1. Packages
  2. Digitalocean Provider
  3. API Docs
  4. Firewall
DigitalOcean v4.36.0 published on Wednesday, Dec 4, 2024 by Pulumi

digitalocean.Firewall

Explore with Pulumi AI

digitalocean logo
DigitalOcean v4.36.0 published on Wednesday, Dec 4, 2024 by Pulumi

    Provides a DigitalOcean Cloud Firewall resource. This can be used to create, modify, and delete Firewalls.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as digitalocean from "@pulumi/digitalocean";
    
    const web = new digitalocean.Droplet("web", {
        name: "web-1",
        size: digitalocean.DropletSlug.DropletS1VCPU1GB,
        image: "ubuntu-18-04-x64",
        region: digitalocean.Region.NYC3,
    });
    const webFirewall = new digitalocean.Firewall("web", {
        name: "only-22-80-and-443",
        dropletIds: [web.id],
        inboundRules: [
            {
                protocol: "tcp",
                portRange: "22",
                sourceAddresses: [
                    "192.168.1.0/24",
                    "2002:1:2::/48",
                ],
            },
            {
                protocol: "tcp",
                portRange: "80",
                sourceAddresses: [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
            {
                protocol: "tcp",
                portRange: "443",
                sourceAddresses: [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
            {
                protocol: "icmp",
                sourceAddresses: [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
        ],
        outboundRules: [
            {
                protocol: "tcp",
                portRange: "53",
                destinationAddresses: [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
            {
                protocol: "udp",
                portRange: "53",
                destinationAddresses: [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
            {
                protocol: "icmp",
                destinationAddresses: [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
        ],
    });
    
    import pulumi
    import pulumi_digitalocean as digitalocean
    
    web = digitalocean.Droplet("web",
        name="web-1",
        size=digitalocean.DropletSlug.DROPLET_S1_VCPU1_GB,
        image="ubuntu-18-04-x64",
        region=digitalocean.Region.NYC3)
    web_firewall = digitalocean.Firewall("web",
        name="only-22-80-and-443",
        droplet_ids=[web.id],
        inbound_rules=[
            {
                "protocol": "tcp",
                "port_range": "22",
                "source_addresses": [
                    "192.168.1.0/24",
                    "2002:1:2::/48",
                ],
            },
            {
                "protocol": "tcp",
                "port_range": "80",
                "source_addresses": [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
            {
                "protocol": "tcp",
                "port_range": "443",
                "source_addresses": [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
            {
                "protocol": "icmp",
                "source_addresses": [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
        ],
        outbound_rules=[
            {
                "protocol": "tcp",
                "port_range": "53",
                "destination_addresses": [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
            {
                "protocol": "udp",
                "port_range": "53",
                "destination_addresses": [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
            {
                "protocol": "icmp",
                "destination_addresses": [
                    "0.0.0.0/0",
                    "::/0",
                ],
            },
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-digitalocean/sdk/v4/go/digitalocean"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		web, err := digitalocean.NewDroplet(ctx, "web", &digitalocean.DropletArgs{
    			Name:   pulumi.String("web-1"),
    			Size:   pulumi.String(digitalocean.DropletSlugDropletS1VCPU1GB),
    			Image:  pulumi.String("ubuntu-18-04-x64"),
    			Region: pulumi.String(digitalocean.RegionNYC3),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = digitalocean.NewFirewall(ctx, "web", &digitalocean.FirewallArgs{
    			Name: pulumi.String("only-22-80-and-443"),
    			DropletIds: pulumi.IntArray{
    				web.ID(),
    			},
    			InboundRules: digitalocean.FirewallInboundRuleArray{
    				&digitalocean.FirewallInboundRuleArgs{
    					Protocol:  pulumi.String("tcp"),
    					PortRange: pulumi.String("22"),
    					SourceAddresses: pulumi.StringArray{
    						pulumi.String("192.168.1.0/24"),
    						pulumi.String("2002:1:2::/48"),
    					},
    				},
    				&digitalocean.FirewallInboundRuleArgs{
    					Protocol:  pulumi.String("tcp"),
    					PortRange: pulumi.String("80"),
    					SourceAddresses: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    						pulumi.String("::/0"),
    					},
    				},
    				&digitalocean.FirewallInboundRuleArgs{
    					Protocol:  pulumi.String("tcp"),
    					PortRange: pulumi.String("443"),
    					SourceAddresses: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    						pulumi.String("::/0"),
    					},
    				},
    				&digitalocean.FirewallInboundRuleArgs{
    					Protocol: pulumi.String("icmp"),
    					SourceAddresses: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    						pulumi.String("::/0"),
    					},
    				},
    			},
    			OutboundRules: digitalocean.FirewallOutboundRuleArray{
    				&digitalocean.FirewallOutboundRuleArgs{
    					Protocol:  pulumi.String("tcp"),
    					PortRange: pulumi.String("53"),
    					DestinationAddresses: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    						pulumi.String("::/0"),
    					},
    				},
    				&digitalocean.FirewallOutboundRuleArgs{
    					Protocol:  pulumi.String("udp"),
    					PortRange: pulumi.String("53"),
    					DestinationAddresses: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    						pulumi.String("::/0"),
    					},
    				},
    				&digitalocean.FirewallOutboundRuleArgs{
    					Protocol: pulumi.String("icmp"),
    					DestinationAddresses: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    						pulumi.String("::/0"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using DigitalOcean = Pulumi.DigitalOcean;
    
