Docs Home
DigitalOcean v4.45.0 published on Tuesday, May 20, 2025 by Pulumi
digitalocean.Firewall
Explore with Pulumi AI
Provides a DigitalOcean Cloud Firewall resource. This can be used to create, modify, and delete Firewalls.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as digitalocean from "@pulumi/digitalocean";
const web = new digitalocean.Droplet("web", {
name: "web-1",
size: digitalocean.DropletSlug.DropletS1VCPU1GB,
image: "ubuntu-18-04-x64",
region: digitalocean.Region.NYC3,
});
const webFirewall = new digitalocean.Firewall("web", {
name: "only-22-80-and-443",
dropletIds: [web.id],
inboundRules: [
{
protocol: "tcp",
portRange: "22",
sourceAddresses: [
"192.168.1.0/24",
"2002:1:2::/48",
],
},
{
protocol: "tcp",
portRange: "80",
sourceAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "tcp",
portRange: "443",
sourceAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "icmp",
sourceAddresses: [
"0.0.0.0/0",
"::/0",
],
},
],
outboundRules: [
{
protocol: "tcp",
portRange: "53",
destinationAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "udp",
portRange: "53",
destinationAddresses: [
"0.0.0.0/0",
"::/0",
],
},
{
protocol: "icmp",
destinationAddresses: [
"0.0.0.0/0",
"::/0",
],
},
],
});
import pulumi
import pulumi_digitalocean as digitalocean
web = digitalocean.Droplet("web",
name="web-1",
size=digitalocean.DropletSlug.DROPLET_S1_VCPU1_GB,
image="ubuntu-18-04-x64",
region=digitalocean.Region.NYC3)
web_firewall = digitalocean.Firewall("web",
name="only-22-80-and-443",
droplet_ids=[web.id],
inbound_rules=[
{
"protocol": "tcp",
"port_range": "22",
"source_addresses": [
"192.168.1.0/24",
"2002:1:2::/48",
],
},
{
"protocol": "tcp",
"port_range": "80",
"source_addresses": [
"0.0.0.0/0",
"::/0",
],
},
{
"protocol": "tcp",
"port_range": "443",
"source_addresses": [
"0.0.0.0/0",
"::/0",
],
},
{
"protocol": "icmp",
"source_addresses": [
"0.0.0.0/0",
"::/0",
],
},
],
outbound_rules=[
{
"protocol": "tcp",
"port_range": "53",
"destination_addresses": [
"0.0.0.0/0",
"::/0",
],
},
{
"protocol": "udp",
"port_range": "53",
"destination_addresses": [
"0.0.0.0/0",
"::/0",
],
},
{
"protocol": "icmp",
"destination_addresses": [
"0.0.0.0/0",
"::/0",
],
},
])
package main
import (
"github.com/pulumi/pulumi-digitalocean/sdk/v4/go/digitalocean"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
web, err := digitalocean.NewDroplet(ctx, "web", &digitalocean.DropletArgs{
Name: pulumi.String("web-1"),
Size: pulumi.String(digitalocean.DropletSlugDropletS1VCPU1GB),
Image: pulumi.String("ubuntu-18-04-x64"),
Region: pulumi.String(digitalocean.RegionNYC3),
})
if err != nil {
return err
}
_, err = digitalocean.NewFirewall(ctx, "web", &digitalocean.FirewallArgs{
Name: pulumi.String("only-22-80-and-443"),
DropletIds: pulumi.IntArray{
web.ID(),
},
InboundRules: digitalocean.FirewallInboundRuleArray{
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("22"),
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.0/24"),
pulumi.String("2002:1:2::/48"),
},
},
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("80"),
SourceAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("443"),
SourceAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("icmp"),
SourceAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
},
OutboundRules: digitalocean.FirewallOutboundRuleArray{
&digitalocean.FirewallOutboundRuleArgs{
Protocol: pulumi.String("tcp"),
PortRange: pulumi.String("53"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallOutboundRuleArgs{
Protocol: pulumi.String("udp"),
PortRange: pulumi.String("53"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&digitalocean.FirewallOutboundRuleArgs{
Protocol: pulumi.String("icmp"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using DigitalOcean = Pulumi.DigitalOcean;
return await Deployment.RunAsync(() =>
{
var web = new DigitalOcean.Droplet("web", new()
{
Name = "web-1",
Size = DigitalOcean.DropletSlug.DropletS1VCPU1GB,
Image = "ubuntu-18-04-x64",
Region = DigitalOcean.Region.NYC3,
});
var webFirewall = new DigitalOcean.Firewall("web", new()
{
Name = "only-22-80-and-443",
DropletIds = new[]
{
web.Id,
},
InboundRules = new[]
{
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "tcp",
PortRange = "22",
SourceAddresses = new[]
