defaultFirewallVpcFirewallControlPolicy = new FirewallVpcFirewallControlPolicy("defaultFirewallVpcFirewallControlPolicy", FirewallVpcFirewallControlPolicyArgs.builder()        
            .order("1")
            .destination("127.0.0.2/32")
            .applicationName("ANY")
            .description("example_value")
            .sourceType("net")
            .destPort("80/88")
            .aclAction("accept")
            .lang("zh")
            .destinationType("net")
            .source("127.0.0.1/32")
            .destPortType("port")
            .proto("TCP")
            .release(true)
            .memberUid(defaultAccount.applyValue(getAccountResult -> getAccountResult.id()))
            .vpcFirewallId(defaultInstance.id())
            .build());

    }
}

import pulumi
import pulumi_alicloud as alicloud

default_account = alicloud.get_account()
default_instance = alicloud.cen.Instance("defaultInstance",
    cen_instance_name=var["name"],
    description="example_value",
    tags={
        "Created": "TF",
        "For": "acceptance test",
    })
default_firewall_vpc_firewall_control_policy = alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy("defaultFirewallVpcFirewallControlPolicy",
    order=1,
    destination="127.0.0.2/32",
    application_name="ANY",
    description="example_value",
    source_type="net",
    dest_port="80/88",
    acl_action="accept",
    lang="zh",
    destination_type="net",
    source="127.0.0.1/32",
    dest_port_type="port",
    proto="TCP",
    release=True,
    member_uid=default_account.id,
    vpc_firewall_id=default_instance.id)

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const defaultAccount = alicloud.getAccount({});
const defaultInstance = new alicloud.cen.Instance("defaultInstance", {
    cenInstanceName: _var.name,
    description: "example_value",
    tags: {
        Created: "TF",
        For: "acceptance test",
    },
});
const defaultFirewallVpcFirewallControlPolicy = new alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy("defaultFirewallVpcFirewallControlPolicy", {
    order: 1,
    destination: "127.0.0.2/32",
    applicationName: "ANY",
    description: "example_value",
    sourceType: "net",
    destPort: "80/88",
    aclAction: "accept",
    lang: "zh",
    destinationType: "net",
    source: "127.0.0.1/32",
    destPortType: "port",
    proto: "TCP",
    release: true,
    memberUid: defaultAccount.then(defaultAccount => defaultAccount.id),
    vpcFirewallId: defaultInstance.id,
});

resources:
  defaultInstance:
    type: alicloud:cen:Instance
    properties:
      cenInstanceName: ${var.name}
      description: example_value
      tags:
        Created: TF
        For: acceptance test
  defaultFirewallVpcFirewallControlPolicy:
    type: alicloud:cloudfirewall:FirewallVpcFirewallControlPolicy
    properties:
      order: '1'
      destination: 127.0.0.2/32
      applicationName: ANY
      description: example_value
      sourceType: net
      destPort: 80/88
      aclAction: accept
      lang: zh
      destinationType: net
      source: 127.0.0.1/32
      destPortType: port
      proto: TCP
      release: true
      memberUid: ${defaultAccount.id}
      vpcFirewallId: ${defaultInstance.id}
variables:
  defaultAccount:
    fn::invoke:
      Function: alicloud:getAccount
      Arguments: {}

Create FirewallVpcFirewallControlPolicy Resource

new FirewallVpcFirewallControlPolicy(name: string, args: FirewallVpcFirewallControlPolicyArgs, opts?: CustomResourceOptions);

@overload
def FirewallVpcFirewallControlPolicy(resource_name: str,
                                     opts: Optional[ResourceOptions] = None,
                                     acl_action: Optional[str] = None,
                                     application_name: Optional[str] = None,
                                     description: Optional[str] = None,
                                     dest_port: Optional[str] = None,
                                     dest_port_group: Optional[str] = None,
                                     dest_port_type: Optional[str] = None,
                                     destination: Optional[str] = None,
                                     destination_type: Optional[str] = None,
                                     lang: Optional[str] = None,
                                     member_uid: Optional[str] = None,
                                     order: Optional[int] = None,
                                     proto: Optional[str] = None,
                                     release: Optional[bool] = None,
                                     source: Optional[str] = None,
                                     source_type: Optional[str] = None,
                                     vpc_firewall_id: Optional[str] = None)
@overload
def FirewallVpcFirewallControlPolicy(resource_name: str,
                                     args: FirewallVpcFirewallControlPolicyArgs,
                                     opts: Optional[ResourceOptions] = None)