    return await Deployment.RunAsync(() => 
    {
        var web = new DigitalOcean.Droplet("web", new()
        {
            Name = "web-1",
            Size = DigitalOcean.DropletSlug.DropletS1VCPU1GB,
            Image = "ubuntu-18-04-x64",
            Region = DigitalOcean.Region.NYC3,
        });
    
        var webFirewall = new DigitalOcean.Firewall("web", new()
        {
            Name = "only-22-80-and-443",
            DropletIds = new[]
            {
                web.Id,
            },
            InboundRules = new[]
            {
                new DigitalOcean.Inputs.FirewallInboundRuleArgs
                {
                    Protocol = "tcp",
                    PortRange = "22",
                    SourceAddresses = new[]
                    {
                        "192.168.1.0/24",
                        "2002:1:2::/48",
                    },
                },
                new DigitalOcean.Inputs.FirewallInboundRuleArgs
                {
                    Protocol = "tcp",
                    PortRange = "80",
                    SourceAddresses = new[]
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
                new DigitalOcean.Inputs.FirewallInboundRuleArgs
                {
                    Protocol = "tcp",
                    PortRange = "443",
                    SourceAddresses = new[]
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
                new DigitalOcean.Inputs.FirewallInboundRuleArgs
                {
                    Protocol = "icmp",
                    SourceAddresses = new[]
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
            },
            OutboundRules = new[]
            {
                new DigitalOcean.Inputs.FirewallOutboundRuleArgs
                {
                    Protocol = "tcp",
                    PortRange = "53",
                    DestinationAddresses = new[]
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
                new DigitalOcean.Inputs.FirewallOutboundRuleArgs
                {
                    Protocol = "udp",
                    PortRange = "53",
                    DestinationAddresses = new[]
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
                new DigitalOcean.Inputs.FirewallOutboundRuleArgs
                {
                    Protocol = "icmp",
                    DestinationAddresses = new[]
                    {
                        "0.0.0.0/0",
                        "::/0",
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.digitalocean.Droplet;
    import com.pulumi.digitalocean.DropletArgs;
    import com.pulumi.digitalocean.Firewall;
    import com.pulumi.digitalocean.FirewallArgs;
    import com.pulumi.digitalocean.inputs.FirewallInboundRuleArgs;
    import com.pulumi.digitalocean.inputs.FirewallOutboundRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var web = new Droplet("web", DropletArgs.builder()
                .name("web-1")
                .size("s-1vcpu-1gb")
                .image("ubuntu-18-04-x64")
                .region("nyc3")
                .build());
    
