Aviatrix v0.0.10, Jan 21 23
Aviatrix v0.0.10, Jan 21 23
aviatrix.AviatrixFirenet
Explore with Pulumi AI
The aviatrix_firenet resource allows the creation and management of Aviatrix Firewall Networks.
NOTE: This resource is used in conjunction with multiple other resources that may include, and are not limited to: firewall_instance, firewall_instance_association, aws_tgw, and transit_gateway resources or even aviatrix_fqdn, under the Aviatrix FireNet solution. Explicit dependencies may be set using
depends_on
. For more information on proper FireNet configuration, please see the workflow here.
Create AviatrixFirenet Resource
new AviatrixFirenet(name: string, args: AviatrixFirenetArgs, opts?: CustomResourceOptions);
@overload
def AviatrixFirenet(resource_name: str,
opts: Optional[ResourceOptions] = None,
east_west_inspection_excluded_cidrs: Optional[Sequence[str]] = None,
egress_enabled: Optional[bool] = None,
egress_static_cidrs: Optional[Sequence[str]] = None,
firewall_instance_associations: Optional[Sequence[AviatrixFirenetFirewallInstanceAssociationArgs]] = None,
hashing_algorithm: Optional[str] = None,
inspection_enabled: Optional[bool] = None,
keep_alive_via_lan_interface_enabled: Optional[bool] = None,
manage_firewall_instance_association: Optional[bool] = None,
tgw_segmentation_for_egress_enabled: Optional[bool] = None,
vpc_id: Optional[str] = None)
@overload
def AviatrixFirenet(resource_name: str,
args: AviatrixFirenetArgs,
opts: Optional[ResourceOptions] = None)
func NewAviatrixFirenet(ctx *Context, name string, args AviatrixFirenetArgs, opts ...ResourceOption) (*AviatrixFirenet, error)
public AviatrixFirenet(string name, AviatrixFirenetArgs args, CustomResourceOptions? opts = null)
public AviatrixFirenet(String name, AviatrixFirenetArgs args)
public AviatrixFirenet(String name, AviatrixFirenetArgs args, CustomResourceOptions options)
type: aviatrix:AviatrixFirenet
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AviatrixFirenetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AviatrixFirenetArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AviatrixFirenetArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AviatrixFirenetArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AviatrixFirenetArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AviatrixFirenet Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AviatrixFirenet resource accepts the following input properties:
- Vpc
Id string VPC ID of the Security VPC.
- East
West List<string>Inspection Excluded Cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- Egress
Enabled bool Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- Egress
Static List<string>Cidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- Firewall
Instance List<AviatrixAssociations Firenet Firewall Instance Association Args> Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- Hashing
Algorithm string Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- Inspection
Enabled bool Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- Keep
Alive boolVia Lan Interface Enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- Manage
Firewall boolInstance Association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- Tgw
Segmentation boolFor Egress Enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- Vpc
Id string VPC ID of the Security VPC.
- East
West []stringInspection Excluded Cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- Egress
Enabled bool Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- Egress
Static []stringCidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- Firewall
Instance []AviatrixAssociations Firenet Firewall Instance Association Args Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- Hashing
Algorithm string Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- Inspection
Enabled bool Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- Keep
Alive boolVia Lan Interface Enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- Manage
Firewall boolInstance Association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- Tgw
Segmentation boolFor Egress Enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- vpc
Id String VPC ID of the Security VPC.
- east
West List<String>Inspection Excluded Cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- egress
Enabled Boolean Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- egress
Static List<String>Cidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- firewall
Instance List<AviatrixAssociations Firenet Firewall Instance Association Args> Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- hashing
Algorithm String Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- inspection
Enabled Boolean Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- keep
Alive BooleanVia Lan Interface Enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- manage
Firewall BooleanInstance Association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- tgw
Segmentation BooleanFor Egress Enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- vpc
Id string VPC ID of the Security VPC.
- east
West string[]Inspection Excluded Cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- egress
Enabled boolean Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- egress
Static string[]Cidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- firewall
Instance AviatrixAssociations Firenet Firewall Instance Association Args[] Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- hashing
Algorithm string Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- inspection
Enabled boolean Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- keep
Alive booleanVia Lan Interface Enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- manage
Firewall booleanInstance Association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- tgw
Segmentation booleanFor Egress Enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- vpc_
id str VPC ID of the Security VPC.
- east_
west_ Sequence[str]inspection_ excluded_ cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- egress_
enabled bool Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- egress_
static_ Sequence[str]cidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- firewall_
instance_ Sequence[Aviatrixassociations Firenet Firewall Instance Association Args] Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- hashing_
algorithm str Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- inspection_
enabled bool Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- keep_
alive_ boolvia_ lan_ interface_ enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- manage_
firewall_ boolinstance_ association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- tgw_
segmentation_ boolfor_ egress_ enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- vpc
Id String VPC ID of the Security VPC.