{
"192.168.1.0/24",
"2002:1:2::/48",
},
},
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "tcp",
PortRange = "80",
SourceAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "tcp",
PortRange = "443",
SourceAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "icmp",
SourceAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
},
OutboundRules = new[]
{
new DigitalOcean.Inputs.FirewallOutboundRuleArgs
{
Protocol = "tcp",
PortRange = "53",
DestinationAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallOutboundRuleArgs
{
Protocol = "udp",
PortRange = "53",
DestinationAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new DigitalOcean.Inputs.FirewallOutboundRuleArgs
{
Protocol = "icmp",
DestinationAddresses = new[]
{
"0.0.0.0/0",
"::/0",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.digitalocean.Droplet;
import com.pulumi.digitalocean.DropletArgs;
import com.pulumi.digitalocean.Firewall;
import com.pulumi.digitalocean.FirewallArgs;
import com.pulumi.digitalocean.inputs.FirewallInboundRuleArgs;
import com.pulumi.digitalocean.inputs.FirewallOutboundRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var web = new Droplet("web", DropletArgs.builder()
.name("web-1")
.size("s-1vcpu-1gb")
.image("ubuntu-18-04-x64")
.region("nyc3")
.build());
var webFirewall = new Firewall("webFirewall", FirewallArgs.builder()
.name("only-22-80-and-443")
.dropletIds(web.id())
.inboundRules(
FirewallInboundRuleArgs.builder()
.protocol("tcp")
.portRange("22")
.sourceAddresses(
"192.168.1.0/24",
"2002:1:2::/48")
.build(),
FirewallInboundRuleArgs.builder()
.protocol("tcp")
.portRange("80")
.sourceAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallInboundRuleArgs.builder()
.protocol("tcp")
.portRange("443")
.sourceAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallInboundRuleArgs.builder()
.protocol("icmp")
.sourceAddresses(
"0.0.0.0/0",
"::/0")
.build())
.outboundRules(
FirewallOutboundRuleArgs.builder()
.protocol("tcp")
.portRange("53")
.destinationAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallOutboundRuleArgs.builder()
.protocol("udp")
.portRange("53")
.destinationAddresses(
"0.0.0.0/0",
"::/0")
.build(),
FirewallOutboundRuleArgs.builder()
.protocol("icmp")
.destinationAddresses(
"0.0.0.0/0",
"::/0")
.build())
.build());
}
}
resources:
web:
type: digitalocean:Droplet
properties:
name: web-1
size: s-1vcpu-1gb
image: ubuntu-18-04-x64
region: nyc3
webFirewall:
type: digitalocean:Firewall
name: web
properties:
name: only-22-80-and-443
dropletIds:
- ${web.id}
inboundRules:
- protocol: tcp
portRange: '22'
sourceAddresses:
- 192.168.1.0/24
- 2002:1:2::/48
- protocol: tcp
portRange: '80'
sourceAddresses:
- 0.0.0.0/0
- ::/0
- protocol: tcp
portRange: '443'
sourceAddresses:
- 0.0.0.0/0
- ::/0
- protocol: icmp
sourceAddresses:
- 0.0.0.0/0
- ::/0
outboundRules:
- protocol: tcp
portRange: '53'
destinationAddresses:
- 0.0.0.0/0
- ::/0
- protocol: udp
portRange: '53'
destinationAddresses:
- 0.0.0.0/0
- ::/0
- protocol: icmp
destinationAddresses:
- 0.0.0.0/0
- ::/0
Create Firewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);@overload
def Firewall(resource_name: str,
args: Optional[FirewallArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Firewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
droplet_ids: Optional[Sequence[int]] = None,
inbound_rules: Optional[Sequence[FirewallInboundRuleArgs]] = None,
name: Optional[str] = None,
outbound_rules: Optional[Sequence[FirewallOutboundRuleArgs]] = None,
tags: Optional[Sequence[str]] = None)func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: digitalocean:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallResource = new DigitalOcean.Firewall("firewallResource", new()
{
DropletIds = new[]
{
0,
},
InboundRules = new[]
{
new DigitalOcean.Inputs.FirewallInboundRuleArgs
{
Protocol = "string",
PortRange = "string",
SourceAddresses = new[]
{
"string",
},
SourceDropletIds = new[]
{
0,
},
SourceKubernetesIds = new[]
{
"string",
},
SourceLoadBalancerUids = new[]
{
"string",
},
SourceTags = new[]
{
"string",
},
},
},
Name = "string",
OutboundRules = new[]
{
new DigitalOcean.Inputs.FirewallOutboundRuleArgs
{
Protocol = "string",
DestinationAddresses = new[]
{
"string",
},
