We recommend using Azure Native.
azure.network.Firewall
Explore with Pulumi AI
Manages an Azure Firewall.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
{
Location = "West Europe",
});
var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("exampleVirtualNetwork", new()
{
AddressSpaces = new[]
{
"10.0.0.0/16",
},
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
});
var exampleSubnet = new Azure.Network.Subnet("exampleSubnet", new()
{
ResourceGroupName = exampleResourceGroup.Name,
VirtualNetworkName = exampleVirtualNetwork.Name,
AddressPrefixes = new[]
{
"10.0.1.0/24",
},
});
var examplePublicIp = new Azure.Network.PublicIp("examplePublicIp", new()
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
AllocationMethod = "Static",
Sku = "Standard",
});
var exampleFirewall = new Azure.Network.Firewall("exampleFirewall", new()
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
SkuName = "AZFW_VNet",
SkuTier = "Standard",
IpConfigurations = new[]
{
new Azure.Network.Inputs.FirewallIpConfigurationArgs
{
Name = "configuration",
SubnetId = exampleSubnet.Id,
PublicIpAddressId = examplePublicIp.Id,
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "exampleVirtualNetwork", &network.VirtualNetworkArgs{
AddressSpaces: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
},
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
})
if err != nil {
return err
}
exampleSubnet, err := network.NewSubnet(ctx, "exampleSubnet", &network.SubnetArgs{
ResourceGroupName: exampleResourceGroup.Name,
VirtualNetworkName: exampleVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
},
})
if err != nil {
return err
}
examplePublicIp, err := network.NewPublicIp(ctx, "examplePublicIp", &network.PublicIpArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
AllocationMethod: pulumi.String("Static"),
Sku: pulumi.String("Standard"),
})
if err != nil {
return err
}
_, err = network.NewFirewall(ctx, "exampleFirewall", &network.FirewallArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
SkuName: pulumi.String("AZFW_VNet"),
SkuTier: pulumi.String("Standard"),
IpConfigurations: network.FirewallIpConfigurationArray{
&network.FirewallIpConfigurationArgs{
Name: pulumi.String("configuration"),
SubnetId: exampleSubnet.ID(),
PublicIpAddressId: examplePublicIp.ID(),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.PublicIp;
import com.pulumi.azure.network.PublicIpArgs;
import com.pulumi.azure.network.Firewall;
import com.pulumi.azure.network.FirewallArgs;
import com.pulumi.azure.network.inputs.FirewallIpConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
.addressSpaces("10.0.0.0/16")
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.build());
var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.virtualNetworkName(exampleVirtualNetwork.name())
.addressPrefixes("10.0.1.0/24")
.build());
var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.allocationMethod("Static")
.sku("Standard")
.build());
var exampleFirewall = new Firewall("exampleFirewall", FirewallArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.skuName("AZFW_VNet")
.skuTier("Standard")
.ipConfigurations(FirewallIpConfigurationArgs.builder()
.name("configuration")
.subnetId(exampleSubnet.id())
.publicIpAddressId(examplePublicIp.id())
.build())
.build());
}
}
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_virtual_network = azure.network.VirtualNetwork("exampleVirtualNetwork",
address_spaces=["10.0.0.0/16"],
location=example_resource_group.location,
resource_group_name=example_resource_group.name)
example_subnet = azure.network.Subnet("exampleSubnet",
resource_group_name=example_resource_group.name,
virtual_network_name=example_virtual_network.name,
address_prefixes=["10.0.1.0/24"])
example_public_ip = azure.network.PublicIp("examplePublicIp",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
allocation_method="Static",
sku="Standard")
example_firewall = azure.network.Firewall("exampleFirewall",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
sku_name="AZFW_VNet",
sku_tier="Standard",
ip_configurations=[azure.network.FirewallIpConfigurationArgs(
name="configuration",
subnet_id=example_subnet.id,
public_ip_address_id=example_public_ip.id,
)])
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("exampleVirtualNetwork", {
addressSpaces: ["10.0.0.0/16"],
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
});
const exampleSubnet = new azure.network.Subnet("exampleSubnet", {
resourceGroupName: exampleResourceGroup.name,
virtualNetworkName: exampleVirtualNetwork.name,
addressPrefixes: ["10.0.1.0/24"],
});
const examplePublicIp = new azure.network.PublicIp("examplePublicIp", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
allocationMethod: "Static",
sku: "Standard",
});
const exampleFirewall = new azure.network.Firewall("exampleFirewall", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
skuName: "AZFW_VNet",
skuTier: "Standard",
ipConfigurations: [{
name: "configuration",
subnetId: exampleSubnet.id,
publicIpAddressId: examplePublicIp.id,
}],
});
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
properties:
location: West Europe
exampleVirtualNetwork:
type: azure:network:VirtualNetwork
properties:
addressSpaces:
- 10.0.0.0/16
location: ${exampleResourceGroup.location}
resourceGroupName: ${exampleResourceGroup.name}
exampleSubnet:
type: azure:network:Subnet
properties:
resourceGroupName: ${exampleResourceGroup.name}
virtualNetworkName: ${exampleVirtualNetwork.name}
addressPrefixes:
- 10.0.1.0/24
examplePublicIp:
type: azure:network:PublicIp
properties:
location: ${exampleResourceGroup.location}
resourceGroupName: ${exampleResourceGroup.name}
allocationMethod: Static
sku: Standard
exampleFirewall:
type: azure:network:Firewall
