aviatrix logo
Aviatrix v0.0.10, Jan 21 23

aviatrix.AviatrixVpnProfile

Explore with Pulumi AI

The aviatrix_vpn_profile resource allows the creation and management of Aviatrix VPN user profiles.

NOTE: As of R2.15, management of user/profile attachment can be set using manage_user_attachment. This argument must be set to true in either aviatrix_vpn_user or aviatrix_vpn_profile. If attachment is managed in the aviatrix_vpn_profile (set to true), it must be set to false in the aviatrix_vpn_user resource and vice versa.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Aviatrix = Pulumi.Aviatrix;

return await Deployment.RunAsync(() => 
{
    // Create an Aviatrix AWS VPN User Profile
    var testVpnProfile = new Aviatrix.AviatrixVpnProfile("testVpnProfile", new()
    {
        BaseRule = "allow_all",
        Policies = new[]
        {
            new Aviatrix.Inputs.AviatrixVpnProfilePolicyArgs
            {
                Action = "deny",
                Port = "443",
                Proto = "tcp",
                Target = "10.0.0.0/32",
            },
            new Aviatrix.Inputs.AviatrixVpnProfilePolicyArgs
            {
                Action = "deny",
                Port = "443",
                Proto = "tcp",
                Target = "10.0.0.1/32",
            },
        },
        Users = new[]
        {
            "user1",
            "user2",
        },
    });

});
package main

import (
	"github.com/astipkovits/pulumi-aviatrix/sdk/go/aviatrix"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := aviatrix.NewAviatrixVpnProfile(ctx, "testVpnProfile", &aviatrix.AviatrixVpnProfileArgs{
			BaseRule: pulumi.String("allow_all"),
			Policies: AviatrixVpnProfilePolicyArray{
				&AviatrixVpnProfilePolicyArgs{
					Action: pulumi.String("deny"),
					Port:   pulumi.String("443"),
					Proto:  pulumi.String("tcp"),
					Target: pulumi.String("10.0.0.0/32"),
				},
				&AviatrixVpnProfilePolicyArgs{
					Action: pulumi.String("deny"),
					Port:   pulumi.String("443"),
					Proto:  pulumi.String("tcp"),
					Target: pulumi.String("10.0.0.1/32"),
				},
			},
			Users: pulumi.StringArray{
				pulumi.String("user1"),
				pulumi.String("user2"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aviatrix.AviatrixVpnProfile;
import com.pulumi.aviatrix.AviatrixVpnProfileArgs;
import com.pulumi.aviatrix.inputs.AviatrixVpnProfilePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var testVpnProfile = new AviatrixVpnProfile("testVpnProfile", AviatrixVpnProfileArgs.builder()        
            .baseRule("allow_all")
            .policies(            
                AviatrixVpnProfilePolicyArgs.builder()
                    .action("deny")
                    .port("443")
                    .proto("tcp")
                    .target("10.0.0.0/32")
                    .build(),
                AviatrixVpnProfilePolicyArgs.builder()
                    .action("deny")
                    .port("443")
                    .proto("tcp")
                    .target("10.0.0.1/32")
                    .build())
            .users(            
                "user1",
                "user2")
            .build());

    }
}
import pulumi
import pulumi_aviatrix as aviatrix

# Create an Aviatrix AWS VPN User Profile
test_vpn_profile = aviatrix.AviatrixVpnProfile("testVpnProfile",
    base_rule="allow_all",
    policies=[
        aviatrix.AviatrixVpnProfilePolicyArgs(
            action="deny",
            port="443",
            proto="tcp",
            target="10.0.0.0/32",
        ),
        aviatrix.AviatrixVpnProfilePolicyArgs(
            action="deny",
            port="443",
            proto="tcp",
            target="10.0.0.1/32",
        ),
    ],
    users=[
        "user1",
        "user2",
    ])
import * as pulumi from "@pulumi/pulumi";
import * as aviatrix from "@pulumi/aviatrix";

// Create an Aviatrix AWS VPN User Profile
const testVpnProfile = new aviatrix.AviatrixVpnProfile("test_vpn_profile", {
    baseRule: "allow_all",
    policies: [
        {
            action: "deny",
            port: "443",
            proto: "tcp",
            target: "10.0.0.0/32",
        },
        {
            action: "deny",
            port: "443",
            proto: "tcp",
            target: "10.0.0.1/32",
        },
    ],
    users: [
        "user1",
        "user2",
    ],
});
resources:
  # Create an Aviatrix AWS VPN User Profile
  testVpnProfile:
    type: aviatrix:AviatrixVpnProfile
    properties:
      baseRule: allow_all
      policies:
        - action: deny
          port: '443'
          proto: tcp
          target: 10.0.0.0/32
        - action: deny
          port: '443'
          proto: tcp
          target: 10.0.0.1/32
      users:
        - user1
        - user2

