Google Cloud Native v0.30.0, Apr 14 23

google-native.compute/beta.Firewall

Explore with Pulumi AI

Creates a firewall rule in the specified project using the data included in the request.

Create Firewall Resource

new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);

@overload
def Firewall(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             allowed: Optional[Sequence[FirewallAllowedItemArgs]] = None,
             denied: Optional[Sequence[FirewallDeniedItemArgs]] = None,
             description: Optional[str] = None,
             destination_ranges: Optional[Sequence[str]] = None,
             direction: Optional[FirewallDirection] = None,
             disabled: Optional[bool] = None,
             enable_logging: Optional[bool] = None,
             log_config: Optional[FirewallLogConfigArgs] = None,
             name: Optional[str] = None,
             network: Optional[str] = None,
             priority: Optional[int] = None,
             project: Optional[str] = None,
             request_id: Optional[str] = None,
             source_ranges: Optional[Sequence[str]] = None,
             source_service_accounts: Optional[Sequence[str]] = None,
             source_tags: Optional[Sequence[str]] = None,
             target_service_accounts: Optional[Sequence[str]] = None,
             target_tags: Optional[Sequence[str]] = None)
@overload
def Firewall(resource_name: str,
             args: Optional[FirewallArgs] = None,
             opts: Optional[ResourceOptions] = None)

func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)

public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)

public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)

type: google-native:compute/beta:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Firewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Firewall resource accepts the following input properties:

Allowed List<Pulumi.GoogleNative.Compute.Beta.Inputs.FirewallAllowedItemArgs>

The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.

Denied List<Pulumi.GoogleNative.Compute.Beta.Inputs.FirewallDeniedItemArgs>

The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.

Description string

An optional description of this resource. Provide this field when you create the resource.

DestinationRanges List<string>

If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.

Direction Pulumi.GoogleNative.Compute.Beta.FirewallDirection

Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.

Disabled bool

Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.

EnableLogging bool

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

Deprecated:

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

LogConfig Pulumi.GoogleNative.Compute.Beta.Inputs.FirewallLogConfigArgs

This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.

Name string

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.

Network string

URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default

Priority int

Priority for this rule. This is an integer between 0 and 65535, both inclusive. The default value is 1000. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority 0 has higher precedence than a rule with priority 1. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of 65535. To avoid conflicts with the implied rules, use a priority number less than 65535.

Project string

RequestId string

An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).

SourceRanges List<string>

If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.

SourceServiceAccounts List<string>

If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.

SourceTags List<string>

If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.

TargetServiceAccounts List<string>

A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.

TargetTags List<string>

A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.

Allowed []FirewallAllowedItemArgs

The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.

Denied []FirewallDeniedItemArgs

The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.

Description string

An optional description of this resource. Provide this field when you create the resource.

DestinationRanges []string

Direction FirewallDirection

Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.

Disabled bool

EnableLogging bool

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

Deprecated:

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

LogConfig FirewallLogConfigArgs

This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.

Name string

Network string

Priority int

Project string

RequestId string

SourceRanges []string

SourceServiceAccounts []string

SourceTags []string

TargetServiceAccounts []string

TargetTags []string

allowed List<FirewallAllowedItemArgs>

The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.

denied List<FirewallDeniedItemArgs>

The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.

description String

An optional description of this resource. Provide this field when you create the resource.

destinationRanges List<String>

direction FirewallDirection

Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.

disabled Boolean

enableLogging Boolean

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

Deprecated:

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

logConfig FirewallLogConfigArgs

This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.

name String

network String

priority Integer

project String

requestId String

sourceRanges List<String>

sourceServiceAccounts List<String>

sourceTags List<String>

targetServiceAccounts List<String>

targetTags List<String>

allowed FirewallAllowedItemArgs[]

The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.

denied FirewallDeniedItemArgs[]

The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.

description string

An optional description of this resource. Provide this field when you create the resource.

destinationRanges string[]

direction FirewallDirection

Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.

