nsxt 3.8.0, Apr 14 25

nsxt 3.8.0 published on Monday, Apr 14, 2025 by vmware

nsxt.VpcGatewayPolicy

Explore with Pulumi AI

nsxt 3.8.0 published on Monday, Apr 14, 2025 by vmware

Create VpcGatewayPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new VpcGatewayPolicy(name: string, args: VpcGatewayPolicyArgs, opts?: CustomResourceOptions);

@overload
def VpcGatewayPolicy(resource_name: str,
                     args: VpcGatewayPolicyArgs,
                     opts: Optional[ResourceOptions] = None)

@overload
def VpcGatewayPolicy(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     context: Optional[VpcGatewayPolicyContextArgs] = None,
                     display_name: Optional[str] = None,
                     comments: Optional[str] = None,
                     description: Optional[str] = None,
                     locked: Optional[bool] = None,
                     nsx_id: Optional[str] = None,
                     rules: Optional[Sequence[VpcGatewayPolicyRuleArgs]] = None,
                     sequence_number: Optional[float] = None,
                     stateful: Optional[bool] = None,
                     tags: Optional[Sequence[VpcGatewayPolicyTagArgs]] = None,
                     tcp_strict: Optional[bool] = None,
                     vpc_gateway_policy_id: Optional[str] = None)

func NewVpcGatewayPolicy(ctx *Context, name string, args VpcGatewayPolicyArgs, opts ...ResourceOption) (*VpcGatewayPolicy, error)

public VpcGatewayPolicy(string name, VpcGatewayPolicyArgs args, CustomResourceOptions? opts = null)

public VpcGatewayPolicy(String name, VpcGatewayPolicyArgs args)
public VpcGatewayPolicy(String name, VpcGatewayPolicyArgs args, CustomResourceOptions options)

type: nsxt:VpcGatewayPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args VpcGatewayPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args VpcGatewayPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args VpcGatewayPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args VpcGatewayPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args VpcGatewayPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var vpcGatewayPolicyResource = new Nsxt.VpcGatewayPolicy("vpcGatewayPolicyResource", new()
{
    Context = new Nsxt.Inputs.VpcGatewayPolicyContextArgs
    {
        ProjectId = "string",
        VpcId = "string",
    },
    DisplayName = "string",
    Comments = "string",
    Description = "string",
    Locked = false,
    NsxId = "string",
    Rules = new[]
    {
        new Nsxt.Inputs.VpcGatewayPolicyRuleArgs
        {
            DisplayName = "string",
            Notes = "string",
            Path = "string",
            DestinationsExcluded = false,
            Direction = "string",
            Disabled = false,
            Description = "string",
            IpVersion = "string",
            LogLabel = "string",
            Logged = false,
            Action = "string",
            DestinationGroups = new[]
            {
                "string",
            },
            Profiles = new[]
            {
                "string",
            },
            NsxId = "string",
            Revision = 0,
            RuleId = 0,
            Scopes = new[]
            {
                "string",
            },
            SequenceNumber = 0,
            Services = new[]
            {
                "string",
            },
            SourceGroups = new[]
            {
                "string",
            },
            SourcesExcluded = false,
            Tags = new[]
            {
                new Nsxt.Inputs.VpcGatewayPolicyRuleTagArgs
                {
                    Scope = "string",
                    Tag = "string",
                },
            },
        },
    },
    SequenceNumber = 0,
    Stateful = false,
    Tags = new[]
    {
        new Nsxt.Inputs.VpcGatewayPolicyTagArgs
        {
            Scope = "string",
            Tag = "string",
        },
    },
    TcpStrict = false,
    VpcGatewayPolicyId = "string",
});