properties:
location: ${exampleResourceGroup.location}
resourceGroupName: ${exampleResourceGroup.name}
skuName: AZFW_VNet
skuTier: Standard
ipConfigurations:
- name: configuration
subnetId: ${exampleSubnet.id}
publicIpAddressId: ${examplePublicIp.id}
Create Firewall Resource
new Firewall(name: string, args: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
dns_servers: Optional[Sequence[str]] = None,
firewall_policy_id: Optional[str] = None,
ip_configurations: Optional[Sequence[FirewallIpConfigurationArgs]] = None,
location: Optional[str] = None,
management_ip_configuration: Optional[FirewallManagementIpConfigurationArgs] = None,
name: Optional[str] = None,
private_ip_ranges: Optional[Sequence[str]] = None,
resource_group_name: Optional[str] = None,
sku_name: Optional[str] = None,
sku_tier: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
threat_intel_mode: Optional[str] = None,
virtual_hub: Optional[FirewallVirtualHubArgs] = None,
zones: Optional[Sequence[str]] = None)
@overload
def Firewall(resource_name: str,
args: FirewallArgs,
opts: Optional[ResourceOptions] = None)
func NewFirewall(ctx *Context, name string, args FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs args, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: azure:network:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Firewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Firewall resource accepts the following input properties:
- Resource
Group stringName The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- Sku
Name string SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- Sku
Tier string SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- Dns
Servers List<string> A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- Firewall
Policy stringId The ID of the Firewall Policy applied to this Firewall.
- Ip
Configurations List<FirewallIp Configuration> An
ip_configuration
block as documented below.- Location string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- Management
Ip FirewallConfiguration Management Ip Configuration A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- Name string
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- Private
Ip List<string>Ranges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- Dictionary<string, string>
A mapping of tags to assign to the resource.
- Threat
Intel stringMode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- Virtual
Hub FirewallVirtual Hub A
virtual_hub
block as documented below.- Zones List<string>
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
- Resource
Group stringName The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- Sku
Name string SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- Sku
Tier string SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- Dns
Servers []string A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- Firewall
Policy stringId The ID of the Firewall Policy applied to this Firewall.
- Ip
Configurations []FirewallIp Configuration Args An
ip_configuration
block as documented below.- Location string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- Management
Ip FirewallConfiguration Management Ip Configuration Args A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- Name string
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- Private
Ip []stringRanges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- map[string]string
A mapping of tags to assign to the resource.
- Threat
Intel stringMode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- Virtual
Hub FirewallVirtual Hub Args A
virtual_hub
block as documented below.- Zones []string
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
- resource
Group StringName The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- sku
Name String SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- sku
Tier String SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- dns
Servers List<String> A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- firewall
Policy StringId The ID of the Firewall Policy applied to this Firewall.
- ip
Configurations List<FirewallIp Configuration> An
ip_configuration
block as documented below.- location String
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- management
Ip FirewallConfiguration Management Ip Configuration A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- name String
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- private
Ip List<String>Ranges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- Map<String,String>
A mapping of tags to assign to the resource.
- threat
Intel StringMode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- virtual
Hub FirewallVirtual Hub A
virtual_hub
block as documented below.- zones List<String>
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
- resource
Group stringName The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- sku
Name string SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- sku
Tier string SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- dns
Servers string[] A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- firewall
Policy stringId The ID of the Firewall Policy applied to this Firewall.
- ip
Configurations FirewallIp Configuration[] An
ip_configuration
block as documented below.- location string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- management
Ip FirewallConfiguration Management Ip Configuration A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- name string
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- private
Ip string[]Ranges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- {[key: string]: string}
A mapping of tags to assign to the resource.
