aviatrix.AviatrixFirewallInstance
Explore with Pulumi AI
The aviatrix_firewall_instance resource allows the creation and management of Aviatrix Firewall Instances.
This resource is used in Aviatrix FireNet and Aviatrix Transit FireNet solutions, in conjunction with other resources that may include, and are not limited to: firenet, firewall_instance_association, aws_tgw and transit_gateway resources.
Create AviatrixFirewallInstance Resource
new AviatrixFirewallInstance(name: string, args: AviatrixFirewallInstanceArgs, opts?: CustomResourceOptions);
@overload
def AviatrixFirewallInstance(resource_name: str,
opts: Optional[ResourceOptions] = None,
availability_domain: Optional[str] = None,
bootstrap_bucket_name: Optional[str] = None,
bootstrap_storage_name: Optional[str] = None,
container_folder: Optional[str] = None,
egress_subnet: Optional[str] = None,
egress_vpc_id: Optional[str] = None,
fault_domain: Optional[str] = None,
file_share_folder: Optional[str] = None,
firenet_gw_name: Optional[str] = None,
firewall_image: Optional[str] = None,
firewall_image_id: Optional[str] = None,
firewall_image_version: Optional[str] = None,
firewall_name: Optional[str] = None,
firewall_size: Optional[str] = None,
iam_role: Optional[str] = None,
key_name: Optional[str] = None,
management_subnet: Optional[str] = None,
management_vpc_id: Optional[str] = None,
password: Optional[str] = None,
sas_url_config: Optional[str] = None,
sas_url_license: Optional[str] = None,
share_directory: Optional[str] = None,
sic_key: Optional[str] = None,
ssh_public_key: Optional[str] = None,
storage_access_key: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
user_data: Optional[str] = None,
username: Optional[str] = None,
vpc_id: Optional[str] = None,
zone: Optional[str] = None)
@overload
def AviatrixFirewallInstance(resource_name: str,
args: AviatrixFirewallInstanceArgs,
opts: Optional[ResourceOptions] = None)
func NewAviatrixFirewallInstance(ctx *Context, name string, args AviatrixFirewallInstanceArgs, opts ...ResourceOption) (*AviatrixFirewallInstance, error)
public AviatrixFirewallInstance(string name, AviatrixFirewallInstanceArgs args, CustomResourceOptions? opts = null)
public AviatrixFirewallInstance(String name, AviatrixFirewallInstanceArgs args)
public AviatrixFirewallInstance(String name, AviatrixFirewallInstanceArgs args, CustomResourceOptions options)
type: aviatrix:AviatrixFirewallInstance
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AviatrixFirewallInstanceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AviatrixFirewallInstanceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AviatrixFirewallInstanceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AviatrixFirewallInstanceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AviatrixFirewallInstanceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AviatrixFirewallInstance Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AviatrixFirewallInstance resource accepts the following input properties:
- Egress
Subnet string Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- Firewall
Image string One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- Firewall
Name string Name of the firewall instance to be created.
- Firewall
Size string Instance size of the firewall. Example: "m5.xlarge".
- Vpc
Id string VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- Availability
Domain string Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- Bootstrap
Bucket stringName Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- Bootstrap
Storage stringName Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- Container
Folder string Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- Egress
Vpc stringId Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- Fault
Domain string Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- string
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Firenet
Gw stringName Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- Firewall
Image stringId Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- Firewall
Image stringVersion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- Iam
Role string Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- Key
Name string Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- Management
Subnet string Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- Management
Vpc stringId Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- Password string
Applicable to Azure or AzureGov deployment only.
- Sas
Url stringConfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- Sas
Url stringLicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- string
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Sic
Key string Advanced option. Sic key. Applicable to Check Point Series deployment only.
- Ssh
Public stringKey Applicable to Azure or AzureGov deployment only.
- Storage
Access stringKey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Dictionary<string, string>
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- User
Data string Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- Username string
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- Zone string
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
- Egress
Subnet string Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- Firewall
Image string One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- Firewall
Name string Name of the firewall instance to be created.
- Firewall
Size string Instance size of the firewall. Example: "m5.xlarge".
- Vpc
Id string VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- Availability
Domain string Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- Bootstrap
Bucket stringName Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- Bootstrap
Storage stringName Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- Container
Folder string Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- Egress
Vpc stringId Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- Fault
Domain string Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- string
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Firenet
Gw stringName Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- Firewall
Image stringId Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- Firewall
Image stringVersion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- Iam
Role string Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- Key
Name string Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- Management
Subnet string Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- Management
Vpc stringId Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- Password string
Applicable to Azure or AzureGov deployment only.