- east
West List<String>Inspection Excluded Cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- egress
Enabled Boolean Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- egress
Static List<String>Cidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- firewall
Instance List<Property Map>Associations Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- hashing
Algorithm String Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- inspection
Enabled Boolean Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- keep
Alive BooleanVia Lan Interface Enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- manage
Firewall BooleanInstance Association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- tgw
Segmentation BooleanFor Egress Enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
Outputs
All input properties are implicitly available as output properties. Additionally, the AviatrixFirenet resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing AviatrixFirenet Resource
Get an existing AviatrixFirenet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AviatrixFirenetState, opts?: CustomResourceOptions): AviatrixFirenet
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
east_west_inspection_excluded_cidrs: Optional[Sequence[str]] = None,
egress_enabled: Optional[bool] = None,
egress_static_cidrs: Optional[Sequence[str]] = None,
firewall_instance_associations: Optional[Sequence[AviatrixFirenetFirewallInstanceAssociationArgs]] = None,
hashing_algorithm: Optional[str] = None,
inspection_enabled: Optional[bool] = None,
keep_alive_via_lan_interface_enabled: Optional[bool] = None,
manage_firewall_instance_association: Optional[bool] = None,
tgw_segmentation_for_egress_enabled: Optional[bool] = None,
vpc_id: Optional[str] = None) -> AviatrixFirenet
func GetAviatrixFirenet(ctx *Context, name string, id IDInput, state *AviatrixFirenetState, opts ...ResourceOption) (*AviatrixFirenet, error)
public static AviatrixFirenet Get(string name, Input<string> id, AviatrixFirenetState? state, CustomResourceOptions? opts = null)
public static AviatrixFirenet get(String name, Output<String> id, AviatrixFirenetState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- East
West List<string>Inspection Excluded Cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- Egress
Enabled bool Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- Egress
Static List<string>Cidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- Firewall
Instance List<AviatrixAssociations Firenet Firewall Instance Association Args> Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- Hashing
Algorithm string Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- Inspection
Enabled bool Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- Keep
Alive boolVia Lan Interface Enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- Manage
Firewall boolInstance Association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- Tgw
Segmentation boolFor Egress Enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- Vpc
Id string VPC ID of the Security VPC.
- East
West []stringInspection Excluded Cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- Egress
Enabled bool Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- Egress
Static []stringCidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- Firewall
Instance []AviatrixAssociations Firenet Firewall Instance Association Args Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- Hashing
Algorithm string Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- Inspection
Enabled bool Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- Keep
Alive boolVia Lan Interface Enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- Manage
Firewall boolInstance Association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- Tgw
Segmentation boolFor Egress Enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- Vpc
Id string VPC ID of the Security VPC.
- east
West List<String>Inspection Excluded Cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- egress
Enabled Boolean Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- egress
Static List<String>Cidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- firewall
Instance List<AviatrixAssociations Firenet Firewall Instance Association Args> Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- hashing
Algorithm String Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- inspection
Enabled Boolean Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- keep
Alive BooleanVia Lan Interface Enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- manage
Firewall BooleanInstance Association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- tgw
Segmentation BooleanFor Egress Enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- vpc
Id String VPC ID of the Security VPC.
- east
West string[]Inspection Excluded Cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- egress
Enabled boolean Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- egress
Static string[]Cidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- firewall
Instance AviatrixAssociations Firenet Firewall Instance Association Args[] Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- hashing
Algorithm string Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- inspection
Enabled boolean Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- keep
Alive booleanVia Lan Interface Enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- manage
Firewall booleanInstance Association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- tgw
Segmentation booleanFor Egress Enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- vpc
Id string VPC ID of the Security VPC.
- east_
west_ Sequence[str]inspection_ excluded_ cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- egress_
enabled bool Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- egress_
static_ Sequence[str]cidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- firewall_
instance_ Sequence[Aviatrixassociations Firenet Firewall Instance Association Args] Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- hashing_
algorithm str Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- inspection_
enabled bool Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- keep_
alive_ boolvia_ lan_ interface_ enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- manage_
firewall_ boolinstance_ association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- tgw_
segmentation_ boolfor_ egress_ enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- vpc_
id str VPC ID of the Security VPC.
- east
West List<String>Inspection Excluded Cidrs Network List Excluded From East-West Inspection. CIDRs to be excluded from inspection. Type: Set(String). Available as of provider version R2.19.5+.
- egress
Enabled Boolean Enable/disable egress through firewall. Valid values: true, false. Default value: false.