            var webFirewall = new Firewall("webFirewall", FirewallArgs.builder()
                .name("only-22-80-and-443")
                .dropletIds(web.id())
                .inboundRules(            
                    FirewallInboundRuleArgs.builder()
                        .protocol("tcp")
                        .portRange("22")
                        .sourceAddresses(                    
                            "192.168.1.0/24",
                            "2002:1:2::/48")
                        .build(),
                    FirewallInboundRuleArgs.builder()
                        .protocol("tcp")
                        .portRange("80")
                        .sourceAddresses(                    
                            "0.0.0.0/0",
                            "::/0")
                        .build(),
                    FirewallInboundRuleArgs.builder()
                        .protocol("tcp")
                        .portRange("443")
                        .sourceAddresses(                    
                            "0.0.0.0/0",
                            "::/0")
                        .build(),
                    FirewallInboundRuleArgs.builder()
                        .protocol("icmp")
                        .sourceAddresses(                    
                            "0.0.0.0/0",
                            "::/0")
                        .build())
                .outboundRules(            
                    FirewallOutboundRuleArgs.builder()
                        .protocol("tcp")
                        .portRange("53")
                        .destinationAddresses(                    
                            "0.0.0.0/0",
                            "::/0")
                        .build(),
                    FirewallOutboundRuleArgs.builder()
                        .protocol("udp")
                        .portRange("53")
                        .destinationAddresses(                    
                            "0.0.0.0/0",
                            "::/0")
                        .build(),
                    FirewallOutboundRuleArgs.builder()
                        .protocol("icmp")
                        .destinationAddresses(                    
                            "0.0.0.0/0",
                            "::/0")
                        .build())
                .build());
    
        }
    }
    
    resources:
      web:
        type: digitalocean:Droplet
        properties:
          name: web-1
          size: s-1vcpu-1gb
          image: ubuntu-18-04-x64
          region: nyc3
      webFirewall:
        type: digitalocean:Firewall
        name: web
        properties:
          name: only-22-80-and-443
          dropletIds:
            - ${web.id}
          inboundRules:
            - protocol: tcp
              portRange: '22'
              sourceAddresses:
                - 192.168.1.0/24
                - 2002:1:2::/48
            - protocol: tcp
              portRange: '80'
              sourceAddresses:
                - 0.0.0.0/0
                - ::/0
            - protocol: tcp
              portRange: '443'
              sourceAddresses:
                - 0.0.0.0/0
                - ::/0
            - protocol: icmp
              sourceAddresses:
                - 0.0.0.0/0
                - ::/0
          outboundRules:
            - protocol: tcp
              portRange: '53'
              destinationAddresses:
                - 0.0.0.0/0
                - ::/0
            - protocol: udp
              portRange: '53'
              destinationAddresses:
                - 0.0.0.0/0
                - ::/0
            - protocol: icmp
              destinationAddresses:
                - 0.0.0.0/0
                - ::/0
    

    Create Firewall Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);
    @overload
    def Firewall(resource_name: str,
                 args: Optional[FirewallArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Firewall(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 droplet_ids: Optional[Sequence[int]] = None,
                 inbound_rules: Optional[Sequence[FirewallInboundRuleArgs]] = None,
                 name: Optional[str] = None,
                 outbound_rules: Optional[Sequence[FirewallOutboundRuleArgs]] = None,
                 tags: Optional[Sequence[str]] = None)
    func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)
    public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
    public Firewall(String name, FirewallArgs args)
    public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
    