disabled boolean

enableLogging boolean

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

Deprecated:

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

logConfig FirewallLogConfigArgs

This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.

name string

network string

priority number

project string

requestId string

sourceRanges string[]

sourceServiceAccounts string[]

sourceTags string[]

targetServiceAccounts string[]

targetTags string[]

allowed Sequence[FirewallAllowedItemArgs]

The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.

denied Sequence[FirewallDeniedItemArgs]

The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.

description str

An optional description of this resource. Provide this field when you create the resource.

destination_ranges Sequence[str]

direction FirewallDirection

Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.

disabled bool

enable_logging bool

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

Deprecated:

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

log_config FirewallLogConfigArgs

This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.

name str

network str

priority int

project str

request_id str

source_ranges Sequence[str]

source_service_accounts Sequence[str]

source_tags Sequence[str]

target_service_accounts Sequence[str]

target_tags Sequence[str]

allowed List<Property Map>

The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.

denied List<Property Map>

The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.

description String

An optional description of this resource. Provide this field when you create the resource.

destinationRanges List<String>

direction "EGRESS" | "INGRESS"

Direction of traffic to which this firewall applies, either INGRESS or EGRESS. The default is INGRESS. For EGRESS traffic, you cannot specify the sourceTags fields.

disabled Boolean

enableLogging Boolean

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

Deprecated:

Deprecated in favor of enable in LogConfig. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported t Cloud Logging.

logConfig Property Map

This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging.

name String

network String

priority Number

project String

requestId String

sourceRanges List<String>

sourceServiceAccounts List<String>

sourceTags List<String>

targetServiceAccounts List<String>

targetTags List<String>

Outputs

All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

CreationTimestamp string: Creation timestamp in RFC3339 text format.
Id string: The provider-assigned unique ID for this managed resource.
Kind string: Type of the resource. Always compute#firewall for firewall rules.
SelfLink string: Server-defined URL for the resource.

CreationTimestamp string: Creation timestamp in RFC3339 text format.
Id string: The provider-assigned unique ID for this managed resource.
Kind string: Type of the resource. Always compute#firewall for firewall rules.
SelfLink string: Server-defined URL for the resource.

creationTimestamp String: Creation timestamp in RFC3339 text format.
id String: The provider-assigned unique ID for this managed resource.
kind String: Type of the resource. Always compute#firewall for firewall rules.
selfLink String: Server-defined URL for the resource.

creationTimestamp string: Creation timestamp in RFC3339 text format.
id string: The provider-assigned unique ID for this managed resource.
kind string: Type of the resource. Always compute#firewall for firewall rules.
selfLink string: Server-defined URL for the resource.

creation_timestamp str: Creation timestamp in RFC3339 text format.
id str: The provider-assigned unique ID for this managed resource.
kind str: Type of the resource. Always compute#firewall for firewall rules.
self_link str: Server-defined URL for the resource.

creationTimestamp String: Creation timestamp in RFC3339 text format.
id String: The provider-assigned unique ID for this managed resource.
kind String: Type of the resource. Always compute#firewall for firewall rules.
selfLink String: Server-defined URL for the resource.

Supporting Types

FirewallAllowedItem

IpProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
Ports List<string>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

IpProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
Ports []string: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol String: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports List<String>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports string[]: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ip_protocol str: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports Sequence[str]: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol String: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports List<String>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

FirewallAllowedItemResponse

IpProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
Ports List<string>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

IpProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
Ports []string: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol String: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports List<String>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports string[]: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ip_protocol str: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports Sequence[str]: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol String: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports List<String>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

FirewallDeniedItem

IpProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
Ports List<string>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

IpProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
Ports []string: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol String: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports List<String>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports string[]: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ip_protocol str: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports Sequence[str]: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol String: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports List<String>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

FirewallDeniedItemResponse

IpProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
Ports List<string>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

IpProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
Ports []string: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol String: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports List<String>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol string: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports string[]: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ip_protocol str: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports Sequence[str]: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

ipProtocol String: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.
ports List<String>: An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].

