aviatrix logo
Aviatrix v0.0.10, Jan 21 23

aviatrix.AviatrixFirewallInstance

The aviatrix_firewall_instance resource allows the creation and management of Aviatrix Firewall Instances.

This resource is used in Aviatrix FireNet and Aviatrix Transit FireNet solutions, in conjunction with other resources that may include, and are not limited to: firenet, firewall_instance_association, aws_tgw and transit_gateway resources.

Create AviatrixFirewallInstance Resource

new AviatrixFirewallInstance(name: string, args: AviatrixFirewallInstanceArgs, opts?: CustomResourceOptions);
@overload
def AviatrixFirewallInstance(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             availability_domain: Optional[str] = None,
                             bootstrap_bucket_name: Optional[str] = None,
                             bootstrap_storage_name: Optional[str] = None,
                             container_folder: Optional[str] = None,
                             egress_subnet: Optional[str] = None,
                             egress_vpc_id: Optional[str] = None,
                             fault_domain: Optional[str] = None,
                             file_share_folder: Optional[str] = None,
                             firenet_gw_name: Optional[str] = None,
                             firewall_image: Optional[str] = None,
                             firewall_image_id: Optional[str] = None,
                             firewall_image_version: Optional[str] = None,
                             firewall_name: Optional[str] = None,
                             firewall_size: Optional[str] = None,
                             iam_role: Optional[str] = None,
                             key_name: Optional[str] = None,
                             management_subnet: Optional[str] = None,
                             management_vpc_id: Optional[str] = None,
                             password: Optional[str] = None,
                             sas_url_config: Optional[str] = None,
                             sas_url_license: Optional[str] = None,
                             share_directory: Optional[str] = None,
                             sic_key: Optional[str] = None,
                             ssh_public_key: Optional[str] = None,
                             storage_access_key: Optional[str] = None,
                             tags: Optional[Mapping[str, str]] = None,
                             user_data: Optional[str] = None,
                             username: Optional[str] = None,
                             vpc_id: Optional[str] = None,
                             zone: Optional[str] = None)
@overload
def AviatrixFirewallInstance(resource_name: str,
                             args: AviatrixFirewallInstanceArgs,
                             opts: Optional[ResourceOptions] = None)
func NewAviatrixFirewallInstance(ctx *Context, name string, args AviatrixFirewallInstanceArgs, opts ...ResourceOption) (*AviatrixFirewallInstance, error)
public AviatrixFirewallInstance(string name, AviatrixFirewallInstanceArgs args, CustomResourceOptions? opts = null)
public AviatrixFirewallInstance(String name, AviatrixFirewallInstanceArgs args)
public AviatrixFirewallInstance(String name, AviatrixFirewallInstanceArgs args, CustomResourceOptions options)
type: aviatrix:AviatrixFirewallInstance
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AviatrixFirewallInstanceArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AviatrixFirewallInstanceArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AviatrixFirewallInstanceArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AviatrixFirewallInstanceArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AviatrixFirewallInstanceArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AviatrixFirewallInstance Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AviatrixFirewallInstance resource accepts the following input properties:

EgressSubnet string

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

FirewallImage string

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

FirewallName string

Name of the firewall instance to be created.

FirewallSize string

Instance size of the firewall. Example: "m5.xlarge".

VpcId string

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

BootstrapBucketName string

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

BootstrapStorageName string

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

ContainerFolder string

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

EgressVpcId string

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FileShareFolder string

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

FirenetGwName string

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

FirewallImageId string

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

FirewallImageVersion string

Version of firewall image. If not specified, Controller will automatically select the latest version available.

IamRole string

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

KeyName string

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

ManagementSubnet string

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

ManagementVpcId string

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

Password string

Applicable to Azure or AzureGov deployment only.

SasUrlConfig string

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

SasUrlLicense string

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

ShareDirectory string

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

SicKey string

Advanced option. Sic key. Applicable to Check Point Series deployment only.

SshPublicKey string

Applicable to Azure or AzureGov deployment only.

StorageAccessKey string

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

Tags Dictionary<string, string>

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

UserData string

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

Username string

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

Zone string

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

EgressSubnet string

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

FirewallImage string

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

FirewallName string

Name of the firewall instance to be created.