example, err := nsxt.NewVpcGatewayPolicy(ctx, "vpcGatewayPolicyResource", &nsxt.VpcGatewayPolicyArgs{
	Context: &nsxt.VpcGatewayPolicyContextArgs{
		ProjectId: pulumi.String("string"),
		VpcId:     pulumi.String("string"),
	},
	DisplayName: pulumi.String("string"),
	Comments:    pulumi.String("string"),
	Description: pulumi.String("string"),
	Locked:      pulumi.Bool(false),
	NsxId:       pulumi.String("string"),
	Rules: nsxt.VpcGatewayPolicyRuleArray{
		&nsxt.VpcGatewayPolicyRuleArgs{
			DisplayName:          pulumi.String("string"),
			Notes:                pulumi.String("string"),
			Path:                 pulumi.String("string"),
			DestinationsExcluded: pulumi.Bool(false),
			Direction:            pulumi.String("string"),
			Disabled:             pulumi.Bool(false),
			Description:          pulumi.String("string"),
			IpVersion:            pulumi.String("string"),
			LogLabel:             pulumi.String("string"),
			Logged:               pulumi.Bool(false),
			Action:               pulumi.String("string"),
			DestinationGroups: pulumi.StringArray{
				pulumi.String("string"),
			},
			Profiles: pulumi.StringArray{
				pulumi.String("string"),
			},
			NsxId:    pulumi.String("string"),
			Revision: pulumi.Float64(0),
			RuleId:   pulumi.Float64(0),
			Scopes: pulumi.StringArray{
				pulumi.String("string"),
			},
			SequenceNumber: pulumi.Float64(0),
			Services: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourceGroups: pulumi.StringArray{
				pulumi.String("string"),
			},
			SourcesExcluded: pulumi.Bool(false),
			Tags: nsxt.VpcGatewayPolicyRuleTagArray{
				&nsxt.VpcGatewayPolicyRuleTagArgs{
					Scope: pulumi.String("string"),
					Tag:   pulumi.String("string"),
				},
			},
		},
	},
	SequenceNumber: pulumi.Float64(0),
	Stateful:       pulumi.Bool(false),
	Tags: nsxt.VpcGatewayPolicyTagArray{
		&nsxt.VpcGatewayPolicyTagArgs{
			Scope: pulumi.String("string"),
			Tag:   pulumi.String("string"),
		},
	},
	TcpStrict:          pulumi.Bool(false),
	VpcGatewayPolicyId: pulumi.String("string"),
})

var vpcGatewayPolicyResource = new VpcGatewayPolicy("vpcGatewayPolicyResource", VpcGatewayPolicyArgs.builder()
    .context(VpcGatewayPolicyContextArgs.builder()
        .projectId("string")
        .vpcId("string")
        .build())
    .displayName("string")
    .comments("string")
    .description("string")
    .locked(false)
    .nsxId("string")
    .rules(VpcGatewayPolicyRuleArgs.builder()
        .displayName("string")
        .notes("string")
        .path("string")
        .destinationsExcluded(false)
        .direction("string")
        .disabled(false)
        .description("string")
        .ipVersion("string")
        .logLabel("string")
        .logged(false)
        .action("string")
        .destinationGroups("string")
        .profiles("string")
        .nsxId("string")
        .revision(0)
        .ruleId(0)
        .scopes("string")
        .sequenceNumber(0)
        .services("string")
        .sourceGroups("string")
        .sourcesExcluded(false)
        .tags(VpcGatewayPolicyRuleTagArgs.builder()
            .scope("string")
            .tag("string")
            .build())
        .build())
    .sequenceNumber(0)
    .stateful(false)
    .tags(VpcGatewayPolicyTagArgs.builder()
        .scope("string")
        .tag("string")
        .build())
    .tcpStrict(false)
    .vpcGatewayPolicyId("string")
    .build());

vpc_gateway_policy_resource = nsxt.VpcGatewayPolicy("vpcGatewayPolicyResource",
    context={
        "project_id": "string",
        "vpc_id": "string",
    },
    display_name="string",
    comments="string",
    description="string",
    locked=False,
    nsx_id="string",
    rules=[{
        "display_name": "string",
        "notes": "string",
        "path": "string",
        "destinations_excluded": False,
        "direction": "string",
        "disabled": False,
        "description": "string",
        "ip_version": "string",
        "log_label": "string",
        "logged": False,
        "action": "string",
        "destination_groups": ["string"],
        "profiles": ["string"],
        "nsx_id": "string",
        "revision": 0,
        "rule_id": 0,
        "scopes": ["string"],
        "sequence_number": 0,
        "services": ["string"],
        "source_groups": ["string"],
        "sources_excluded": False,
        "tags": [{
            "scope": "string",
            "tag": "string",
        }],
    }],
    sequence_number=0,
    stateful=False,
    tags=[{
        "scope": "string",
        "tag": "string",
    }],
    tcp_strict=False,
    vpc_gateway_policy_id="string")