DestinationDropletIds = new[]
{
0,
},
DestinationKubernetesIds = new[]
{
"string",
},
DestinationLoadBalancerUids = new[]
{
"string",
},
DestinationTags = new[]
{
"string",
},
PortRange = "string",
},
},
Tags = new[]
{
"string",
},
});
example, err := digitalocean.NewFirewall(ctx, "firewallResource", &digitalocean.FirewallArgs{
DropletIds: pulumi.IntArray{
pulumi.Int(0),
},
InboundRules: digitalocean.FirewallInboundRuleArray{
&digitalocean.FirewallInboundRuleArgs{
Protocol: pulumi.String("string"),
PortRange: pulumi.String("string"),
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceDropletIds: pulumi.IntArray{
pulumi.Int(0),
},
SourceKubernetesIds: pulumi.StringArray{
pulumi.String("string"),
},
SourceLoadBalancerUids: pulumi.StringArray{
pulumi.String("string"),
},
SourceTags: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Name: pulumi.String("string"),
OutboundRules: digitalocean.FirewallOutboundRuleArray{
&digitalocean.FirewallOutboundRuleArgs{
Protocol: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestinationDropletIds: pulumi.IntArray{
pulumi.Int(0),
},
DestinationKubernetesIds: pulumi.StringArray{
pulumi.String("string"),
},
DestinationLoadBalancerUids: pulumi.StringArray{
pulumi.String("string"),
},
DestinationTags: pulumi.StringArray{
pulumi.String("string"),
},
PortRange: pulumi.String("string"),
},
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
})
var firewallResource = new Firewall("firewallResource", FirewallArgs.builder()
.dropletIds(0)
.inboundRules(FirewallInboundRuleArgs.builder()
.protocol("string")
.portRange("string")
.sourceAddresses("string")
.sourceDropletIds(0)
.sourceKubernetesIds("string")
.sourceLoadBalancerUids("string")
.sourceTags("string")
.build())
.name("string")
.outboundRules(FirewallOutboundRuleArgs.builder()
.protocol("string")
.destinationAddresses("string")
.destinationDropletIds(0)
.destinationKubernetesIds("string")
.destinationLoadBalancerUids("string")
.destinationTags("string")
.portRange("string")
.build())
.tags("string")
.build());
firewall_resource = digitalocean.Firewall("firewallResource",
droplet_ids=[0],
inbound_rules=[{
"protocol": "string",
"port_range": "string",
"source_addresses": ["string"],
"source_droplet_ids": [0],
"source_kubernetes_ids": ["string"],
"source_load_balancer_uids": ["string"],
"source_tags": ["string"],
}],
name="string",
outbound_rules=[{
"protocol": "string",
"destination_addresses": ["string"],
"destination_droplet_ids": [0],
"destination_kubernetes_ids": ["string"],
"destination_load_balancer_uids": ["string"],
"destination_tags": ["string"],
"port_range": "string",
}],
tags=["string"])
const firewallResource = new digitalocean.Firewall("firewallResource", {
dropletIds: [0],
inboundRules: [{
protocol: "string",
portRange: "string",
sourceAddresses: ["string"],
sourceDropletIds: [0],
sourceKubernetesIds: ["string"],
sourceLoadBalancerUids: ["string"],
sourceTags: ["string"],
}],
name: "string",
outboundRules: [{
protocol: "string",
destinationAddresses: ["string"],
destinationDropletIds: [0],
destinationKubernetesIds: ["string"],
destinationLoadBalancerUids: ["string"],
destinationTags: ["string"],
portRange: "string",
}],
tags: ["string"],
});
type: digitalocean:Firewall
properties:
dropletIds:
- 0
inboundRules:
- portRange: string
protocol: string
sourceAddresses:
- string
sourceDropletIds:
- 0
sourceKubernetesIds:
- string
sourceLoadBalancerUids:
- string
sourceTags:
- string
name: string
outboundRules:
- destinationAddresses:
- string
destinationDropletIds:
- 0
destinationKubernetesIds:
- string
destinationLoadBalancerUids:
- string
destinationTags:
- string
portRange: string
protocol: string
tags:
- string
Firewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Firewall resource accepts the following input properties:
- Droplet
Ids List<int> - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - Inbound
Rules List<Pulumi.Digital Ocean. Inputs. Firewall Inbound Rule> - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - Name string
- The Firewall name
- Outbound
Rules List<Pulumi.Digital Ocean. Inputs. Firewall Outbound Rule> - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - List<string>
- The names of the Tags assigned to the Firewall (max. 5).