FirewallSize string

Instance size of the firewall. Example: "m5.xlarge".

VpcId string

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

BootstrapBucketName string

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

BootstrapStorageName string

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

ContainerFolder string

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

EgressVpcId string

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FileShareFolder string

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

FirenetGwName string

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

FirewallImageId string

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

FirewallImageVersion string

Version of firewall image. If not specified, Controller will automatically select the latest version available.

IamRole string

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

KeyName string

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

ManagementSubnet string

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

ManagementVpcId string

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

Password string

Applicable to Azure or AzureGov deployment only.

SasUrlConfig string

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

SasUrlLicense string

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

ShareDirectory string

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

SicKey string

Advanced option. Sic key. Applicable to Check Point Series deployment only.

SshPublicKey string

Applicable to Azure or AzureGov deployment only.

StorageAccessKey string

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

Tags map[string]string

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

UserData string

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

Username string

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

Zone string

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

egressSubnet String

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

firewallImage String

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

firewallName String

Name of the firewall instance to be created.

firewallSize String

Instance size of the firewall. Example: "m5.xlarge".

vpcId String

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

bootstrapBucketName String

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

bootstrapStorageName String

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

containerFolder String

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

egressVpcId String

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fileShareFolder String

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

firenetGwName String

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

firewallImageId String

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

firewallImageVersion String

Version of firewall image. If not specified, Controller will automatically select the latest version available.

iamRole String

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

keyName String

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

managementSubnet String

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

managementVpcId String

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

password String

Applicable to Azure or AzureGov deployment only.

sasUrlConfig String

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

sasUrlLicense String

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

shareDirectory String

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

sicKey String

Advanced option. Sic key. Applicable to Check Point Series deployment only.

sshPublicKey String

Applicable to Azure or AzureGov deployment only.

storageAccessKey String

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

tags Map<String,String>

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

userData String

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

username String

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

zone String

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

egressSubnet string

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

firewallImage string

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

firewallName string

Name of the firewall instance to be created.

firewallSize string

Instance size of the firewall. Example: "m5.xlarge".

vpcId string

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

availabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

bootstrapBucketName string

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

bootstrapStorageName string

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

containerFolder string

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

egressVpcId string

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

faultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fileShareFolder string

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

firenetGwName string

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

firewallImageId string

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

firewallImageVersion string

Version of firewall image. If not specified, Controller will automatically select the latest version available.

iamRole string

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

keyName string

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

managementSubnet string

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

managementVpcId string

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

password string

Applicable to Azure or AzureGov deployment only.

sasUrlConfig string

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

sasUrlLicense string

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

shareDirectory string

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

sicKey string

Advanced option. Sic key. Applicable to Check Point Series deployment only.

sshPublicKey string

Applicable to Azure or AzureGov deployment only.

storageAccessKey string

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

tags {[key: string]: string}

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

userData string

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

username string

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

zone string

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

egress_subnet str

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

firewall_image str

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

firewall_name str

Name of the firewall instance to be created.

firewall_size str

Instance size of the firewall. Example: "m5.xlarge".

vpc_id str

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

availability_domain str

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

bootstrap_bucket_name str

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

bootstrap_storage_name str

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

container_folder str

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

egress_vpc_id str

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

fault_domain str

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

file_share_folder str

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

firenet_gw_name str

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

firewall_image_id str

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

firewall_image_version str

Version of firewall image. If not specified, Controller will automatically select the latest version available.

iam_role str

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

key_name str

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

management_subnet str

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

management_vpc_id str

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

password str

Applicable to Azure or AzureGov deployment only.

sas_url_config str

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

sas_url_license str

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

share_directory str

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

sic_key str

Advanced option. Sic key. Applicable to Check Point Series deployment only.

ssh_public_key str

Applicable to Azure or AzureGov deployment only.

storage_access_key str

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

tags Mapping[str, str]

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

user_data str

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

username str

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

zone str

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

egressSubnet String

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

firewallImage String

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

firewallName String

Name of the firewall instance to be created.

firewallSize String

Instance size of the firewall. Example: "m5.xlarge".

vpcId String

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

bootstrapBucketName String

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

bootstrapStorageName String

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

containerFolder String

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

egressVpcId String

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fileShareFolder String

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

firenetGwName String

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

firewallImageId String

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

firewallImageVersion String

Version of firewall image. If not specified, Controller will automatically select the latest version available.