const vpcGatewayPolicyResource = new nsxt.VpcGatewayPolicy("vpcGatewayPolicyResource", {
    context: {
        projectId: "string",
        vpcId: "string",
    },
    displayName: "string",
    comments: "string",
    description: "string",
    locked: false,
    nsxId: "string",
    rules: [{
        displayName: "string",
        notes: "string",
        path: "string",
        destinationsExcluded: false,
        direction: "string",
        disabled: false,
        description: "string",
        ipVersion: "string",
        logLabel: "string",
        logged: false,
        action: "string",
        destinationGroups: ["string"],
        profiles: ["string"],
        nsxId: "string",
        revision: 0,
        ruleId: 0,
        scopes: ["string"],
        sequenceNumber: 0,
        services: ["string"],
        sourceGroups: ["string"],
        sourcesExcluded: false,
        tags: [{
            scope: "string",
            tag: "string",
        }],
    }],
    sequenceNumber: 0,
    stateful: false,
    tags: [{
        scope: "string",
        tag: "string",
    }],
    tcpStrict: false,
    vpcGatewayPolicyId: "string",
});

type: nsxt:VpcGatewayPolicy
properties:
    comments: string
    context:
        projectId: string
        vpcId: string
    description: string
    displayName: string
    locked: false
    nsxId: string
    rules:
        - action: string
          description: string
          destinationGroups:
            - string
          destinationsExcluded: false
          direction: string
          disabled: false
          displayName: string
          ipVersion: string
          logLabel: string
          logged: false
          notes: string
          nsxId: string
          path: string
          profiles:
            - string
          revision: 0
          ruleId: 0
          scopes:
            - string
          sequenceNumber: 0
          services:
            - string
          sourceGroups:
            - string
          sourcesExcluded: false
          tags:
            - scope: string
              tag: string
    sequenceNumber: 0
    stateful: false
    tags:
        - scope: string
          tag: string
    tcpStrict: false
    vpcGatewayPolicyId: string

VpcGatewayPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The VpcGatewayPolicy resource accepts the following input properties:

Context VpcGatewayPolicyContext: The context which the object belongs to
DisplayName string: Display name of the resource.
Comments string: Comments for this Gateway Policy including lock/unlock comments.
Description string: Description of the resource.
Locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
Rules List<VpcGatewayPolicyRule>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
SequenceNumber double: An int value used to resolve conflicts between security policies
Stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
Tags List<VpcGatewayPolicyTag>: A list of scope + tag pairs to associate with this Gateway Policy.
TcpStrict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
VpcGatewayPolicyId string: ID of the Security Policy.

Context VpcGatewayPolicyContextArgs: The context which the object belongs to
DisplayName string: Display name of the resource.
Comments string: Comments for this Gateway Policy including lock/unlock comments.
Description string: Description of the resource.
Locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
Rules []VpcGatewayPolicyRuleArgs: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
SequenceNumber float64: An int value used to resolve conflicts between security policies
Stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
Tags []VpcGatewayPolicyTagArgs: A list of scope + tag pairs to associate with this Gateway Policy.
TcpStrict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
VpcGatewayPolicyId string: ID of the Security Policy.

context VpcGatewayPolicyContext: The context which the object belongs to
displayName String: Display name of the resource.
comments String: Comments for this Gateway Policy including lock/unlock comments.
description String: Description of the resource.
locked Boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
rules List<VpcGatewayPolicyRule>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber Double: An int value used to resolve conflicts between security policies
stateful Boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags List<VpcGatewayPolicyTag>: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict Boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
vpcGatewayPolicyId String: ID of the Security Policy.

context VpcGatewayPolicyContext: The context which the object belongs to
displayName string: Display name of the resource.
comments string: Comments for this Gateway Policy including lock/unlock comments.
description string: Description of the resource.
locked boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
rules VpcGatewayPolicyRule[]: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber number: An int value used to resolve conflicts between security policies
stateful boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags VpcGatewayPolicyTag[]: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
vpcGatewayPolicyId string: ID of the Security Policy.

context VpcGatewayPolicyContextArgs: The context which the object belongs to
display_name str: Display name of the resource.
comments str: Comments for this Gateway Policy including lock/unlock comments.
description str: Description of the resource.
locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
rules Sequence[VpcGatewayPolicyRuleArgs]: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequence_number float: An int value used to resolve conflicts between security policies
stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags Sequence[VpcGatewayPolicyTagArgs]: A list of scope + tag pairs to associate with this Gateway Policy.
tcp_strict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
vpc_gateway_policy_id str: ID of the Security Policy.