func NewFirewallVpcFirewallControlPolicy(ctx *Context, name string, args FirewallVpcFirewallControlPolicyArgs, opts ...ResourceOption) (*FirewallVpcFirewallControlPolicy, error)

public FirewallVpcFirewallControlPolicy(string name, FirewallVpcFirewallControlPolicyArgs args, CustomResourceOptions? opts = null)

public FirewallVpcFirewallControlPolicy(String name, FirewallVpcFirewallControlPolicyArgs args)
public FirewallVpcFirewallControlPolicy(String name, FirewallVpcFirewallControlPolicyArgs args, CustomResourceOptions options)

type: alicloud:cloudfirewall:FirewallVpcFirewallControlPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallVpcFirewallControlPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallVpcFirewallControlPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallVpcFirewallControlPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallVpcFirewallControlPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallVpcFirewallControlPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

FirewallVpcFirewallControlPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FirewallVpcFirewallControlPolicy resource accepts the following input properties:

AclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

ApplicationName string

The type of the applications that the access control policy supports. Valid values: FTP, HTTP, HTTPS, MySQL, SMTP, SMTPS, RDP, VNC, SSH, Redis, MQTT, MongoDB, Memcache, SSL, ANY.

Description string

Access control over VPC firewalls description of the strategy information.

Destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

DestinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

Order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

Proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

Source string

Access control over VPC firewalls strategy in the source address.

SourceType string

The type of the source address in the access control policy. Valid values: net, group.

VpcFirewallId string

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

DestPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

DestPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

DestPortType string

The type of the destination port in the access control policy. Valid values: port, group.

Lang string

The language of the content within the request and response. Valid values: zh, en.

MemberUid string

The UID of the member account of the current Alibaba cloud account.

Release bool

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

AclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

ApplicationName string

Description string

Access control over VPC firewalls description of the strategy information.

Destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

DestinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

Order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

Proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

Source string

Access control over VPC firewalls strategy in the source address.

SourceType string

The type of the source address in the access control policy. Valid values: net, group.

VpcFirewallId string

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

DestPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

DestPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

DestPortType string

The type of the destination port in the access control policy. Valid values: port, group.

Lang string

The language of the content within the request and response. Valid values: zh, en.

MemberUid string

The UID of the member account of the current Alibaba cloud account.

Release bool

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

aclAction String

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

applicationName String

description String

Access control over VPC firewalls description of the strategy information.

destination String

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationType String

The type of the destination address in the access control policy. Valid values: net, group, domain.

order Integer

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto String

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

source String

Access control over VPC firewalls strategy in the source address.

sourceType String

The type of the source address in the access control policy. Valid values: net, group.

vpcFirewallId String

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

destPort String

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup String

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortType String

The type of the destination port in the access control policy. Valid values: port, group.

lang String

The language of the content within the request and response. Valid values: zh, en.

memberUid String

The UID of the member account of the current Alibaba cloud account.

release Boolean

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

aclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

applicationName string

description string

Access control over VPC firewalls description of the strategy information.

destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

order number

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

source string

Access control over VPC firewalls strategy in the source address.

sourceType string

The type of the source address in the access control policy. Valid values: net, group.

vpcFirewallId string

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

destPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortType string

The type of the destination port in the access control policy. Valid values: port, group.

lang string

The language of the content within the request and response. Valid values: zh, en.

memberUid string

The UID of the member account of the current Alibaba cloud account.

release boolean

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

acl_action str

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

application_name str

description str

Access control over VPC firewalls description of the strategy information.

destination str

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destination_type str

The type of the destination address in the access control policy. Valid values: net, group, domain.

order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto str

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

source str

Access control over VPC firewalls strategy in the source address.

source_type str

The type of the source address in the access control policy. Valid values: net, group.

