Fastly v11.0.0, Sep 4 25

Fastly v11.0.0 published on Thursday, Sep 4, 2025 by Pulumi

fastly.NgwafWorkspace

Fastly v11.0.0 published on Thursday, Sep 4, 2025 by Pulumi

pulumi/pulumi-fastly

Example Usage

Basic usage:

Example coming soon!

Example coming soon!

Example coming soon!

Example coming soon!

Example coming soon!

resources:
  demo:
    type: fastly:NgwafWorkspace
    properties:
      name: demofastly
      forceDestroy: true

Create NgwafWorkspace Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new NgwafWorkspace(name: string, args: NgwafWorkspaceArgs, opts?: CustomResourceOptions);

@overload
def NgwafWorkspace(resource_name: str,
                   args: NgwafWorkspaceArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def NgwafWorkspace(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   attack_signal_thresholds: Optional[NgwafWorkspaceAttackSignalThresholdsArgs] = None,
                   description: Optional[str] = None,
                   mode: Optional[str] = None,
                   client_ip_headers: Optional[Sequence[str]] = None,
                   default_blocking_response_code: Optional[int] = None,
                   ip_anonymization: Optional[str] = None,
                   name: Optional[str] = None)

func NewNgwafWorkspace(ctx *Context, name string, args NgwafWorkspaceArgs, opts ...ResourceOption) (*NgwafWorkspace, error)

public NgwafWorkspace(string name, NgwafWorkspaceArgs args, CustomResourceOptions? opts = null)

public NgwafWorkspace(String name, NgwafWorkspaceArgs args)
public NgwafWorkspace(String name, NgwafWorkspaceArgs args, CustomResourceOptions options)

type: fastly:NgwafWorkspace
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args NgwafWorkspaceArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args NgwafWorkspaceArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args NgwafWorkspaceArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args NgwafWorkspaceArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args NgwafWorkspaceArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var ngwafWorkspaceResource = new Fastly.NgwafWorkspace("ngwafWorkspaceResource", new()
{
    AttackSignalThresholds = new Fastly.Inputs.NgwafWorkspaceAttackSignalThresholdsArgs
    {
        Immediate = false,
        OneHour = 0,
        OneMinute = 0,
        TenMinutes = 0,
    },
    Description = "string",
    Mode = "string",
    ClientIpHeaders = new[]
    {
        "string",
    },
    DefaultBlockingResponseCode = 0,
    IpAnonymization = "string",
    Name = "string",
});

example, err := fastly.NewNgwafWorkspace(ctx, "ngwafWorkspaceResource", &fastly.NgwafWorkspaceArgs{
	AttackSignalThresholds: &fastly.NgwafWorkspaceAttackSignalThresholdsArgs{
		Immediate:  pulumi.Bool(false),
		OneHour:    pulumi.Int(0),
		OneMinute:  pulumi.Int(0),
		TenMinutes: pulumi.Int(0),
	},
	Description: pulumi.String("string"),
	Mode:        pulumi.String("string"),
	ClientIpHeaders: pulumi.StringArray{
		pulumi.String("string"),
	},
	DefaultBlockingResponseCode: pulumi.Int(0),
	IpAnonymization:             pulumi.String("string"),
	Name:                        pulumi.String("string"),
})

var ngwafWorkspaceResource = new NgwafWorkspace("ngwafWorkspaceResource", NgwafWorkspaceArgs.builder()
    .attackSignalThresholds(NgwafWorkspaceAttackSignalThresholdsArgs.builder()
        .immediate(false)
        .oneHour(0)
        .oneMinute(0)
        .tenMinutes(0)
        .build())
    .description("string")
    .mode("string")
    .clientIpHeaders("string")
    .defaultBlockingResponseCode(0)
    .ipAnonymization("string")
    .name("string")
    .build());

ngwaf_workspace_resource = fastly.NgwafWorkspace("ngwafWorkspaceResource",
    attack_signal_thresholds={
        "immediate": False,
        "one_hour": 0,
        "one_minute": 0,
        "ten_minutes": 0,
    },
    description="string",
    mode="string",
    client_ip_headers=["string"],
    default_blocking_response_code=0,
    ip_anonymization="string",
    name="string")

const ngwafWorkspaceResource = new fastly.NgwafWorkspace("ngwafWorkspaceResource", {
    attackSignalThresholds: {
        immediate: false,
        oneHour: 0,
        oneMinute: 0,
        tenMinutes: 0,
    },
    description: "string",
    mode: "string",
    clientIpHeaders: ["string"],
    defaultBlockingResponseCode: 0,
    ipAnonymization: "string",
    name: "string",
});

type: fastly:NgwafWorkspace
properties:
    attackSignalThresholds:
        immediate: false
        oneHour: 0
        oneMinute: 0
        tenMinutes: 0
    clientIpHeaders:
        - string
    defaultBlockingResponseCode: 0
    description: string
    ipAnonymization: string
    mode: string
    name: string

NgwafWorkspace Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The NgwafWorkspace resource accepts the following input properties:

AttackSignalThresholds NgwafWorkspaceAttackSignalThresholds: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
Description string: The description of the workspace
Mode string: The operation mode of the workspace. Accepted values are off, block, and log.
ClientIpHeaders List<string>: Specifies the request headers containing the client IP address. Maximum of 10 header names.
DefaultBlockingResponseCode int: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
IpAnonymization string: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
Name string: The display name of the workspace.