- threat
Intel stringMode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- virtual
Hub FirewallVirtual Hub A
virtual_hub
block as documented below.- zones string[]
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
- resource_
group_ strname The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- sku_
name str SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- sku_
tier str SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- dns_
servers Sequence[str] A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- firewall_
policy_ strid The ID of the Firewall Policy applied to this Firewall.
- ip_
configurations Sequence[FirewallIp Configuration Args] An
ip_configuration
block as documented below.- location str
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- management_
ip_ Firewallconfiguration Management Ip Configuration Args A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- name str
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- private_
ip_ Sequence[str]ranges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- Mapping[str, str]
A mapping of tags to assign to the resource.
- threat_
intel_ strmode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- virtual_
hub FirewallVirtual Hub Args A
virtual_hub
block as documented below.- zones Sequence[str]
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
- resource
Group StringName The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- sku
Name String SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- sku
Tier String SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- dns
Servers List<String> A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- firewall
Policy StringId The ID of the Firewall Policy applied to this Firewall.
- ip
Configurations List<Property Map> An
ip_configuration
block as documented below.- location String
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- management
Ip Property MapConfiguration A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- name String
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- private
Ip List<String>Ranges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- Map<String>
A mapping of tags to assign to the resource.
- threat
Intel StringMode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- virtual
Hub Property Map A
virtual_hub
block as documented below.- zones List<String>
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
Outputs
All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing Firewall Resource
Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
dns_servers: Optional[Sequence[str]] = None,
firewall_policy_id: Optional[str] = None,
ip_configurations: Optional[Sequence[FirewallIpConfigurationArgs]] = None,
location: Optional[str] = None,
management_ip_configuration: Optional[FirewallManagementIpConfigurationArgs] = None,
name: Optional[str] = None,
private_ip_ranges: Optional[Sequence[str]] = None,
resource_group_name: Optional[str] = None,
sku_name: Optional[str] = None,
sku_tier: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
threat_intel_mode: Optional[str] = None,
virtual_hub: Optional[FirewallVirtualHubArgs] = None,
zones: Optional[Sequence[str]] = None) -> Firewall
func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Dns
Servers List<string> A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- Firewall
Policy stringId The ID of the Firewall Policy applied to this Firewall.
- Ip
Configurations List<FirewallIp Configuration> An
ip_configuration
block as documented below.- Location string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- Management
Ip FirewallConfiguration Management Ip Configuration A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- Name string
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- Private
Ip List<string>Ranges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- Resource
Group stringName The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- Sku
Name string SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- Sku
Tier string SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- Dictionary<string, string>
A mapping of tags to assign to the resource.
- Threat
Intel stringMode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- Virtual
Hub FirewallVirtual Hub A
virtual_hub
block as documented below.- Zones List<string>
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
- Dns
Servers []string A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- Firewall
Policy stringId The ID of the Firewall Policy applied to this Firewall.
- Ip
Configurations []FirewallIp Configuration Args An
ip_configuration
block as documented below.- Location string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- Management
Ip FirewallConfiguration Management Ip Configuration Args A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- Name string
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- Private
Ip []stringRanges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- Resource
Group stringName The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- Sku
Name string SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- Sku
Tier string SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- map[string]string
A mapping of tags to assign to the resource.
- Threat
Intel stringMode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- Virtual
Hub FirewallVirtual Hub Args A
virtual_hub
block as documented below.- Zones []string
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
- dns
Servers List<String> A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- firewall
Policy StringId The ID of the Firewall Policy applied to this Firewall.
- ip
Configurations List<FirewallIp Configuration> An
ip_configuration
block as documented below.- location String
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- management
Ip FirewallConfiguration Management Ip Configuration A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- name String
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- private
Ip List<String>Ranges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- resource
Group StringName The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- sku
Name String SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- sku
Tier String SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- Map<String,String>
A mapping of tags to assign to the resource.
- threat
Intel StringMode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- virtual
Hub FirewallVirtual Hub A
virtual_hub
block as documented below.- zones List<String>
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
- dns
Servers string[] A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- firewall
Policy stringId The ID of the Firewall Policy applied to this Firewall.
- ip
Configurations FirewallIp Configuration[] An
ip_configuration
block as documented below.- location string
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- management
Ip FirewallConfiguration Management Ip Configuration A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- name string
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- private
Ip string[]Ranges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- resource
Group stringName The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- sku
Name string SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- sku
Tier string SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- {[key: string]: string}
A mapping of tags to assign to the resource.
- threat
Intel stringMode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- virtual
Hub FirewallVirtual Hub A
virtual_hub
block as documented below.- zones string[]
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
- dns_
servers Sequence[str] A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- firewall_
policy_ strid The ID of the Firewall Policy applied to this Firewall.