vpc_firewall_id str

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

dest_port str

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

dest_port_group str

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

dest_port_type str

The type of the destination port in the access control policy. Valid values: port, group.

lang str

The language of the content within the request and response. Valid values: zh, en.

member_uid str

The UID of the member account of the current Alibaba cloud account.

release bool

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

aclAction String

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

applicationName String

description String

Access control over VPC firewalls description of the strategy information.

destination String

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationType String

The type of the destination address in the access control policy. Valid values: net, group, domain.

order Number

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto String

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

source String

Access control over VPC firewalls strategy in the source address.

sourceType String

The type of the source address in the access control policy. Valid values: net, group.

vpcFirewallId String

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

destPort String

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup String

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortType String

The type of the destination port in the access control policy. Valid values: port, group.

lang String

The language of the content within the request and response. Valid values: zh, en.

memberUid String

The UID of the member account of the current Alibaba cloud account.

release Boolean

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallVpcFirewallControlPolicy resource produces the following output properties:

AclUuid string

Access control over VPC firewalls strategy unique identifier.

ApplicationId string

Policy specifies the application ID.

DestPortGroupPorts List<string>

Port Address Book port list.

DestinationGroupCidrs List<string>

Destination address book defined in the address list.

DestinationGroupType string

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

HitTimes int

Control strategy of hits per second.

Id string

The provider-assigned unique ID for this managed resource.

SourceGroupCidrs List<string>

SOURCE address of the address list.

SourceGroupType string

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

AclUuid string

Access control over VPC firewalls strategy unique identifier.

ApplicationId string

Policy specifies the application ID.

DestPortGroupPorts []string

Port Address Book port list.

DestinationGroupCidrs []string

Destination address book defined in the address list.

DestinationGroupType string

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

HitTimes int

Control strategy of hits per second.

Id string

The provider-assigned unique ID for this managed resource.

SourceGroupCidrs []string

SOURCE address of the address list.

SourceGroupType string

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

aclUuid String

Access control over VPC firewalls strategy unique identifier.

applicationId String

Policy specifies the application ID.

destPortGroupPorts List<String>

Port Address Book port list.

destinationGroupCidrs List<String>

Destination address book defined in the address list.

destinationGroupType String

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

hitTimes Integer

Control strategy of hits per second.

id String

The provider-assigned unique ID for this managed resource.

sourceGroupCidrs List<String>

SOURCE address of the address list.

sourceGroupType String

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

aclUuid string

Access control over VPC firewalls strategy unique identifier.

applicationId string

Policy specifies the application ID.

destPortGroupPorts string[]

Port Address Book port list.

destinationGroupCidrs string[]

Destination address book defined in the address list.

destinationGroupType string

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

hitTimes number

Control strategy of hits per second.

id string

The provider-assigned unique ID for this managed resource.

sourceGroupCidrs string[]

SOURCE address of the address list.

sourceGroupType string

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

acl_uuid str

Access control over VPC firewalls strategy unique identifier.

application_id str

Policy specifies the application ID.

dest_port_group_ports Sequence[str]

Port Address Book port list.

destination_group_cidrs Sequence[str]

Destination address book defined in the address list.

destination_group_type str

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

hit_times int

Control strategy of hits per second.

id str

The provider-assigned unique ID for this managed resource.

source_group_cidrs Sequence[str]

SOURCE address of the address list.

source_group_type str

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

aclUuid String

Access control over VPC firewalls strategy unique identifier.

applicationId String

Policy specifies the application ID.

destPortGroupPorts List<String>

Port Address Book port list.

destinationGroupCidrs List<String>

Destination address book defined in the address list.

destinationGroupType String

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

hitTimes Number

Control strategy of hits per second.

id String

The provider-assigned unique ID for this managed resource.

sourceGroupCidrs List<String>

SOURCE address of the address list.