    type: digitalocean:Firewall
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var firewallResource = new DigitalOcean.Firewall("firewallResource", new()
    {
        DropletIds = new[]
        {
            0,
        },
        InboundRules = new[]
        {
            new DigitalOcean.Inputs.FirewallInboundRuleArgs
            {
                Protocol = "string",
                PortRange = "string",
                SourceAddresses = new[]
                {
                    "string",
                },
                SourceDropletIds = new[]
                {
                    0,
                },
                SourceKubernetesIds = new[]
                {
                    "string",
                },
                SourceLoadBalancerUids = new[]
                {
                    "string",
                },
                SourceTags = new[]
                {
                    "string",
                },
            },
        },
        Name = "string",
        OutboundRules = new[]
        {
            new DigitalOcean.Inputs.FirewallOutboundRuleArgs
            {
                Protocol = "string",
                DestinationAddresses = new[]
                {
                    "string",
                },
                DestinationDropletIds = new[]
                {
                    0,
                },
                DestinationKubernetesIds = new[]
                {
                    "string",
                },
                DestinationLoadBalancerUids = new[]
                {
                    "string",
                },
                DestinationTags = new[]
                {
                    "string",
                },
                PortRange = "string",
            },
        },
        Tags = new[]
        {
            "string",
        },
    });
    
    example, err := digitalocean.NewFirewall(ctx, "firewallResource", &digitalocean.FirewallArgs{
    	DropletIds: pulumi.IntArray{
    		pulumi.Int(0),
    	},
    	InboundRules: digitalocean.FirewallInboundRuleArray{
    		&digitalocean.FirewallInboundRuleArgs{
    			Protocol:  pulumi.String("string"),
    			PortRange: pulumi.String("string"),
    			SourceAddresses: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			SourceDropletIds: pulumi.IntArray{
    				pulumi.Int(0),
    			},
    			SourceKubernetesIds: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			SourceLoadBalancerUids: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			SourceTags: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	Name: pulumi.String("string"),
    	OutboundRules: digitalocean.FirewallOutboundRuleArray{
    		&digitalocean.FirewallOutboundRuleArgs{
    			Protocol: pulumi.String("string"),
    			DestinationAddresses: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DestinationDropletIds: pulumi.IntArray{
    				pulumi.Int(0),
    			},
    			DestinationKubernetesIds: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DestinationLoadBalancerUids: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			DestinationTags: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			PortRange: pulumi.String("string"),
    		},
    	},
    	Tags: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var firewallResource = new Firewall("firewallResource", FirewallArgs.builder()
        .dropletIds(0)
        .inboundRules(FirewallInboundRuleArgs.builder()
            .protocol("string")
            .portRange("string")
            .sourceAddresses("string")
            .sourceDropletIds(0)
            .sourceKubernetesIds("string")
            .sourceLoadBalancerUids("string")
            .sourceTags("string")
            .build())
        .name("string")
        .outboundRules(FirewallOutboundRuleArgs.builder()
            .protocol("string")
            .destinationAddresses("string")
            .destinationDropletIds(0)
            .destinationKubernetesIds("string")
            .destinationLoadBalancerUids("string")
            .destinationTags("string")
            .portRange("string")
            .build())
        .tags("string")
        .build());
    
    firewall_resource = digitalocean.Firewall("firewallResource",
        droplet_ids=[0],
        inbound_rules=[{
            "protocol": "string",
            "port_range": "string",
            "source_addresses": ["string"],
            "source_droplet_ids": [0],
            "source_kubernetes_ids": ["string"],
            "source_load_balancer_uids": ["string"],
            "source_tags": ["string"],
        }],
        name="string",
        outbound_rules=[{
            "protocol": "string",
            "destination_addresses": ["string"],
            "destination_droplet_ids": [0],
            "destination_kubernetes_ids": ["string"],
            "destination_load_balancer_uids": ["string"],
            "destination_tags": ["string"],
            "port_range": "string",
        }],
        tags=["string"])
    