- Sas
Url stringConfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- Sas
Url stringLicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- string
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Sic
Key string Advanced option. Sic key. Applicable to Check Point Series deployment only.
- Ssh
Public stringKey Applicable to Azure or AzureGov deployment only.
- Storage
Access stringKey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- map[string]string
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- User
Data string Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- Username string
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- Zone string
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
- egress
Subnet String Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- firewall
Image String One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- firewall
Name String Name of the firewall instance to be created.
- firewall
Size String Instance size of the firewall. Example: "m5.xlarge".
- vpc
Id String VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- availability
Domain String Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- bootstrap
Bucket StringName Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- bootstrap
Storage StringName Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- container
Folder String Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- egress
Vpc StringId Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- fault
Domain String Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- String
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- firenet
Gw StringName Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- firewall
Image StringId Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- firewall
Image StringVersion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- iam
Role String Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- key
Name String Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- management
Subnet String Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- management
Vpc StringId Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- password String
Applicable to Azure or AzureGov deployment only.
- sas
Url StringConfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- sas
Url StringLicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- String
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- sic
Key String Advanced option. Sic key. Applicable to Check Point Series deployment only.
- ssh
Public StringKey Applicable to Azure or AzureGov deployment only.
- storage
Access StringKey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Map<String,String>
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- user
Data String Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- username String
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- zone String
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
- egress
Subnet string Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- firewall
Image string One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- firewall
Name string Name of the firewall instance to be created.
- firewall
Size string Instance size of the firewall. Example: "m5.xlarge".
- vpc
Id string VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- availability
Domain string Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- bootstrap
Bucket stringName Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- bootstrap
Storage stringName Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- container
Folder string Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- egress
Vpc stringId Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- fault
Domain string Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- string
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- firenet
Gw stringName Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- firewall
Image stringId Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- firewall
Image stringVersion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- iam
Role string Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- key
Name string Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- management
Subnet string Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- management
Vpc stringId Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- password string
Applicable to Azure or AzureGov deployment only.
- sas
Url stringConfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- sas
Url stringLicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- string
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- sic
Key string Advanced option. Sic key. Applicable to Check Point Series deployment only.
- ssh
Public stringKey Applicable to Azure or AzureGov deployment only.
- storage
Access stringKey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- {[key: string]: string}
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- user
Data string Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- username string
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- zone string
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
- egress_
subnet str Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- firewall_
image str One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- firewall_
name str Name of the firewall instance to be created.
- firewall_
size str Instance size of the firewall. Example: "m5.xlarge".
- vpc_
id str VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- availability_
domain str Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- bootstrap_
bucket_ strname Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- bootstrap_
storage_ strname Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- container_
folder str Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- egress_
vpc_ strid Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- fault_
domain str Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- str
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- firenet_
gw_ strname Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- firewall_
image_ strid Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- firewall_
image_ strversion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- iam_
role str Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- key_
name str Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- management_
subnet str Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- management_
vpc_ strid Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- password str
Applicable to Azure or AzureGov deployment only.
- sas_
url_ strconfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- sas_
url_ strlicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- str
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- sic_
key str Advanced option. Sic key. Applicable to Check Point Series deployment only.
- ssh_
public_ strkey Applicable to Azure or AzureGov deployment only.
- storage_
access_ strkey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Mapping[str, str]
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- user_
data str Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- username str
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- zone str
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
- egress
Subnet String Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- firewall
Image String One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- firewall
Name String Name of the firewall instance to be created.
- firewall
Size String Instance size of the firewall. Example: "m5.xlarge".
- vpc
Id String VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- availability
Domain String Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- bootstrap
Bucket StringName Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- bootstrap
Storage StringName Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- container
Folder String Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- egress
Vpc StringId Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- fault
Domain String Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- String
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- firenet
Gw StringName Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- firewall
Image StringId Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- firewall
Image StringVersion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- iam
Role String Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- key
Name String Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- management
Subnet String Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- management
Vpc StringId Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- password String
Applicable to Azure or AzureGov deployment only.
- sas
Url StringConfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- sas
Url StringLicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- String
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- sic
Key String Advanced option. Sic key. Applicable to Check Point Series deployment only.
- ssh
Public StringKey Applicable to Azure or AzureGov deployment only.
- storage
Access StringKey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Map<String>
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- user
Data String Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- username String
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- zone String
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
Outputs
All input properties are implicitly available as output properties. Additionally, the AviatrixFirewallInstance resource produces the following output properties:
- Cloud
Type int Cloud Type.