- Droplet
Ids []int - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - Inbound
Rules []FirewallInbound Rule Args - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - Name string
- The Firewall name
- Outbound
Rules []FirewallOutbound Rule Args - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - []string
- The names of the Tags assigned to the Firewall (max. 5).
- droplet
Ids List<Integer> - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - inbound
Rules List<FirewallInbound Rule> - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - name String
- The Firewall name
- outbound
Rules List<FirewallOutbound Rule> - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - List<String>
- The names of the Tags assigned to the Firewall (max. 5).
- droplet
Ids number[] - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - inbound
Rules FirewallInbound Rule[] - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - name string
- The Firewall name
- outbound
Rules FirewallOutbound Rule[] - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - string[]
- The names of the Tags assigned to the Firewall (max. 5).
- droplet_
ids Sequence[int] - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - inbound_
rules Sequence[FirewallInbound Rule Args] - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - name str
- The Firewall name
- outbound_
rules Sequence[FirewallOutbound Rule Args] - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - Sequence[str]
- The names of the Tags assigned to the Firewall (max. 5).
- droplet
Ids List<Number> - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - inbound
Rules List<Property Map> - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - name String
- The Firewall name
- outbound
Rules List<Property Map> - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - List<String>
- The names of the Tags assigned to the Firewall (max. 5).
Outputs
All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:
- Created
At string - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pending
Changes List<Pulumi.Digital Ocean. Outputs. Firewall Pending Change> - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- Status string
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- Created
At string - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Pending
Changes []FirewallPending Change - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- Status string
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- created
At String - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- id String
- The provider-assigned unique ID for this managed resource.
- pending
Changes List<FirewallPending Change> - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status String
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- created
At string - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- id string
- The provider-assigned unique ID for this managed resource.
- pending
Changes FirewallPending Change[] - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status string
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- created_
at str - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- id str
- The provider-assigned unique ID for this managed resource.
- pending_
changes Sequence[FirewallPending Change] - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status str
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- created
At String - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- id String
- The provider-assigned unique ID for this managed resource.
- pending
Changes List<Property Map> - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status String
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
Look up Existing Firewall Resource
Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created_at: Optional[str] = None,
droplet_ids: Optional[Sequence[int]] = None,
inbound_rules: Optional[Sequence[FirewallInboundRuleArgs]] = None,
name: Optional[str] = None,
outbound_rules: Optional[Sequence[FirewallOutboundRuleArgs]] = None,
pending_changes: Optional[Sequence[FirewallPendingChangeArgs]] = None,
status: Optional[str] = None,
tags: Optional[Sequence[str]] = None) -> Firewallfunc GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)resources: _: type: digitalocean:Firewall get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Created
At string - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- Droplet
Ids List<int> - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - Inbound
Rules List<Pulumi.Digital Ocean. Inputs. Firewall Inbound Rule> - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - Name string
- The Firewall name
- Outbound
Rules List<Pulumi.Digital Ocean. Inputs. Firewall Outbound Rule> - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - Pending
Changes List<Pulumi.Digital Ocean. Inputs. Firewall Pending Change> - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- Status string
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- List<string>
- The names of the Tags assigned to the Firewall (max. 5).
- Created
At string - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- Droplet
Ids []int - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - Inbound
Rules []FirewallInbound Rule Args - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - Name string
- The Firewall name
- Outbound
Rules []FirewallOutbound Rule Args - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - Pending
Changes []FirewallPending Change Args - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- Status string
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- []string
- The names of the Tags assigned to the Firewall (max. 5).
- created
At String - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- droplet
Ids List<Integer> - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - inbound
Rules List<FirewallInbound Rule> - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - name String
- The Firewall name
- outbound
Rules List<FirewallOutbound Rule> - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - pending
Changes List<FirewallPending Change> - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status String
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- List<String>
- The names of the Tags assigned to the Firewall (max. 5).
- created
At string - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- droplet
Ids number[] - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - inbound
Rules FirewallInbound Rule[] - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - name string
- The Firewall name
- outbound
Rules FirewallOutbound Rule[] - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - pending
Changes FirewallPending Change[] - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status string
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- string[]
- The names of the Tags assigned to the Firewall (max. 5).
- created_
at str - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- droplet_
ids Sequence[int] - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - inbound_
rules Sequence[FirewallInbound Rule Args] - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - name str
- The Firewall name
- outbound_
rules Sequence[FirewallOutbound Rule Args] - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - pending_
changes Sequence[FirewallPending Change Args] - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status str
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- Sequence[str]
- The names of the Tags assigned to the Firewall (max. 5).