iamRole String

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

keyName String

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

managementSubnet String

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

managementVpcId String

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

password String

Applicable to Azure or AzureGov deployment only.

sasUrlConfig String

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

sasUrlLicense String

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

shareDirectory String

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

sicKey String

Advanced option. Sic key. Applicable to Check Point Series deployment only.

sshPublicKey String

Applicable to Azure or AzureGov deployment only.

storageAccessKey String

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

tags Map<String>

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

userData String

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

username String

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

zone String

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

Outputs

All input properties are implicitly available as output properties. Additionally, the AviatrixFirewallInstance resource produces the following output properties:

CloudType int

Cloud Type.

EgressInterface string

ID of Egress Interface created.

GcpVpcId string

GCP Only. The current VPC ID.

Id string

The provider-assigned unique ID for this managed resource.

InstanceId string

ID of the firewall instance created.

LanInterface string

ID of Lan Interface created.

ManagementInterface string

ID of Management Interface created.

PublicIp string

Management Public IP.

CloudType int

Cloud Type.

EgressInterface string

ID of Egress Interface created.

GcpVpcId string

GCP Only. The current VPC ID.

Id string

The provider-assigned unique ID for this managed resource.

InstanceId string

ID of the firewall instance created.

LanInterface string

ID of Lan Interface created.

ManagementInterface string

ID of Management Interface created.

PublicIp string

Management Public IP.

cloudType Integer

Cloud Type.

egressInterface String

ID of Egress Interface created.

gcpVpcId String

GCP Only. The current VPC ID.

id String

The provider-assigned unique ID for this managed resource.

instanceId String

ID of the firewall instance created.

lanInterface String

ID of Lan Interface created.

managementInterface String

ID of Management Interface created.

publicIp String

Management Public IP.

cloudType number

Cloud Type.

egressInterface string

ID of Egress Interface created.

gcpVpcId string

GCP Only. The current VPC ID.

id string

The provider-assigned unique ID for this managed resource.

instanceId string

ID of the firewall instance created.

lanInterface string

ID of Lan Interface created.

managementInterface string

ID of Management Interface created.

publicIp string

Management Public IP.

cloud_type int

Cloud Type.

egress_interface str

ID of Egress Interface created.

gcp_vpc_id str

GCP Only. The current VPC ID.

id str

The provider-assigned unique ID for this managed resource.

instance_id str

ID of the firewall instance created.

lan_interface str

ID of Lan Interface created.

management_interface str

ID of Management Interface created.

public_ip str

Management Public IP.

cloudType Number

Cloud Type.

egressInterface String

ID of Egress Interface created.

gcpVpcId String

GCP Only. The current VPC ID.

id String

The provider-assigned unique ID for this managed resource.

instanceId String

ID of the firewall instance created.

lanInterface String

ID of Lan Interface created.

managementInterface String

ID of Management Interface created.

publicIp String

Management Public IP.

Look up Existing AviatrixFirewallInstance Resource

Get an existing AviatrixFirewallInstance resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AviatrixFirewallInstanceState, opts?: CustomResourceOptions): AviatrixFirewallInstance
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        availability_domain: Optional[str] = None,
        bootstrap_bucket_name: Optional[str] = None,
        bootstrap_storage_name: Optional[str] = None,
        cloud_type: Optional[int] = None,
        container_folder: Optional[str] = None,
        egress_interface: Optional[str] = None,
        egress_subnet: Optional[str] = None,
        egress_vpc_id: Optional[str] = None,
        fault_domain: Optional[str] = None,
        file_share_folder: Optional[str] = None,
        firenet_gw_name: Optional[str] = None,
        firewall_image: Optional[str] = None,
        firewall_image_id: Optional[str] = None,
        firewall_image_version: Optional[str] = None,
        firewall_name: Optional[str] = None,
        firewall_size: Optional[str] = None,
        gcp_vpc_id: Optional[str] = None,
        iam_role: Optional[str] = None,
        instance_id: Optional[str] = None,
        key_name: Optional[str] = None,
        lan_interface: Optional[str] = None,
        management_interface: Optional[str] = None,
        management_subnet: Optional[str] = None,
        management_vpc_id: Optional[str] = None,
        password: Optional[str] = None,
        public_ip: Optional[str] = None,
        sas_url_config: Optional[str] = None,
        sas_url_license: Optional[str] = None,
        share_directory: Optional[str] = None,
        sic_key: Optional[str] = None,
        ssh_public_key: Optional[str] = None,
        storage_access_key: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        user_data: Optional[str] = None,
        username: Optional[str] = None,
        vpc_id: Optional[str] = None,
        zone: Optional[str] = None) -> AviatrixFirewallInstance
func GetAviatrixFirewallInstance(ctx *Context, name string, id IDInput, state *AviatrixFirewallInstanceState, opts ...ResourceOption) (*AviatrixFirewallInstance, error)
public static AviatrixFirewallInstance Get(string name, Input<string> id, AviatrixFirewallInstanceState? state, CustomResourceOptions? opts = null)
public static AviatrixFirewallInstance get(String name, Output<String> id, AviatrixFirewallInstanceState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