- Egress
Interface string ID of Egress Interface created.
- Gcp
Vpc stringId GCP Only. The current VPC ID.
- Id string
The provider-assigned unique ID for this managed resource.
- Instance
Id string ID of the firewall instance created.
- Lan
Interface string ID of Lan Interface created.
- Management
Interface string ID of Management Interface created.
- Public
Ip string Management Public IP.
- Cloud
Type int Cloud Type.
- Egress
Interface string ID of Egress Interface created.
- Gcp
Vpc stringId GCP Only. The current VPC ID.
- Id string
The provider-assigned unique ID for this managed resource.
- Instance
Id string ID of the firewall instance created.
- Lan
Interface string ID of Lan Interface created.
- Management
Interface string ID of Management Interface created.
- Public
Ip string Management Public IP.
- cloud
Type Integer Cloud Type.
- egress
Interface String ID of Egress Interface created.
- gcp
Vpc StringId GCP Only. The current VPC ID.
- id String
The provider-assigned unique ID for this managed resource.
- instance
Id String ID of the firewall instance created.
- lan
Interface String ID of Lan Interface created.
- management
Interface String ID of Management Interface created.
- public
Ip String Management Public IP.
- cloud
Type number Cloud Type.
- egress
Interface string ID of Egress Interface created.
- gcp
Vpc stringId GCP Only. The current VPC ID.
- id string
The provider-assigned unique ID for this managed resource.
- instance
Id string ID of the firewall instance created.
- lan
Interface string ID of Lan Interface created.
- management
Interface string ID of Management Interface created.
- public
Ip string Management Public IP.
- cloud_
type int Cloud Type.
- egress_
interface str ID of Egress Interface created.
- gcp_
vpc_ strid GCP Only. The current VPC ID.
- id str
The provider-assigned unique ID for this managed resource.
- instance_
id str ID of the firewall instance created.
- lan_
interface str ID of Lan Interface created.
- management_
interface str ID of Management Interface created.
- public_
ip str Management Public IP.
- cloud
Type Number Cloud Type.
- egress
Interface String ID of Egress Interface created.
- gcp
Vpc StringId GCP Only. The current VPC ID.
- id String
The provider-assigned unique ID for this managed resource.
- instance
Id String ID of the firewall instance created.
- lan
Interface String ID of Lan Interface created.
- management
Interface String ID of Management Interface created.
- public
Ip String Management Public IP.
Look up Existing AviatrixFirewallInstance Resource
Get an existing AviatrixFirewallInstance resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AviatrixFirewallInstanceState, opts?: CustomResourceOptions): AviatrixFirewallInstance
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
availability_domain: Optional[str] = None,
bootstrap_bucket_name: Optional[str] = None,
bootstrap_storage_name: Optional[str] = None,
cloud_type: Optional[int] = None,
container_folder: Optional[str] = None,
egress_interface: Optional[str] = None,
egress_subnet: Optional[str] = None,
egress_vpc_id: Optional[str] = None,
fault_domain: Optional[str] = None,
file_share_folder: Optional[str] = None,
firenet_gw_name: Optional[str] = None,
firewall_image: Optional[str] = None,
firewall_image_id: Optional[str] = None,
firewall_image_version: Optional[str] = None,
firewall_name: Optional[str] = None,
firewall_size: Optional[str] = None,
gcp_vpc_id: Optional[str] = None,
iam_role: Optional[str] = None,
instance_id: Optional[str] = None,
key_name: Optional[str] = None,
lan_interface: Optional[str] = None,
management_interface: Optional[str] = None,
management_subnet: Optional[str] = None,
management_vpc_id: Optional[str] = None,
password: Optional[str] = None,
public_ip: Optional[str] = None,
sas_url_config: Optional[str] = None,
sas_url_license: Optional[str] = None,
share_directory: Optional[str] = None,
sic_key: Optional[str] = None,
ssh_public_key: Optional[str] = None,
storage_access_key: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
user_data: Optional[str] = None,
username: Optional[str] = None,
vpc_id: Optional[str] = None,
zone: Optional[str] = None) -> AviatrixFirewallInstance
func GetAviatrixFirewallInstance(ctx *Context, name string, id IDInput, state *AviatrixFirewallInstanceState, opts ...ResourceOption) (*AviatrixFirewallInstance, error)
public static AviatrixFirewallInstance Get(string name, Input<string> id, AviatrixFirewallInstanceState? state, CustomResourceOptions? opts = null)
public static AviatrixFirewallInstance get(String name, Output<String> id, AviatrixFirewallInstanceState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Availability
Domain string Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- Bootstrap
Bucket stringName Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- Bootstrap
Storage stringName Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- Cloud
Type int Cloud Type.