FirewallDirection

Egress: EGRESS
Indicates that firewall should apply to outgoing traffic.
Ingress: INGRESS
Indicates that firewall should apply to incoming traffic.

FirewallDirectionEgress: EGRESS
Indicates that firewall should apply to outgoing traffic.
FirewallDirectionIngress: INGRESS
Indicates that firewall should apply to incoming traffic.

Egress: EGRESS
Indicates that firewall should apply to outgoing traffic.
Ingress: INGRESS
Indicates that firewall should apply to incoming traffic.

Egress: EGRESS
Indicates that firewall should apply to outgoing traffic.
Ingress: INGRESS
Indicates that firewall should apply to incoming traffic.

EGRESS: EGRESS
Indicates that firewall should apply to outgoing traffic.
INGRESS: INGRESS
Indicates that firewall should apply to incoming traffic.

"EGRESS": EGRESS
Indicates that firewall should apply to outgoing traffic.
"INGRESS": INGRESS
Indicates that firewall should apply to incoming traffic.

FirewallLogConfig

Enable bool: This field denotes whether to enable logging for a particular firewall rule.
Metadata Pulumi.GoogleNative.Compute.Beta.FirewallLogConfigMetadata: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

Enable bool: This field denotes whether to enable logging for a particular firewall rule.
Metadata FirewallLogConfigMetadata: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

enable Boolean: This field denotes whether to enable logging for a particular firewall rule.
metadata FirewallLogConfigMetadata: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

enable boolean: This field denotes whether to enable logging for a particular firewall rule.
metadata FirewallLogConfigMetadata: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

enable bool: This field denotes whether to enable logging for a particular firewall rule.
metadata FirewallLogConfigMetadata: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

enable Boolean: This field denotes whether to enable logging for a particular firewall rule.
metadata "EXCLUDE_ALL_METADATA" | "INCLUDE_ALL_METADATA": This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

FirewallLogConfigMetadata

ExcludeAllMetadata: EXCLUDE_ALL_METADATA
IncludeAllMetadata: INCLUDE_ALL_METADATA

FirewallLogConfigMetadataExcludeAllMetadata: EXCLUDE_ALL_METADATA
FirewallLogConfigMetadataIncludeAllMetadata: INCLUDE_ALL_METADATA

ExcludeAllMetadata: EXCLUDE_ALL_METADATA
IncludeAllMetadata: INCLUDE_ALL_METADATA

ExcludeAllMetadata: EXCLUDE_ALL_METADATA
IncludeAllMetadata: INCLUDE_ALL_METADATA

EXCLUDE_ALL_METADATA: EXCLUDE_ALL_METADATA
INCLUDE_ALL_METADATA: INCLUDE_ALL_METADATA

"EXCLUDE_ALL_METADATA": EXCLUDE_ALL_METADATA
"INCLUDE_ALL_METADATA": INCLUDE_ALL_METADATA

FirewallLogConfigResponse

Enable bool: This field denotes whether to enable logging for a particular firewall rule.
Metadata string: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

Enable bool: This field denotes whether to enable logging for a particular firewall rule.
Metadata string: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

enable Boolean: This field denotes whether to enable logging for a particular firewall rule.
metadata String: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

enable boolean: This field denotes whether to enable logging for a particular firewall rule.
metadata string: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

enable bool: This field denotes whether to enable logging for a particular firewall rule.
metadata str: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

enable Boolean: This field denotes whether to enable logging for a particular firewall rule.
metadata String: This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

google-native.compute/beta.Firewall

Create Firewall Resource

Firewall Resource Properties

Inputs

Outputs

Supporting Types

FirewallAllowedItem

FirewallAllowedItemResponse

FirewallDeniedItem

FirewallDeniedItemResponse

FirewallDirection

FirewallLogConfig

FirewallLogConfigMetadata

FirewallLogConfigResponse

Package Details

On this page