AttackSignalThresholds NgwafWorkspaceAttackSignalThresholdsArgs: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
Description string: The description of the workspace
Mode string: The operation mode of the workspace. Accepted values are off, block, and log.
ClientIpHeaders []string: Specifies the request headers containing the client IP address. Maximum of 10 header names.
DefaultBlockingResponseCode int: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
IpAnonymization string: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
Name string: The display name of the workspace.

attackSignalThresholds NgwafWorkspaceAttackSignalThresholds: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
description String: The description of the workspace
mode String: The operation mode of the workspace. Accepted values are off, block, and log.
clientIpHeaders List<String>: Specifies the request headers containing the client IP address. Maximum of 10 header names.
defaultBlockingResponseCode Integer: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
ipAnonymization String: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
name String: The display name of the workspace.

attackSignalThresholds NgwafWorkspaceAttackSignalThresholds: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
description string: The description of the workspace
mode string: The operation mode of the workspace. Accepted values are off, block, and log.
clientIpHeaders string[]: Specifies the request headers containing the client IP address. Maximum of 10 header names.
defaultBlockingResponseCode number: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
ipAnonymization string: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
name string: The display name of the workspace.

attack_signal_thresholds NgwafWorkspaceAttackSignalThresholdsArgs: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
description str: The description of the workspace
mode str: The operation mode of the workspace. Accepted values are off, block, and log.
client_ip_headers Sequence[str]: Specifies the request headers containing the client IP address. Maximum of 10 header names.
default_blocking_response_code int: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
ip_anonymization str: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
name str: The display name of the workspace.

attackSignalThresholds Property Map: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
description String: The description of the workspace
mode String: The operation mode of the workspace. Accepted values are off, block, and log.
clientIpHeaders List<String>: Specifies the request headers containing the client IP address. Maximum of 10 header names.
defaultBlockingResponseCode Number: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
ipAnonymization String: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
name String: The display name of the workspace.

Outputs

All input properties are implicitly available as output properties. Additionally, the NgwafWorkspace resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing NgwafWorkspace Resource

Get an existing NgwafWorkspace resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: NgwafWorkspaceState, opts?: CustomResourceOptions): NgwafWorkspace

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        attack_signal_thresholds: Optional[NgwafWorkspaceAttackSignalThresholdsArgs] = None,
        client_ip_headers: Optional[Sequence[str]] = None,
        default_blocking_response_code: Optional[int] = None,
        description: Optional[str] = None,
        ip_anonymization: Optional[str] = None,
        mode: Optional[str] = None,
        name: Optional[str] = None) -> NgwafWorkspace

func GetNgwafWorkspace(ctx *Context, name string, id IDInput, state *NgwafWorkspaceState, opts ...ResourceOption) (*NgwafWorkspace, error)

public static NgwafWorkspace Get(string name, Input<string> id, NgwafWorkspaceState? state, CustomResourceOptions? opts = null)

public static NgwafWorkspace get(String name, Output<String> id, NgwafWorkspaceState state, CustomResourceOptions options)

resources:  _:    type: fastly:NgwafWorkspace    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AttackSignalThresholds NgwafWorkspaceAttackSignalThresholds: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
ClientIpHeaders List<string>: Specifies the request headers containing the client IP address. Maximum of 10 header names.
DefaultBlockingResponseCode int: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
Description string: The description of the workspace
IpAnonymization string: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
Mode string: The operation mode of the workspace. Accepted values are off, block, and log.
Name string: The display name of the workspace.

AttackSignalThresholds NgwafWorkspaceAttackSignalThresholdsArgs: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
ClientIpHeaders []string: Specifies the request headers containing the client IP address. Maximum of 10 header names.
DefaultBlockingResponseCode int: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
Description string: The description of the workspace
IpAnonymization string: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
Mode string: The operation mode of the workspace. Accepted values are off, block, and log.
Name string: The display name of the workspace.

attackSignalThresholds NgwafWorkspaceAttackSignalThresholds: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
clientIpHeaders List<String>: Specifies the request headers containing the client IP address. Maximum of 10 header names.
defaultBlockingResponseCode Integer: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
description String: The description of the workspace
ipAnonymization String: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
mode String: The operation mode of the workspace. Accepted values are off, block, and log.
name String: The display name of the workspace.