- ip_
configurations Sequence[FirewallIp Configuration Args] An
ip_configuration
block as documented below.- location str
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- management_
ip_ Firewallconfiguration Management Ip Configuration Args A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- name str
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- private_
ip_ Sequence[str]ranges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- resource_
group_ strname The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- sku_
name str SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- sku_
tier str SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- Mapping[str, str]
A mapping of tags to assign to the resource.
- threat_
intel_ strmode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- virtual_
hub FirewallVirtual Hub Args A
virtual_hub
block as documented below.- zones Sequence[str]
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
- dns
Servers List<String> A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.
- firewall
Policy StringId The ID of the Firewall Policy applied to this Firewall.
- ip
Configurations List<Property Map> An
ip_configuration
block as documented below.- location String
Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
- management
Ip Property MapConfiguration A
management_ip_configuration
block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing thesubnet_id
in an existing block forces a new resource to be created. Changing this forces a new resource to be created.- name String
Specifies the name of the Firewall. Changing this forces a new resource to be created.
- private
Ip List<String>Ranges A list of SNAT private CIDR IP ranges, or the special string
IANAPrivateRanges
, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.- resource
Group StringName The name of the resource group in which to create the resource. Changing this forces a new resource to be created.
- sku
Name String SKU name of the Firewall. Possible values are
AZFW_Hub
andAZFW_VNet
. Changing this forces a new resource to be created.- sku
Tier String SKU tier of the Firewall. Possible values are
Premium
,Standard
andBasic
.- Map<String>
A mapping of tags to assign to the resource.
- threat
Intel StringMode The operation mode for threat intelligence-based filtering. Possible values are:
Off
,Alert
andDeny
. Defaults toAlert
.- virtual
Hub Property Map A
virtual_hub
block as documented below.- zones List<String>
Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.
Please Note: Availability Zones are only supported in several regions at this time.
Supporting Types
FirewallIpConfiguration, FirewallIpConfigurationArgs
- Name string
Specifies the name of the IP Configuration.
- Private
Ip stringAddress The private IP address associated with the Firewall.
- Public
Ip stringAddress Id - Subnet
Id string Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Subnet used for the Firewall must have the name
AzureFirewallSubnet
and the subnet mask must be at least a/26
.NOTE At least one and only one
ip_configuration
block may contain asubnet_id
.
- Name string
Specifies the name of the IP Configuration.
- Private
Ip stringAddress The private IP address associated with the Firewall.
- Public
Ip stringAddress Id - Subnet
Id string Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Subnet used for the Firewall must have the name
AzureFirewallSubnet
and the subnet mask must be at least a/26
.NOTE At least one and only one
ip_configuration
block may contain asubnet_id
.
- name String
Specifies the name of the IP Configuration.
- private
Ip StringAddress The private IP address associated with the Firewall.
- public
Ip StringAddress Id - subnet
Id String Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Subnet used for the Firewall must have the name
AzureFirewallSubnet
and the subnet mask must be at least a/26
.NOTE At least one and only one
ip_configuration
block may contain asubnet_id
.
- name string
Specifies the name of the IP Configuration.
- private
Ip stringAddress The private IP address associated with the Firewall.
- public
Ip stringAddress Id - subnet
Id string Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Subnet used for the Firewall must have the name
AzureFirewallSubnet
and the subnet mask must be at least a/26
.NOTE At least one and only one
ip_configuration
block may contain asubnet_id
.
- name str
Specifies the name of the IP Configuration.
- private_
ip_ straddress The private IP address associated with the Firewall.
- public_
ip_ straddress_ id - subnet_
id str Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Subnet used for the Firewall must have the name
AzureFirewallSubnet
and the subnet mask must be at least a/26
.NOTE At least one and only one
ip_configuration
block may contain asubnet_id
.
- name String
Specifies the name of the IP Configuration.
- private
Ip StringAddress The private IP address associated with the Firewall.
- public
Ip StringAddress Id - subnet
Id String Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Subnet used for the Firewall must have the name
AzureFirewallSubnet
and the subnet mask must be at least a/26
.NOTE At least one and only one
ip_configuration
block may contain asubnet_id
.
FirewallManagementIpConfiguration, FirewallManagementIpConfigurationArgs
- Name string
Specifies the name of the IP Configuration.
- Public
Ip stringAddress Id The ID of the Public IP Address associated with the firewall.
NOTE The Public IP must have a
Static
allocation andStandard
SKU.- Subnet
Id string Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Management Subnet used for the Firewall must have the name
AzureFirewallManagementSubnet
and the subnet mask must be at least a/26
.- Private
Ip stringAddress The private IP address associated with the Firewall.