    const firewallResource = new digitalocean.Firewall("firewallResource", {
        dropletIds: [0],
        inboundRules: [{
            protocol: "string",
            portRange: "string",
            sourceAddresses: ["string"],
            sourceDropletIds: [0],
            sourceKubernetesIds: ["string"],
            sourceLoadBalancerUids: ["string"],
            sourceTags: ["string"],
        }],
        name: "string",
        outboundRules: [{
            protocol: "string",
            destinationAddresses: ["string"],
            destinationDropletIds: [0],
            destinationKubernetesIds: ["string"],
            destinationLoadBalancerUids: ["string"],
            destinationTags: ["string"],
            portRange: "string",
        }],
        tags: ["string"],
    });
    
    type: digitalocean:Firewall
    properties:
        dropletIds:
            - 0
        inboundRules:
            - portRange: string
              protocol: string
              sourceAddresses:
                - string
              sourceDropletIds:
                - 0
              sourceKubernetesIds:
                - string
              sourceLoadBalancerUids:
                - string
              sourceTags:
                - string
        name: string
        outboundRules:
            - destinationAddresses:
                - string
              destinationDropletIds:
                - 0
              destinationKubernetesIds:
                - string
              destinationLoadBalancerUids:
                - string
              destinationTags:
                - string
              portRange: string
              protocol: string
        tags:
            - string
    

    Firewall Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Firewall resource accepts the following input properties:

    DropletIds List<int>
    The list of the IDs of the Droplets assigned to the Firewall.
    InboundRules List<Pulumi.DigitalOcean.Inputs.FirewallInboundRule>
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    Name string
    The Firewall name
    OutboundRules List<Pulumi.DigitalOcean.Inputs.FirewallOutboundRule>
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    Tags List<string>
    The names of the Tags assigned to the Firewall.
    DropletIds []int
    The list of the IDs of the Droplets assigned to the Firewall.
    InboundRules []FirewallInboundRuleArgs
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    Name string
    The Firewall name
    OutboundRules []FirewallOutboundRuleArgs
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    Tags []string
    The names of the Tags assigned to the Firewall.
    dropletIds List<Integer>
    The list of the IDs of the Droplets assigned to the Firewall.
    inboundRules List<FirewallInboundRule>
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    name String
    The Firewall name
    outboundRules List<FirewallOutboundRule>
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    tags List<String>
    The names of the Tags assigned to the Firewall.
    dropletIds number[]
    The list of the IDs of the Droplets assigned to the Firewall.
    inboundRules FirewallInboundRule[]
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    name string
    The Firewall name
    outboundRules FirewallOutboundRule[]
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    tags string[]
    The names of the Tags assigned to the Firewall.
    droplet_ids Sequence[int]
    The list of the IDs of the Droplets assigned to the Firewall.
    inbound_rules Sequence[FirewallInboundRuleArgs]
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    name str
    The Firewall name
    outbound_rules Sequence[FirewallOutboundRuleArgs]
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    tags Sequence[str]
    The names of the Tags assigned to the Firewall.
    dropletIds List<Number>
    The list of the IDs of the Droplets assigned to the Firewall.
    inboundRules List<Property Map>
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    name String
    The Firewall name
    outboundRules List<Property Map>
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    tags List<String>
    The names of the Tags assigned to the Firewall.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

    CreatedAt string
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    PendingChanges List<Pulumi.DigitalOcean.Outputs.FirewallPendingChange>
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    Status string
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    CreatedAt string
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    PendingChanges []FirewallPendingChange
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    Status string
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    createdAt String
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    id String
    The provider-assigned unique ID for this managed resource.
    pendingChanges List<FirewallPendingChange>
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    status String
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    createdAt string
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    id string
    The provider-assigned unique ID for this managed resource.
    pendingChanges FirewallPendingChange[]
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    status string
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    created_at str
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    id str
    The provider-assigned unique ID for this managed resource.
    pending_changes Sequence[FirewallPendingChange]
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    status str
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    createdAt String
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    id String
    The provider-assigned unique ID for this managed resource.
    pendingChanges List<Property Map>
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    status String
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