BootstrapBucketName string

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

BootstrapStorageName string

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

CloudType int

Cloud Type.

ContainerFolder string

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

EgressInterface string

ID of Egress Interface created.

EgressSubnet string

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

EgressVpcId string

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FileShareFolder string

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

FirenetGwName string

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

FirewallImage string

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

FirewallImageId string

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

FirewallImageVersion string

Version of firewall image. If not specified, Controller will automatically select the latest version available.

FirewallName string

Name of the firewall instance to be created.

FirewallSize string

Instance size of the firewall. Example: "m5.xlarge".

GcpVpcId string

GCP Only. The current VPC ID.

IamRole string

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

InstanceId string

ID of the firewall instance created.

KeyName string

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

LanInterface string

ID of Lan Interface created.

ManagementInterface string

ID of Management Interface created.

ManagementSubnet string

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

ManagementVpcId string

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

Password string

Applicable to Azure or AzureGov deployment only.

PublicIp string

Management Public IP.

SasUrlConfig string

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

SasUrlLicense string

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

ShareDirectory string

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

SicKey string

Advanced option. Sic key. Applicable to Check Point Series deployment only.

SshPublicKey string

Applicable to Azure or AzureGov deployment only.

StorageAccessKey string

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

Tags Dictionary<string, string>

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

UserData string

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

Username string

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

VpcId string

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

Zone string

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

AvailabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

BootstrapBucketName string

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

BootstrapStorageName string

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

CloudType int

Cloud Type.

ContainerFolder string

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

EgressInterface string

ID of Egress Interface created.

EgressSubnet string

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

EgressVpcId string

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

FaultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

FileShareFolder string

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

FirenetGwName string

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

FirewallImage string

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

FirewallImageId string

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

FirewallImageVersion string

Version of firewall image. If not specified, Controller will automatically select the latest version available.

FirewallName string

Name of the firewall instance to be created.

FirewallSize string

Instance size of the firewall. Example: "m5.xlarge".

GcpVpcId string

GCP Only. The current VPC ID.

IamRole string

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

InstanceId string

ID of the firewall instance created.

KeyName string

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

LanInterface string

ID of Lan Interface created.

ManagementInterface string

ID of Management Interface created.

ManagementSubnet string

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

ManagementVpcId string

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

Password string

Applicable to Azure or AzureGov deployment only.

PublicIp string

Management Public IP.

SasUrlConfig string

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

SasUrlLicense string

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

ShareDirectory string

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

SicKey string

Advanced option. Sic key. Applicable to Check Point Series deployment only.

SshPublicKey string

Applicable to Azure or AzureGov deployment only.