- egress
Static List<String>Cidrs List of egress static CIDRs. Egress is required to be enabled. Example: ["1.171.15.184/32", "1.171.15.185/32"]. Available as of provider version R2.19+.
- firewall
Instance List<Property Map>Associations Dynamic block of firewall instance(s) to be associated with the FireNet.
Please set
manage_firewall_instance_association
to false, and use the standalone aviatrix_firewall_instance_association resource instead.- hashing
Algorithm String Hashing algorithm to load balance traffic across the firewall. Valid values: "2-Tuple", "5-Tuple". Default value: "5-Tuple".
- inspection
Enabled Boolean Enable/disable traffic inspection. Valid values: true, false. Default value: true.
- keep
Alive BooleanVia Lan Interface Enabled Enable Keep Alive via Firewall LAN Interface. Valid values: true or false. Default value: false. Available as of provider version R2.18.1+.
- manage
Firewall BooleanInstance Association Enable this attribute to manage firewall associations in-line. If set to true, in-line
firewall_instance_association
blocks can be used. If set to false, all firewall associations must be managed via standaloneaviatrix.AviatrixFirewallInstanceAssociation
resources. Default value: true. Valid values: true or false. Available in provider version R2.17.1+.- tgw
Segmentation BooleanFor Egress Enabled Enable TGW segmentation for egress. Valid values: true or false. Default value: false. Available as of provider version R2.19+.
- vpc
Id String VPC ID of the Security VPC.
Supporting Types
AviatrixFirenetFirewallInstanceAssociation
- Firenet
Gw stringName Name of the primary FireNet gateway.
- Instance
Id string ID of Firewall instance.
- Attached bool
Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.
- Egress
Interface string Egress interface ID. Required if it is a firewall instance.
- Firewall
Name string Firewall instance name. Required if it is a firewall instance.
- Lan
Interface string Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.
- Management
Interface string Management interface ID. Required if it is a firewall instance.
- Vendor
Type string Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.
- Firenet
Gw stringName Name of the primary FireNet gateway.
- Instance
Id string ID of Firewall instance.
- Attached bool
Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.
- Egress
Interface string Egress interface ID. Required if it is a firewall instance.
- Firewall
Name string Firewall instance name. Required if it is a firewall instance.
- Lan
Interface string Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.
- Management
Interface string Management interface ID. Required if it is a firewall instance.
- Vendor
Type string Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.
- firenet
Gw StringName Name of the primary FireNet gateway.
- instance
Id String ID of Firewall instance.
- attached Boolean
Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.
- egress
Interface String Egress interface ID. Required if it is a firewall instance.
- firewall
Name String Firewall instance name. Required if it is a firewall instance.
- lan
Interface String Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.
- management
Interface String Management interface ID. Required if it is a firewall instance.
- vendor
Type String Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.
- firenet
Gw stringName Name of the primary FireNet gateway.
- instance
Id string ID of Firewall instance.
- attached boolean
Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.
- egress
Interface string Egress interface ID. Required if it is a firewall instance.
- firewall
Name string Firewall instance name. Required if it is a firewall instance.
- lan
Interface string Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.
- management
Interface string Management interface ID. Required if it is a firewall instance.
- vendor
Type string Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.
- firenet_
gw_ strname Name of the primary FireNet gateway.
- instance_
id str ID of Firewall instance.
- attached bool
Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.
- egress_
interface str Egress interface ID. Required if it is a firewall instance.
- firewall_
name str Firewall instance name. Required if it is a firewall instance.
- lan_
interface str Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.
- management_
interface str Management interface ID. Required if it is a firewall instance.
- vendor_
type str Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.
- firenet
Gw StringName Name of the primary FireNet gateway.
- instance
Id String ID of Firewall instance.
- attached Boolean
Switch to attach/detach firewall instance to/from FireNet. Valid values: true, false. Default value: false.
- egress
Interface String Egress interface ID. Required if it is a firewall instance.
- firewall
Name String Firewall instance name. Required if it is a firewall instance.
- lan
Interface String Lan interface ID. Required if it is a firewall instance or FQDN gateway in Azure.
- management
Interface String Management interface ID. Required if it is a firewall instance.
- vendor
Type String Type of firewall. Valid values: "Generic", "fqdn_gateway". Default value: "Generic". Value "fqdn_gateway" is required for FQDN gateway.
Import
firenet can be imported using the vpc_id
, e.g.
$ pulumi import aviatrix:index/aviatrixFirenet:AviatrixFirenet test vpc_id
Package Details
- Repository
- aviatrix astipkovits/pulumi-aviatrix
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aviatrix
Terraform Provider.