    Look up Existing Firewall Resource

    Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            created_at: Optional[str] = None,
            droplet_ids: Optional[Sequence[int]] = None,
            inbound_rules: Optional[Sequence[FirewallInboundRuleArgs]] = None,
            name: Optional[str] = None,
            outbound_rules: Optional[Sequence[FirewallOutboundRuleArgs]] = None,
            pending_changes: Optional[Sequence[FirewallPendingChangeArgs]] = None,
            status: Optional[str] = None,
            tags: Optional[Sequence[str]] = None) -> Firewall
    func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
    public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
    public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CreatedAt string
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    DropletIds List<int>
    The list of the IDs of the Droplets assigned to the Firewall.
    InboundRules List<Pulumi.DigitalOcean.Inputs.FirewallInboundRule>
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    Name string
    The Firewall name
    OutboundRules List<Pulumi.DigitalOcean.Inputs.FirewallOutboundRule>
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    PendingChanges List<Pulumi.DigitalOcean.Inputs.FirewallPendingChange>
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    Status string
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    Tags List<string>
    The names of the Tags assigned to the Firewall.
    CreatedAt string
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    DropletIds []int
    The list of the IDs of the Droplets assigned to the Firewall.
    InboundRules []FirewallInboundRuleArgs
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    Name string
    The Firewall name
    OutboundRules []FirewallOutboundRuleArgs
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    PendingChanges []FirewallPendingChangeArgs
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    Status string
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    Tags []string
    The names of the Tags assigned to the Firewall.
    createdAt String
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    dropletIds List<Integer>
    The list of the IDs of the Droplets assigned to the Firewall.
    inboundRules List<FirewallInboundRule>
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    name String
    The Firewall name
    outboundRules List<FirewallOutboundRule>
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    pendingChanges List<FirewallPendingChange>
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    status String
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    tags List<String>
    The names of the Tags assigned to the Firewall.
    createdAt string
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    dropletIds number[]
    The list of the IDs of the Droplets assigned to the Firewall.
    inboundRules FirewallInboundRule[]
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    name string
    The Firewall name
    outboundRules FirewallOutboundRule[]
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    pendingChanges FirewallPendingChange[]
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    status string
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    tags string[]
    The names of the Tags assigned to the Firewall.
    created_at str
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    droplet_ids Sequence[int]
    The list of the IDs of the Droplets assigned to the Firewall.
    inbound_rules Sequence[FirewallInboundRuleArgs]
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    name str
    The Firewall name
    outbound_rules Sequence[FirewallOutboundRuleArgs]
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    pending_changes Sequence[FirewallPendingChangeArgs]
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    status str
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    tags Sequence[str]
    The names of the Tags assigned to the Firewall.
    createdAt String
    A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
    dropletIds List<Number>
    The list of the IDs of the Droplets assigned to the Firewall.
    inboundRules List<Property Map>
    The inbound access rule block for the Firewall. The inbound_rule block is documented below.
    name String
    The Firewall name
    outboundRules List<Property Map>
    The outbound access rule block for the Firewall. The outbound_rule block is documented below.
    pendingChanges List<Property Map>
    An list of object containing the fields, "droplet_id", "removing", and "status". It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
    status String
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    tags List<String>
    The names of the Tags assigned to the Firewall.