StorageAccessKey string

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

Tags map[string]string

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

UserData string

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

Username string

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

VpcId string

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

Zone string

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

bootstrapBucketName String

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

bootstrapStorageName String

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

cloudType Integer

Cloud Type.

containerFolder String

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

egressInterface String

ID of Egress Interface created.

egressSubnet String

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

egressVpcId String

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fileShareFolder String

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

firenetGwName String

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

firewallImage String

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

firewallImageId String

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

firewallImageVersion String

Version of firewall image. If not specified, Controller will automatically select the latest version available.

firewallName String

Name of the firewall instance to be created.

firewallSize String

Instance size of the firewall. Example: "m5.xlarge".

gcpVpcId String

GCP Only. The current VPC ID.

iamRole String

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

instanceId String

ID of the firewall instance created.

keyName String

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

lanInterface String

ID of Lan Interface created.

managementInterface String

ID of Management Interface created.

managementSubnet String

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

managementVpcId String

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

password String

Applicable to Azure or AzureGov deployment only.

publicIp String

Management Public IP.

sasUrlConfig String

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

sasUrlLicense String

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

shareDirectory String

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

sicKey String

Advanced option. Sic key. Applicable to Check Point Series deployment only.

sshPublicKey String

Applicable to Azure or AzureGov deployment only.

storageAccessKey String

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

tags Map<String,String>

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

userData String

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

username String

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

vpcId String

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

zone String

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

availabilityDomain string

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

bootstrapBucketName string

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

bootstrapStorageName string

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

cloudType number

Cloud Type.

containerFolder string

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

egressInterface string

ID of Egress Interface created.

egressSubnet string

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

egressVpcId string

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

faultDomain string

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fileShareFolder string

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

firenetGwName string

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

firewallImage string

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

firewallImageId string

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

firewallImageVersion string

Version of firewall image. If not specified, Controller will automatically select the latest version available.

firewallName string

Name of the firewall instance to be created.

firewallSize string

Instance size of the firewall. Example: "m5.xlarge".

gcpVpcId string

GCP Only. The current VPC ID.

iamRole string

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

instanceId string

ID of the firewall instance created.

keyName string

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

lanInterface string

ID of Lan Interface created.

managementInterface string

ID of Management Interface created.

managementSubnet string

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

managementVpcId string

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

password string

Applicable to Azure or AzureGov deployment only.

publicIp string

Management Public IP.

sasUrlConfig string

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

sasUrlLicense string

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

shareDirectory string

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

sicKey string

Advanced option. Sic key. Applicable to Check Point Series deployment only.

sshPublicKey string

Applicable to Azure or AzureGov deployment only.

storageAccessKey string

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

tags {[key: string]: string}

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

userData string

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

username string

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

vpcId string

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

zone string

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

availability_domain str

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

bootstrap_bucket_name str

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

bootstrap_storage_name str

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

cloud_type int

Cloud Type.

container_folder str

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

egress_interface str

ID of Egress Interface created.

egress_subnet str

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

egress_vpc_id str

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

fault_domain str

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

file_share_folder str

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

firenet_gw_name str

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

firewall_image str

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

firewall_image_id str

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

firewall_image_version str

Version of firewall image. If not specified, Controller will automatically select the latest version available.

firewall_name str

Name of the firewall instance to be created.

firewall_size str

Instance size of the firewall. Example: "m5.xlarge".

gcp_vpc_id str

GCP Only. The current VPC ID.

iam_role str

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

instance_id str

ID of the firewall instance created.

key_name str

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

lan_interface str

ID of Lan Interface created.

management_interface str

ID of Management Interface created.

management_subnet str

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

management_vpc_id str

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

password str

Applicable to Azure or AzureGov deployment only.

public_ip str

Management Public IP.

sas_url_config str

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

sas_url_license str

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

share_directory str

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

sic_key str

Advanced option. Sic key. Applicable to Check Point Series deployment only.

ssh_public_key str

Applicable to Azure or AzureGov deployment only.

storage_access_key str

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

tags Mapping[str, str]

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

user_data str

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

username str

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

vpc_id str

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

zone str

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

availabilityDomain String

Availability domain. Required and valid only for OCI. Available as of provider version R2.19.3.

bootstrapBucketName String

Only available for AWS and GCP. For GCP, only Palo Alto Networks VM-Series deployment can use this attribute. In advanced mode, specify a bootstrap bucket name where the initial configuration and policy file is stored.

bootstrapStorageName String

Advanced option. Bootstrap storage name. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series/Fortinet Series deployment only. Available as of provider version R2.17.1+.

cloudType Number

Cloud Type.

containerFolder String

Advanced option. Container folder. Applicable to Azure or AzureGov and Fortinet Series deployment only.

egressInterface String

ID of Egress Interface created.