- Container
Folder string Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- Egress
Interface string ID of Egress Interface created.
- Egress
Subnet string Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- Egress
Vpc stringId Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- Fault
Domain string Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- string
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Firenet
Gw stringName Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- Firewall
Image string One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- Firewall
Image stringId Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- Firewall
Image stringVersion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- Firewall
Name string Name of the firewall instance to be created.
- Firewall
Size string Instance size of the firewall. Example: "m5.xlarge".
- Gcp
Vpc stringId GCP Only. The current VPC ID.
- Iam
Role string Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- Instance
Id string ID of the firewall instance created.
- Key
Name string Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- Lan
Interface string ID of Lan Interface created.
- Management
Interface string ID of Management Interface created.
- Management
Subnet string Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- Management
Vpc stringId Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- Password string
Applicable to Azure or AzureGov deployment only.
- Public
Ip string Management Public IP.
- Sas
Url stringConfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- Sas
Url stringLicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- string
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Sic
Key string Advanced option. Sic key. Applicable to Check Point Series deployment only.
- Ssh
Public stringKey Applicable to Azure or AzureGov deployment only.
- Storage
Access stringKey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Dictionary<string, string>
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- User
Data string Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- Username string
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- Vpc
Id string VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- Zone string
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
- Availability
Domain string Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- Bootstrap
Bucket stringName Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- Bootstrap
Storage stringName Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- Cloud
Type int Cloud Type.
- Container
Folder string Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- Egress
Interface string ID of Egress Interface created.
- Egress
Subnet string Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- Egress
Vpc stringId Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- Fault
Domain string Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- string
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Firenet
Gw stringName Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- Firewall
Image string One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- Firewall
Image stringId Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- Firewall
Image stringVersion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- Firewall
Name string Name of the firewall instance to be created.
- Firewall
Size string Instance size of the firewall. Example: "m5.xlarge".
- Gcp
Vpc stringId GCP Only. The current VPC ID.
- Iam
Role string Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- Instance
Id string ID of the firewall instance created.
- Key
Name string Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- Lan
Interface string ID of Lan Interface created.
- Management
Interface string ID of Management Interface created.
- Management
Subnet string Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- Management
Vpc stringId Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- Password string
Applicable to Azure or AzureGov deployment only.
- Public
Ip string Management Public IP.
- Sas
Url stringConfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- Sas
Url stringLicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- string
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Sic
Key string Advanced option. Sic key. Applicable to Check Point Series deployment only.
- Ssh
Public stringKey Applicable to Azure or AzureGov deployment only.
- Storage
Access stringKey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- map[string]string
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- User
Data string Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- Username string
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- Vpc
Id string VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- Zone string
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
- availability
Domain String Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- bootstrap
Bucket StringName Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- bootstrap
Storage StringName Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- cloud
Type Integer Cloud Type.
- container
Folder String Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- egress
Interface String ID of Egress Interface created.
- egress
Subnet String Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- egress
Vpc StringId Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- fault
Domain String Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- String
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- firenet
Gw StringName Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- firewall
Image String One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- firewall
Image StringId Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- firewall
Image StringVersion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- firewall
Name String Name of the firewall instance to be created.
- firewall
Size String Instance size of the firewall. Example: "m5.xlarge".
- gcp
Vpc StringId GCP Only. The current VPC ID.
- iam
Role String Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- instance
Id String ID of the firewall instance created.
- key
Name String Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- lan
Interface String ID of Lan Interface created.
- management
Interface String ID of Management Interface created.
- management
Subnet String Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- management
Vpc StringId Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- password String
Applicable to Azure or AzureGov deployment only.
- public
Ip String Management Public IP.
- sas
Url StringConfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- sas
Url StringLicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- String
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- sic
Key String Advanced option. Sic key. Applicable to Check Point Series deployment only.
- ssh
Public StringKey Applicable to Azure or AzureGov deployment only.
- storage
Access StringKey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Map<String,String>
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- user
Data String Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- username String
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- vpc
Id String VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- zone String
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
- availability
Domain string Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- bootstrap
Bucket stringName Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- bootstrap
Storage stringName Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- cloud
Type number Cloud Type.
- container
Folder string Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- egress
Interface string ID of Egress Interface created.