    Supporting Types

    FirewallInboundRule, FirewallInboundRuleArgs

    Protocol string
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    PortRange string
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    SourceAddresses List<string>
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
    SourceDropletIds List<int>
    An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
    SourceKubernetesIds List<string>
    An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
    SourceLoadBalancerUids List<string>
    An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
    SourceTags List<string>
    An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
    Protocol string
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    PortRange string
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    SourceAddresses []string
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
    SourceDropletIds []int
    An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
    SourceKubernetesIds []string
    An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
    SourceLoadBalancerUids []string
    An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
    SourceTags []string
    An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
    protocol String
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    portRange String
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    sourceAddresses List<String>
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
    sourceDropletIds List<Integer>
    An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
    sourceKubernetesIds List<String>
    An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
    sourceLoadBalancerUids List<String>
    An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
    sourceTags List<String>
    An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
    protocol string
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    portRange string
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    sourceAddresses string[]
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
    sourceDropletIds number[]
    An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
    sourceKubernetesIds string[]
    An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
    sourceLoadBalancerUids string[]
    An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
    sourceTags string[]
    An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
    protocol str
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    port_range str
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    source_addresses Sequence[str]
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
    source_droplet_ids Sequence[int]
    An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
    source_kubernetes_ids Sequence[str]
    An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
    source_load_balancer_uids Sequence[str]
    An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
    source_tags Sequence[str]
    An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.
    protocol String
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    portRange String
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    sourceAddresses List<String>
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
    sourceDropletIds List<Number>
    An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
    sourceKubernetesIds List<String>
    An array containing the IDs of the Kubernetes clusters from which the inbound traffic will be accepted.
    sourceLoadBalancerUids List<String>
    An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
    sourceTags List<String>
    An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

    FirewallOutboundRule, FirewallOutboundRuleArgs

    Protocol string
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    DestinationAddresses List<string>
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
    DestinationDropletIds List<int>
    An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
    DestinationKubernetesIds List<string>
    An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
    DestinationLoadBalancerUids List<string>
    An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
    DestinationTags List<string>
    An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
    PortRange string
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    Protocol string
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    DestinationAddresses []string
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
    DestinationDropletIds []int
    An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
    DestinationKubernetesIds []string
    An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
    DestinationLoadBalancerUids []string
    An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
    DestinationTags []string
    An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
    PortRange string
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    protocol String
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    destinationAddresses List<String>
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
    destinationDropletIds List<Integer>
    An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
    destinationKubernetesIds List<String>
    An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
    destinationLoadBalancerUids List<String>
    An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
    destinationTags List<String>
    An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
    portRange String
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    protocol string
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    destinationAddresses string[]
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
    destinationDropletIds number[]
    An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
    destinationKubernetesIds string[]
    An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
    destinationLoadBalancerUids string[]
    An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
    destinationTags string[]
    An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
    portRange string
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    protocol str
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    destination_addresses Sequence[str]
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
    destination_droplet_ids Sequence[int]
    An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
    destination_kubernetes_ids Sequence[str]
    An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
    destination_load_balancer_uids Sequence[str]
    An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
    destination_tags Sequence[str]
    An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
    port_range str
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.
    protocol String
    The type of traffic to be allowed. This may be one of "tcp", "udp", or "icmp".
    destinationAddresses List<String>
    An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
    destinationDropletIds List<Number>
    An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
    destinationKubernetesIds List<String>
    An array containing the IDs of the Kubernetes clusters to which the outbound traffic will be allowed.
    destinationLoadBalancerUids List<String>
    An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
    destinationTags List<String>
    An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed.
    portRange String
    The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. "8000-9000"), or "1-65535" to open all ports for a protocol. Required for when protocol is tcp or udp.

    FirewallPendingChange, FirewallPendingChangeArgs

    DropletId int
    Removing bool
    Status string
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    DropletId int
    Removing bool
    Status string
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    dropletId Integer
    removing Boolean
    status String
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    dropletId number
    removing boolean
    status string
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    droplet_id int
    removing bool
    status str
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".
    dropletId Number
    removing Boolean
    status String
    A status string indicating the current state of the Firewall. This can be "waiting", "succeeded", or "failed".

    Import

    Firewalls can be imported using the firewall id, e.g.

    $ pulumi import digitalocean:index/firewall:Firewall myfirewall b8ecd2ab-2267-4a5e-8692-cbf1d32583e3
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    DigitalOcean pulumi/pulumi-digitalocean
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the digitalocean Terraform Provider.
    digitalocean logo
    DigitalOcean v4.36.0 published on Wednesday, Dec 4, 2024 by Pulumi