- created
At String - A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
- droplet
Ids List<Number> - The list of the IDs of the Droplets assigned
to the Firewall (max. 10). If you want to assign more droplets to the
Firewall, add Tags to them and use the
tagsargument below. - inbound
Rules List<Property Map> - The inbound access rule block for the Firewall.
The
inbound_ruleblock is documented below. - name String
- The Firewall name
- outbound
Rules List<Property Map> - The outbound access rule block for the Firewall.
The
outbound_ruleblock is documented below. - pending
Changes List<Property Map> - An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
- status String
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
- List<String>
- The names of the Tags assigned to the Firewall (max. 5).
Supporting Types
FirewallInboundRule, FirewallInboundRuleArgs
- Protocol string
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- Port
Range string - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp. - Source
Addresses List<string> - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- Source
Droplet List<int>Ids - An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- Source
Kubernetes List<string>Ids - An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- Source
Load List<string>Balancer Uids - An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- List<string>
- An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
- Protocol string
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- Port
Range string - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp. - Source
Addresses []string - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- Source
Droplet []intIds - An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- Source
Kubernetes []stringIds - An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- Source
Load []stringBalancer Uids - An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- []string
- An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
- protocol String
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- port
Range String - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp. - source
Addresses List<String> - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- source
Droplet List<Integer>Ids - An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- source
Kubernetes List<String>Ids - An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- source
Load List<String>Balancer Uids - An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- List<String>
- An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
- protocol string
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- port
Range string - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp. - source
Addresses string[] - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- source
Droplet number[]Ids - An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- source
Kubernetes string[]Ids - An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- source
Load string[]Balancer Uids - An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- string[]
- An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
- protocol str
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- port_
range str - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp. - source_
addresses Sequence[str] - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- source_
droplet_ Sequence[int]ids - An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- source_
kubernetes_ Sequence[str]ids - An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- source_
load_ Sequence[str]balancer_ uids - An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- Sequence[str]
- An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
- protocol String
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- port
Range String - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp. - source
Addresses List<String> - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
- source
Droplet List<Number>Ids - An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
- source
Kubernetes List<String>Ids - An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
- source
Load List<String>Balancer Uids - An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
- List<String>
- An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
FirewallOutboundRule, FirewallOutboundRuleArgs
- Protocol string
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- Destination
Addresses List<string> - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- Destination
Droplet List<int>Ids - An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- Destination
Kubernetes List<string>Ids - An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- Destination
Load List<string>Balancer Uids - An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- List<string>
- An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- Port
Range string - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
- Protocol string
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- Destination
Addresses []string - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- Destination
Droplet []intIds - An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- Destination
Kubernetes []stringIds - An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- Destination
Load []stringBalancer Uids - An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- []string
- An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- Port
Range string - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
- protocol String
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- destination
Addresses List<String> - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- destination
Droplet List<Integer>Ids - An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- destination
Kubernetes List<String>Ids - An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- destination
Load List<String>Balancer Uids - An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- List<String>
- An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- port
Range String - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
- protocol string
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- destination
Addresses string[] - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- destination
Droplet number[]Ids - An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- destination
Kubernetes string[]Ids - An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- destination
Load string[]Balancer Uids - An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- string[]
- An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- port
Range string - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
- protocol str
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- destination_
addresses Sequence[str] - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- destination_
droplet_ Sequence[int]ids - An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- destination_
kubernetes_ Sequence[str]ids - An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- destination_
load_ Sequence[str]balancer_ uids - An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- Sequence[str]
- An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- port_
range str - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
- protocol String
- The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
- destination
Addresses List<String> - An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
- destination
Droplet List<Number>Ids - An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
- destination
Kubernetes List<String>Ids - An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
- destination
Load List<String>Balancer Uids - An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
- List<String>
- An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
- port
Range String - The ports on which traffic will be allowed
specified as a string containing a single port, a range (e.g. "8000-9000"),
or "1-65535" to open all ports for a protocol. Required for when protocol is
tcporudp.
FirewallPendingChange, FirewallPendingChangeArgs
- droplet_
id int - removing bool
- status str
- A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
Import
Firewalls can be imported using the firewall id, e.g.
$ pulumi import digitalocean:index/firewall:Firewall myfirewall b8ecd2ab-2267-4a5e-8692-cbf1d32583e3
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- DigitalOcean pulumi/pulumi-digitalocean
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
digitaloceanTerraform Provider.