egressSubnet String

Egress Interface Subnet. Select the subnet whose name contains “FW-ingress-egress”. For GCP, egress_subnet must be in the form cidr~~region~~name.

egressVpcId String

Egress VPC ID. Required for GCP. Available as of provider version R2.18.1+.

faultDomain String

Fault domain. Required and valid only for OCI. Available as of provider version R2.19.3.

fileShareFolder String

Advanced option. File share folder. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

firenetGwName String

Name of the primary FireNet gateway. Required for all FireNet deployments that do not utilize the TGW-Integrated FireNet with AWS Native GWLB VPC.

firewallImage String

One of the AWS/Azure/GCP AMIs from various vendors such as Palo Alto Networks.

firewallImageId String

Firewall image ID. Applicable to AWS and Azure only. For AWS, please use AMI ID. For Azure, the format is “Publisher:Offer:Plan:Version”. Available as of provider version R2.19+.

firewallImageVersion String

Version of firewall image. If not specified, Controller will automatically select the latest version available.

firewallName String

Name of the firewall instance to be created.

firewallSize String

Instance size of the firewall. Example: "m5.xlarge".

gcpVpcId String

GCP Only. The current VPC ID.

iamRole String

Only available for AWS. In advanced mode, create an IAM Role on the AWS account that launched the FireNet gateway. Create a policy to attach to the role. The policy is to allow access to "Bootstrap Bucket".

instanceId String

ID of the firewall instance created.

keyName String

Applicable to AWS deployment only. AWS Key Pair name. If not provided a Key Pair will be generated.

lanInterface String

ID of Lan Interface created.

managementInterface String

ID of Management Interface created.

managementSubnet String

Management Interface Subnet. Select the subnet whose name contains “gateway and firewall management”. For GCP, management_subnet must be in the form cidr~~region~~name. Required for Palo Alto Networks VM-Series and OCI Check Point firewalls. Otherwise, it must be empty.

managementVpcId String

Management VPC ID. Only used for GCP firewall. Required for Palo Alto Networks VM-Series, and required to be empty for Check Point or Fortinet series. Available as of provider version R2.18.1+.

password String

Applicable to Azure or AzureGov deployment only.

publicIp String

Management Public IP.

sasUrlConfig String

Advanced option. SAS URL Config. Applicable to Azure or AzureGov and Fortinet Series deployment only.

sasUrlLicense String

Advanced option. SAS URL License. Applicable to Azure or AzureGov and Fortinet Series deployment only.

shareDirectory String

Advanced option. Share directory. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

sicKey String

Advanced option. Sic key. Applicable to Check Point Series deployment only.

sshPublicKey String

Applicable to Azure or AzureGov deployment only.

storageAccessKey String

Advanced option. Storage access key. Applicable to Azure or AzureGov and Palo Alto Networks VM-Series deployment only. Available as of provider version R2.17.1+.

tags Map<String>

Mapping of key value pairs of tags for a firewall instance. Only available for AWS, AWSGov, GCP and Azure firewall instances. For AWS, AWSGov and Azure allowed characters are: letters, spaces, and numbers plus the following special characters: + - = . _ : @. For GCP allowed characters are: lowercase letters, numbers, "-" and "_". Example: {"key1" = "value1", "key2" = "value2"}.

userData String

Advanced option. User Data. Applicable to Check Point Series and Fortinet Series deployment only. Type: String.

username String

Applicable to Azure or AzureGov deployment only. "admin" as a username is not accepted.

vpcId String

VPC ID of the Security VPC. For GCP, vpc_id must be in the form vpc_id~-~gcloud_project_id.

zone String

Availability Zone. Required if creating a Firewall Instance with a Native AWS GWLB-enabled VPC. Applicable to AWS, Azure, and GCP only. Available as of provider version R2.17+.

Import

firewall_instance can be imported using the instance_id. For Azure or AzureGov FireNet instances, the value will be the firewall_name concatenated with a “:” and the Resource Group of the vpc_id set for that instance. e.g.

 $ pulumi import aviatrix:index/aviatrixFirewallInstance:AviatrixFirewallInstance test instance_id

Package Details

Repository
aviatrix astipkovits/pulumi-aviatrix
License
Apache-2.0
Notes

This Pulumi package is based on the aviatrix Terraform Provider.