sourceGroupType String

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

Look up Existing FirewallVpcFirewallControlPolicy Resource

Get an existing FirewallVpcFirewallControlPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallVpcFirewallControlPolicyState, opts?: CustomResourceOptions): FirewallVpcFirewallControlPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        acl_action: Optional[str] = None,
        acl_uuid: Optional[str] = None,
        application_id: Optional[str] = None,
        application_name: Optional[str] = None,
        description: Optional[str] = None,
        dest_port: Optional[str] = None,
        dest_port_group: Optional[str] = None,
        dest_port_group_ports: Optional[Sequence[str]] = None,
        dest_port_type: Optional[str] = None,
        destination: Optional[str] = None,
        destination_group_cidrs: Optional[Sequence[str]] = None,
        destination_group_type: Optional[str] = None,
        destination_type: Optional[str] = None,
        hit_times: Optional[int] = None,
        lang: Optional[str] = None,
        member_uid: Optional[str] = None,
        order: Optional[int] = None,
        proto: Optional[str] = None,
        release: Optional[bool] = None,
        source: Optional[str] = None,
        source_group_cidrs: Optional[Sequence[str]] = None,
        source_group_type: Optional[str] = None,
        source_type: Optional[str] = None,
        vpc_firewall_id: Optional[str] = None) -> FirewallVpcFirewallControlPolicy

func GetFirewallVpcFirewallControlPolicy(ctx *Context, name string, id IDInput, state *FirewallVpcFirewallControlPolicyState, opts ...ResourceOption) (*FirewallVpcFirewallControlPolicy, error)

public static FirewallVpcFirewallControlPolicy Get(string name, Input<string> id, FirewallVpcFirewallControlPolicyState? state, CustomResourceOptions? opts = null)

public static FirewallVpcFirewallControlPolicy get(String name, Output<String> id, FirewallVpcFirewallControlPolicyState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

AclUuid string

Access control over VPC firewalls strategy unique identifier.

ApplicationId string

Policy specifies the application ID.

ApplicationName string

Description string

Access control over VPC firewalls description of the strategy information.

DestPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

DestPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

DestPortGroupPorts List<string>

Port Address Book port list.

DestPortType string

The type of the destination port in the access control policy. Valid values: port, group.

Destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

DestinationGroupCidrs List<string>

Destination address book defined in the address list.

DestinationGroupType string

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

DestinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

HitTimes int

Control strategy of hits per second.

Lang string

The language of the content within the request and response. Valid values: zh, en.

MemberUid string

The UID of the member account of the current Alibaba cloud account.

Order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

Proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

Release bool

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

Source string

Access control over VPC firewalls strategy in the source address.

SourceGroupCidrs List<string>

SOURCE address of the address list.

SourceGroupType string

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

SourceType string

The type of the source address in the access control policy. Valid values: net, group.

VpcFirewallId string

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

AclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

AclUuid string

Access control over VPC firewalls strategy unique identifier.

ApplicationId string

Policy specifies the application ID.

ApplicationName string

Description string

Access control over VPC firewalls description of the strategy information.

DestPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

DestPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

DestPortGroupPorts []string

Port Address Book port list.

DestPortType string

The type of the destination port in the access control policy. Valid values: port, group.

Destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

DestinationGroupCidrs []string

Destination address book defined in the address list.

DestinationGroupType string

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

DestinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

HitTimes int

Control strategy of hits per second.

Lang string

The language of the content within the request and response. Valid values: zh, en.

MemberUid string

The UID of the member account of the current Alibaba cloud account.

Order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

Proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

Release bool

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

Source string

Access control over VPC firewalls strategy in the source address.

SourceGroupCidrs []string

SOURCE address of the address list.

SourceGroupType string

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

SourceType string

The type of the source address in the access control policy. Valid values: net, group.

VpcFirewallId string

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

aclAction String

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

aclUuid String

Access control over VPC firewalls strategy unique identifier.

applicationId String

Policy specifies the application ID.

applicationName String

description String

Access control over VPC firewalls description of the strategy information.

destPort String

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup String

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortGroupPorts List<String>

Port Address Book port list.

destPortType String

The type of the destination port in the access control policy. Valid values: port, group.

destination String

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationGroupCidrs List<String>

Destination address book defined in the address list.

destinationGroupType String

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

destinationType String

The type of the destination address in the access control policy. Valid values: net, group, domain.

hitTimes Integer

Control strategy of hits per second.

lang String

The language of the content within the request and response. Valid values: zh, en.

memberUid String

The UID of the member account of the current Alibaba cloud account.