- Name string
Specifies the name of the IP Configuration.
- Public
Ip stringAddress Id The ID of the Public IP Address associated with the firewall.
NOTE The Public IP must have a
Static
allocation andStandard
SKU.- Subnet
Id string Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Management Subnet used for the Firewall must have the name
AzureFirewallManagementSubnet
and the subnet mask must be at least a/26
.- Private
Ip stringAddress The private IP address associated with the Firewall.
- name String
Specifies the name of the IP Configuration.
- public
Ip StringAddress Id The ID of the Public IP Address associated with the firewall.
NOTE The Public IP must have a
Static
allocation andStandard
SKU.- subnet
Id String Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Management Subnet used for the Firewall must have the name
AzureFirewallManagementSubnet
and the subnet mask must be at least a/26
.- private
Ip StringAddress The private IP address associated with the Firewall.
- name string
Specifies the name of the IP Configuration.
- public
Ip stringAddress Id The ID of the Public IP Address associated with the firewall.
NOTE The Public IP must have a
Static
allocation andStandard
SKU.- subnet
Id string Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Management Subnet used for the Firewall must have the name
AzureFirewallManagementSubnet
and the subnet mask must be at least a/26
.- private
Ip stringAddress The private IP address associated with the Firewall.
- name str
Specifies the name of the IP Configuration.
- public_
ip_ straddress_ id The ID of the Public IP Address associated with the firewall.
NOTE The Public IP must have a
Static
allocation andStandard
SKU.- subnet_
id str Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Management Subnet used for the Firewall must have the name
AzureFirewallManagementSubnet
and the subnet mask must be at least a/26
.- private_
ip_ straddress The private IP address associated with the Firewall.
- name String
Specifies the name of the IP Configuration.
- public
Ip StringAddress Id The ID of the Public IP Address associated with the firewall.
NOTE The Public IP must have a
Static
allocation andStandard
SKU.- subnet
Id String Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.
NOTE The Management Subnet used for the Firewall must have the name
AzureFirewallManagementSubnet
and the subnet mask must be at least a/26
.- private
Ip StringAddress The private IP address associated with the Firewall.
FirewallVirtualHub, FirewallVirtualHubArgs
- Virtual
Hub stringId Specifies the ID of the Virtual Hub where the Firewall resides in.
- Private
Ip stringAddress The private IP address associated with the Firewall.
- Public
Ip List<string>Addresses The list of public IP addresses associated with the Firewall.
- Public
Ip intCount Specifies the number of public IPs to assign to the Firewall. Defaults to
1
.
- Virtual
Hub stringId Specifies the ID of the Virtual Hub where the Firewall resides in.
- Private
Ip stringAddress The private IP address associated with the Firewall.
- Public
Ip []stringAddresses The list of public IP addresses associated with the Firewall.
- Public
Ip intCount Specifies the number of public IPs to assign to the Firewall. Defaults to
1
.
- virtual
Hub StringId Specifies the ID of the Virtual Hub where the Firewall resides in.
- private
Ip StringAddress The private IP address associated with the Firewall.
- public
Ip List<String>Addresses The list of public IP addresses associated with the Firewall.
- public
Ip IntegerCount Specifies the number of public IPs to assign to the Firewall. Defaults to
1
.
- virtual
Hub stringId Specifies the ID of the Virtual Hub where the Firewall resides in.
- private
Ip stringAddress The private IP address associated with the Firewall.
- public
Ip string[]Addresses The list of public IP addresses associated with the Firewall.
- public
Ip numberCount Specifies the number of public IPs to assign to the Firewall. Defaults to
1
.
- virtual_
hub_ strid Specifies the ID of the Virtual Hub where the Firewall resides in.
- private_
ip_ straddress The private IP address associated with the Firewall.
- public_
ip_ Sequence[str]addresses The list of public IP addresses associated with the Firewall.
- public_
ip_ intcount Specifies the number of public IPs to assign to the Firewall. Defaults to
1
.
- virtual
Hub StringId Specifies the ID of the Virtual Hub where the Firewall resides in.
- private
Ip StringAddress The private IP address associated with the Firewall.
- public
Ip List<String>Addresses The list of public IP addresses associated with the Firewall.
- public
Ip NumberCount Specifies the number of public IPs to assign to the Firewall. Defaults to
1
.
Import
Azure Firewalls can be imported using the resource id
, e.g.
$ pulumi import azure:network/firewall:Firewall example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Network/azureFirewalls/testfirewall
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurerm
Terraform Provider.