attackSignalThresholds NgwafWorkspaceAttackSignalThresholds: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
clientIpHeaders string[]: Specifies the request headers containing the client IP address. Maximum of 10 header names.
defaultBlockingResponseCode number: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
description string: The description of the workspace
ipAnonymization string: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
mode string: The operation mode of the workspace. Accepted values are off, block, and log.
name string: The display name of the workspace.

attack_signal_thresholds NgwafWorkspaceAttackSignalThresholdsArgs: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
client_ip_headers Sequence[str]: Specifies the request headers containing the client IP address. Maximum of 10 header names.
default_blocking_response_code int: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
description str: The description of the workspace
ip_anonymization str: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
mode str: The operation mode of the workspace. Accepted values are off, block, and log.
name str: The display name of the workspace.

attackSignalThresholds Property Map: Attack threshold parameters for system site alerts. Each threshold value is the number of attack signals per IP address that must be detected during the interval before the related IP address is flagged. If no values are set then the default value for each field will be applied
clientIpHeaders List<String>: Specifies the request headers containing the client IP address. Maximum of 10 header names.
defaultBlockingResponseCode Number: The status code returned when a request is blocked. This configuration is applied at the workspace but can be overwritten in rules. Accepted values are [301, 302, 400..599]. Default value 406.
description String: The description of the workspace
ipAnonymization String: Agents will anonymize IP addresses according to the option selected. Accepted value is hashed.
mode String: The operation mode of the workspace. Accepted values are off, block, and log.
name String: The display name of the workspace.

Supporting Types

NgwafWorkspaceAttackSignalThresholds, NgwafWorkspaceAttackSignalThresholdsArgs

Immediate bool: Ignore thresholds and block immediately when at least one attack signal is detected. Default value false.
OneHour int: The one-hour interval threshold. Minimum 1 and maximum 10,000. Default value 100.
OneMinute int: The one-minute interval threshold. Minimum 1 and maximum 10,000. Default value 1.
TenMinutes int: The ten-minute interval threshold. Minimum 1 and maximum 10,000. Default value 60.

Immediate bool: Ignore thresholds and block immediately when at least one attack signal is detected. Default value false.
OneHour int: The one-hour interval threshold. Minimum 1 and maximum 10,000. Default value 100.
OneMinute int: The one-minute interval threshold. Minimum 1 and maximum 10,000. Default value 1.
TenMinutes int: The ten-minute interval threshold. Minimum 1 and maximum 10,000. Default value 60.

immediate Boolean: Ignore thresholds and block immediately when at least one attack signal is detected. Default value false.
oneHour Integer: The one-hour interval threshold. Minimum 1 and maximum 10,000. Default value 100.
oneMinute Integer: The one-minute interval threshold. Minimum 1 and maximum 10,000. Default value 1.
tenMinutes Integer: The ten-minute interval threshold. Minimum 1 and maximum 10,000. Default value 60.

immediate boolean: Ignore thresholds and block immediately when at least one attack signal is detected. Default value false.
oneHour number: The one-hour interval threshold. Minimum 1 and maximum 10,000. Default value 100.
oneMinute number: The one-minute interval threshold. Minimum 1 and maximum 10,000. Default value 1.
tenMinutes number: The ten-minute interval threshold. Minimum 1 and maximum 10,000. Default value 60.

immediate bool: Ignore thresholds and block immediately when at least one attack signal is detected. Default value false.
one_hour int: The one-hour interval threshold. Minimum 1 and maximum 10,000. Default value 100.
one_minute int: The one-minute interval threshold. Minimum 1 and maximum 10,000. Default value 1.
ten_minutes int: The ten-minute interval threshold. Minimum 1 and maximum 10,000. Default value 60.

immediate Boolean: Ignore thresholds and block immediately when at least one attack signal is detected. Default value false.
oneHour Number: The one-hour interval threshold. Minimum 1 and maximum 10,000. Default value 100.
oneMinute Number: The one-minute interval threshold. Minimum 1 and maximum 10,000. Default value 1.
tenMinutes Number: The ten-minute interval threshold. Minimum 1 and maximum 10,000. Default value 60.

Import

Fastly Next-Gen WAF Workspaces can be imported using their workspace ID, e.g.

$ pulumi import fastly:index/ngwafWorkspace:NgwafWorkspace demo xxxxxxxxxxxxxxxxxxxx

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Fastly pulumi/pulumi-fastly
License: Apache-2.0
Notes: This Pulumi package is based on the fastly Terraform Provider.

Fastly v11.0.0 published on Thursday, Sep 4, 2025 by Pulumi

pulumi/pulumi-fastly

fastly.NgwafWorkspace

On this page

On this page

Example Usage

Create NgwafWorkspace Resource

Constructor syntax

Parameters

Constructor example

NgwafWorkspace Resource Properties

Inputs

Outputs

Look up Existing NgwafWorkspace Resource

Supporting Types

NgwafWorkspaceAttackSignalThresholds, NgwafWorkspaceAttackSignalThresholdsArgs

Import

Package Details

On this page

On this page