order Integer

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto String

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

release Boolean

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

source String

Access control over VPC firewalls strategy in the source address.

sourceGroupCidrs List<String>

SOURCE address of the address list.

sourceGroupType String

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

sourceType String

The type of the source address in the access control policy. Valid values: net, group.

vpcFirewallId String

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

aclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

aclUuid string

Access control over VPC firewalls strategy unique identifier.

applicationId string

Policy specifies the application ID.

applicationName string

description string

Access control over VPC firewalls description of the strategy information.

destPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortGroupPorts string[]

Port Address Book port list.

destPortType string

The type of the destination port in the access control policy. Valid values: port, group.

destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationGroupCidrs string[]

Destination address book defined in the address list.

destinationGroupType string

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

destinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

hitTimes number

Control strategy of hits per second.

lang string

The language of the content within the request and response. Valid values: zh, en.

memberUid string

The UID of the member account of the current Alibaba cloud account.

order number

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

release boolean

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

source string

Access control over VPC firewalls strategy in the source address.

sourceGroupCidrs string[]

SOURCE address of the address list.

sourceGroupType string

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

sourceType string

The type of the source address in the access control policy. Valid values: net, group.

vpcFirewallId string

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

acl_action str

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

acl_uuid str

Access control over VPC firewalls strategy unique identifier.

application_id str

Policy specifies the application ID.

application_name str

description str

Access control over VPC firewalls description of the strategy information.

dest_port str

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

dest_port_group str

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

dest_port_group_ports Sequence[str]

Port Address Book port list.

dest_port_type str

The type of the destination port in the access control policy. Valid values: port, group.

destination str

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destination_group_cidrs Sequence[str]

Destination address book defined in the address list.

destination_group_type str

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

destination_type str

The type of the destination address in the access control policy. Valid values: net, group, domain.

hit_times int

Control strategy of hits per second.

lang str

The language of the content within the request and response. Valid values: zh, en.

member_uid str

The UID of the member account of the current Alibaba cloud account.

order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto str

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

release bool

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

source str

Access control over VPC firewalls strategy in the source address.

source_group_cidrs Sequence[str]

SOURCE address of the address list.

source_group_type str

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

source_type str

The type of the source address in the access control policy. Valid values: net, group.

vpc_firewall_id str

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

aclAction String

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

aclUuid String

Access control over VPC firewalls strategy unique identifier.

applicationId String

Policy specifies the application ID.

applicationName String

description String

Access control over VPC firewalls description of the strategy information.

destPort String

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup String

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortGroupPorts List<String>

Port Address Book port list.

destPortType String

The type of the destination port in the access control policy. Valid values: port, group.

destination String

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationGroupCidrs List<String>

Destination address book defined in the address list.

destinationGroupType String

The destination address book type in the access control policy. Value:

ip:IP address book, which contains one or more ip address segments.
domain: domain address book, which contains one or more domain addresses.

destinationType String

The type of the destination address in the access control policy. Valid values: net, group, domain.

hitTimes Number

Control strategy of hits per second.

lang String

The language of the content within the request and response. Valid values: zh, en.

memberUid String

The UID of the member account of the current Alibaba cloud account.

order Number

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto String

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

release Boolean

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policies
false: does not enable access control policies.

source String

Access control over VPC firewalls strategy in the source address.

sourceGroupCidrs List<String>

SOURCE address of the address list.

sourceGroupType String

The source address type in the access control policy. Unique value: ip. The IP address book contains one or more IP address segments.

sourceType String

The type of the source address in the access control policy. Valid values: net, group.

vpcFirewallId String

The ID of the VPC firewall instance. Value:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

Import

Cloud Firewall Vpc Firewall Control Policy can be imported using the id, e.g.

 $ pulumi import alicloud:cloudfirewall/firewallVpcFirewallControlPolicy:FirewallVpcFirewallControlPolicy example <vpc_firewall_id>:<acl_uuid>

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy

Example Usage

Create FirewallVpcFirewallControlPolicy Resource

FirewallVpcFirewallControlPolicy Resource Properties

Inputs

Outputs

Look up Existing FirewallVpcFirewallControlPolicy Resource

Import

Package Details

On this page