- egress
Subnet string Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- egress
Vpc stringId Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- fault
Domain string Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- string
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- firenet
Gw stringName Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- firewall
Image string One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- firewall
Image stringId Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- firewall
Image stringVersion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- firewall
Name string Name of the firewall instance to be created.
- firewall
Size string Instance size of the firewall. Example: "m5.xlarge".
- gcp
Vpc stringId GCP Only. The current VPC ID.
- iam
Role string Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- instance
Id string ID of the firewall instance created.
- key
Name string Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- lan
Interface string ID of Lan Interface created.
- management
Interface string ID of Management Interface created.
- management
Subnet string Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- management
Vpc stringId Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- password string
Applicable to Azure or AzureGov deployment only.
- public
Ip string Management Public IP.
- sas
Url stringConfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- sas
Url stringLicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- string
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- sic
Key string Advanced option. Sic key. Applicable to Check Point Series deployment only.
- ssh
Public stringKey Applicable to Azure or AzureGov deployment only.
- storage
Access stringKey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- {[key: string]: string}
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- user
Data string Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- username string
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- vpc
Id string VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- zone string
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
- availability_
domain str Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- bootstrap_
bucket_ strname Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- bootstrap_
storage_ strname Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- cloud_
type int Cloud Type.
- container_
folder str Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- egress_
interface str ID of Egress Interface created.
- egress_
subnet str Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- egress_
vpc_ strid Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- fault_
domain str Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- str
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- firenet_
gw_ strname Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- firewall_
image str One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- firewall_
image_ strid Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- firewall_
image_ strversion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- firewall_
name str Name of the firewall instance to be created.
- firewall_
size str Instance size of the firewall. Example: "m5.xlarge".
- gcp_
vpc_ strid GCP Only. The current VPC ID.
- iam_
role str Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- instance_
id str ID of the firewall instance created.
- key_
name str Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- lan_
interface str ID of Lan Interface created.
- management_
interface str ID of Management Interface created.
- management_
subnet str Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- management_
vpc_ strid Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- password str
Applicable to Azure or AzureGov deployment only.
- public_
ip str Management Public IP.
- sas_
url_ strconfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- sas_
url_ strlicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- str
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- sic_
key str Advanced option. Sic key. Applicable to Check Point Series deployment only.
- ssh_
public_ strkey Applicable to Azure or AzureGov deployment only.
- storage_
access_ strkey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Mapping[str, str]
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- user_
data str Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- username str
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- vpc_
id str VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- zone str
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
- availability
Domain String Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- bootstrap
Bucket StringName Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.
- bootstrap
Storage StringName Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.
- cloud
Type Number Cloud Type.
- container
Folder String Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- egress
Interface String ID of Egress Interface created.
- egress
Subnet String Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP,
egress_subnet
must be in the formcidr~~region~~name
.- egress
Vpc StringId Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.
- fault
Domain String Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.
- String
Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- firenet
Gw StringName Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.
- firewall
Image String One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.
- firewall
Image StringId Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.
- firewall
Image StringVersion Version of firewall image. If not specified, Controller will automatically select the latest version available.
- firewall
Name String Name of the firewall instance to be created.
- firewall
Size String Instance size of the firewall. Example: "m5.xlarge".
- gcp
Vpc StringId GCP Only. The current VPC ID.
- iam
Role String Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".
- instance
Id String ID of the firewall instance created.
- key
Name String Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.
- lan
Interface String ID of Lan Interface created.
- management
Interface String ID of Management Interface created.
- management
Subnet String Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP,
management_subnet
must be in the formcidr~~region~~name
. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.- management
Vpc StringId Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.
- password String
Applicable to Azure or AzureGov deployment only.
- public
Ip String Management Public IP.
- sas
Url StringConfig Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- sas
Url StringLicense Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.
- String
Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- sic
Key String Advanced option. Sic key. Applicable to Check Point Series deployment only.
- ssh
Public StringKey Applicable to Azure or AzureGov deployment only.
- storage
Access StringKey Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.
- Map<String>
Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.
- user
Data String Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.
- username String
Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.
- vpc
Id String VPC ID of the Security VPC. For GCP,
vpc_id
must be in the form vpc_id~-~gcloud_project_id.- zone String
Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.
Import
firewall_instance can be imported using the instance_id
. For Azure or AzureGov FireNet instances, the value will be the firewall_name
concatenated with a “:” and the Resource Group of the vpc_id
set for that instance. e.g.
$ pulumi import aviatrix:index/aviatrixFirewallInstance:AviatrixFirewallInstance test instance_id
Package Details
- Repository
- aviatrix astipkovits/pulumi-aviatrix
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aviatrix
Terraform Provider.