Create AviatrixVpnProfile Resource

new AviatrixVpnProfile(name: string, args?: AviatrixVpnProfileArgs, opts?: CustomResourceOptions);
@overload
def AviatrixVpnProfile(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       base_rule: Optional[str] = None,
                       manage_user_attachment: Optional[bool] = None,
                       name: Optional[str] = None,
                       policies: Optional[Sequence[AviatrixVpnProfilePolicyArgs]] = None,
                       users: Optional[Sequence[str]] = None)
@overload
def AviatrixVpnProfile(resource_name: str,
                       args: Optional[AviatrixVpnProfileArgs] = None,
                       opts: Optional[ResourceOptions] = None)
func NewAviatrixVpnProfile(ctx *Context, name string, args *AviatrixVpnProfileArgs, opts ...ResourceOption) (*AviatrixVpnProfile, error)
public AviatrixVpnProfile(string name, AviatrixVpnProfileArgs? args = null, CustomResourceOptions? opts = null)
public AviatrixVpnProfile(String name, AviatrixVpnProfileArgs args)
public AviatrixVpnProfile(String name, AviatrixVpnProfileArgs args, CustomResourceOptions options)
type: aviatrix:AviatrixVpnProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AviatrixVpnProfileArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AviatrixVpnProfileArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AviatrixVpnProfileArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AviatrixVpnProfileArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AviatrixVpnProfileArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AviatrixVpnProfile Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AviatrixVpnProfile resource accepts the following input properties:

BaseRule string

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

ManageUserAttachment bool

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

Name string

Enter any name for the VPN profile.

Policies List<AviatrixVpnProfilePolicyArgs>

New security policy for the profile. Each policy has the following attributes:

Users List<string>

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

BaseRule string

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

ManageUserAttachment bool

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

Name string

Enter any name for the VPN profile.

Policies []AviatrixVpnProfilePolicyArgs

New security policy for the profile. Each policy has the following attributes:

Users []string

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

baseRule String

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

manageUserAttachment Boolean

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

name String

Enter any name for the VPN profile.

policies List<AviatrixVpnProfilePolicyArgs>

New security policy for the profile. Each policy has the following attributes:

users List<String>

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

baseRule string

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

manageUserAttachment boolean

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

name string

Enter any name for the VPN profile.

policies AviatrixVpnProfilePolicyArgs[]

New security policy for the profile. Each policy has the following attributes:

users string[]

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

base_rule str

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

manage_user_attachment bool

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

name str

Enter any name for the VPN profile.

policies Sequence[AviatrixVpnProfilePolicyArgs]

New security policy for the profile. Each policy has the following attributes:

users Sequence[str]

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

baseRule String

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

manageUserAttachment Boolean

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

name String

Enter any name for the VPN profile.

policies List<Property Map>

New security policy for the profile. Each policy has the following attributes:

users List<String>

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

Outputs

All input properties are implicitly available as output properties. Additionally, the AviatrixVpnProfile resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing AviatrixVpnProfile Resource

Get an existing AviatrixVpnProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AviatrixVpnProfileState, opts?: CustomResourceOptions): AviatrixVpnProfile
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        base_rule: Optional[str] = None,
        manage_user_attachment: Optional[bool] = None,
        name: Optional[str] = None,
        policies: Optional[Sequence[AviatrixVpnProfilePolicyArgs]] = None,
        users: Optional[Sequence[str]] = None) -> AviatrixVpnProfile
func GetAviatrixVpnProfile(ctx *Context, name string, id IDInput, state *AviatrixVpnProfileState, opts ...ResourceOption) (*AviatrixVpnProfile, error)
public static AviatrixVpnProfile Get(string name, Input<string> id, AviatrixVpnProfileState? state, CustomResourceOptions? opts = null)
public static AviatrixVpnProfile get(String name, Output<String> id, AviatrixVpnProfileState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
BaseRule string

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

ManageUserAttachment bool

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

Name string

Enter any name for the VPN profile.

Policies List<AviatrixVpnProfilePolicyArgs>

New security policy for the profile. Each policy has the following attributes:

Users List<string>

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

BaseRule string

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

ManageUserAttachment bool

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

Name string

Enter any name for the VPN profile.

Policies []AviatrixVpnProfilePolicyArgs

New security policy for the profile. Each policy has the following attributes:

Users []string

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

baseRule String

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

manageUserAttachment Boolean

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

name String

Enter any name for the VPN profile.

policies List<AviatrixVpnProfilePolicyArgs>

New security policy for the profile. Each policy has the following attributes:

users List<String>

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

baseRule string

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

manageUserAttachment boolean

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

name string

Enter any name for the VPN profile.

policies AviatrixVpnProfilePolicyArgs[]

New security policy for the profile. Each policy has the following attributes:

users string[]

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

base_rule str

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

manage_user_attachment bool

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

name str

Enter any name for the VPN profile.

policies Sequence[AviatrixVpnProfilePolicyArgs]

New security policy for the profile. Each policy has the following attributes:

users Sequence[str]

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

baseRule String

Base policy rule of the profile to be added. Enter "allow_all" or "deny_all", based on whether you want a whitelist or blacklist.

manageUserAttachment Boolean

This parameter is a switch used to determine whether or not to manage VPN user attachments to the VPN profile using this resource. If this is set to false, attachment must be managed using the aviatrix_vpn_user resource. Valid values: true, false. Default value: true.

name String

Enter any name for the VPN profile.

policies List<Property Map>

New security policy for the profile. Each policy has the following attributes:

users List<String>

List of VPN users to attach to this profile. This should be set to null if manage_user_attachment is set to false.

Supporting Types

AviatrixVpnProfilePolicy

Action string

Should be the opposite of the base rule for correct behavior. Valid values for action: "allow", "deny".

Port string

Port to be allowed or denied. Valid values for port: a single port or a range of port numbers e.g.: "25", "25:1024". For "all" and "icmp", port should only be "0:65535".

Proto string

Protocol to allow or deny. Valid values for protocol: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp".

Target string

CIDR to be allowed or denied. Valid values for target: IPv4 CIDRs. Example: "10.30.0.0/16".

Action string

Should be the opposite of the base rule for correct behavior. Valid values for action: "allow", "deny".

Port string

Port to be allowed or denied. Valid values for port: a single port or a range of port numbers e.g.: "25", "25:1024". For "all" and "icmp", port should only be "0:65535".

Proto string

Protocol to allow or deny. Valid values for protocol: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp".

Target string

CIDR to be allowed or denied. Valid values for target: IPv4 CIDRs. Example: "10.30.0.0/16".

action String

Should be the opposite of the base rule for correct behavior. Valid values for action: "allow", "deny".

port String

Port to be allowed or denied. Valid values for port: a single port or a range of port numbers e.g.: "25", "25:1024". For "all" and "icmp", port should only be "0:65535".

proto String

Protocol to allow or deny. Valid values for protocol: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp".

target String

CIDR to be allowed or denied. Valid values for target: IPv4 CIDRs. Example: "10.30.0.0/16".

action string

Should be the opposite of the base rule for correct behavior. Valid values for action: "allow", "deny".

port string

Port to be allowed or denied. Valid values for port: a single port or a range of port numbers e.g.: "25", "25:1024". For "all" and "icmp", port should only be "0:65535".

proto string

Protocol to allow or deny. Valid values for protocol: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp".

target string

CIDR to be allowed or denied. Valid values for target: IPv4 CIDRs. Example: "10.30.0.0/16".

action str

Should be the opposite of the base rule for correct behavior. Valid values for action: "allow", "deny".

port str

Port to be allowed or denied. Valid values for port: a single port or a range of port numbers e.g.: "25", "25:1024". For "all" and "icmp", port should only be "0:65535".

proto str

Protocol to allow or deny. Valid values for protocol: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp".

target str

CIDR to be allowed or denied. Valid values for target: IPv4 CIDRs. Example: "10.30.0.0/16".

action String

Should be the opposite of the base rule for correct behavior. Valid values for action: "allow", "deny".

port String

Port to be allowed or denied. Valid values for port: a single port or a range of port numbers e.g.: "25", "25:1024". For "all" and "icmp", port should only be "0:65535".

proto String

Protocol to allow or deny. Valid values for protocol: "all", "tcp", "udp", "icmp", "sctp", "rdp", "dccp".

target String

CIDR to be allowed or denied. Valid values for target: IPv4 CIDRs. Example: "10.30.0.0/16".

Import

vpn_profile can be imported using the VPN profile’s name, e.g.

 $ pulumi import aviatrix:index/aviatrixVpnProfile:AviatrixVpnProfile test name

Package Details

Repository
aviatrix astipkovits/pulumi-aviatrix
License
Apache-2.0
Notes

This Pulumi package is based on the aviatrix Terraform Provider.