context Property Map: The context which the object belongs to
displayName String: Display name of the resource.
comments String: Comments for this Gateway Policy including lock/unlock comments.
description String: Description of the resource.
locked Boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
rules List<Property Map>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber Number: An int value used to resolve conflicts between security policies
stateful Boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags List<Property Map>: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict Boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
vpcGatewayPolicyId String: ID of the Security Policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the VpcGatewayPolicy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Path string: The NSX path of the policy resource.
Revision double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

Id string: The provider-assigned unique ID for this managed resource.
Path string: The NSX path of the policy resource.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id String: The provider-assigned unique ID for this managed resource.
path String: The NSX path of the policy resource.
revision Double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id string: The provider-assigned unique ID for this managed resource.
path string: The NSX path of the policy resource.
revision number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id str: The provider-assigned unique ID for this managed resource.
path str: The NSX path of the policy resource.
revision float: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

id String: The provider-assigned unique ID for this managed resource.
path String: The NSX path of the policy resource.
revision Number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

Look up Existing VpcGatewayPolicy Resource

Get an existing VpcGatewayPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VpcGatewayPolicyState, opts?: CustomResourceOptions): VpcGatewayPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        comments: Optional[str] = None,
        context: Optional[VpcGatewayPolicyContextArgs] = None,
        description: Optional[str] = None,
        display_name: Optional[str] = None,
        locked: Optional[bool] = None,
        nsx_id: Optional[str] = None,
        path: Optional[str] = None,
        revision: Optional[float] = None,
        rules: Optional[Sequence[VpcGatewayPolicyRuleArgs]] = None,
        sequence_number: Optional[float] = None,
        stateful: Optional[bool] = None,
        tags: Optional[Sequence[VpcGatewayPolicyTagArgs]] = None,
        tcp_strict: Optional[bool] = None,
        vpc_gateway_policy_id: Optional[str] = None) -> VpcGatewayPolicy

func GetVpcGatewayPolicy(ctx *Context, name string, id IDInput, state *VpcGatewayPolicyState, opts ...ResourceOption) (*VpcGatewayPolicy, error)

public static VpcGatewayPolicy Get(string name, Input<string> id, VpcGatewayPolicyState? state, CustomResourceOptions? opts = null)

public static VpcGatewayPolicy get(String name, Output<String> id, VpcGatewayPolicyState state, CustomResourceOptions options)

resources:  _:    type: nsxt:VpcGatewayPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Comments string: Comments for this Gateway Policy including lock/unlock comments.
Context VpcGatewayPolicyContext: The context which the object belongs to
Description string: Description of the resource.
DisplayName string: Display name of the resource.
Locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
Path string: The NSX path of the policy resource.
Revision double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
Rules List<VpcGatewayPolicyRule>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
SequenceNumber double: An int value used to resolve conflicts between security policies
Stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
Tags List<VpcGatewayPolicyTag>: A list of scope + tag pairs to associate with this Gateway Policy.
TcpStrict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
VpcGatewayPolicyId string: ID of the Security Policy.

Comments string: Comments for this Gateway Policy including lock/unlock comments.
Context VpcGatewayPolicyContextArgs: The context which the object belongs to
Description string: Description of the resource.
DisplayName string: Display name of the resource.
Locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
Path string: The NSX path of the policy resource.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
Rules []VpcGatewayPolicyRuleArgs: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
SequenceNumber float64: An int value used to resolve conflicts between security policies
Stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
Tags []VpcGatewayPolicyTagArgs: A list of scope + tag pairs to associate with this Gateway Policy.
TcpStrict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
VpcGatewayPolicyId string: ID of the Security Policy.

comments String: Comments for this Gateway Policy including lock/unlock comments.
context VpcGatewayPolicyContext: The context which the object belongs to
description String: Description of the resource.
displayName String: Display name of the resource.
locked Boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path String: The NSX path of the policy resource.
revision Double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules List<VpcGatewayPolicyRule>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber Double: An int value used to resolve conflicts between security policies
stateful Boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags List<VpcGatewayPolicyTag>: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict Boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
vpcGatewayPolicyId String: ID of the Security Policy.

comments string: Comments for this Gateway Policy including lock/unlock comments.
context VpcGatewayPolicyContext: The context which the object belongs to
description string: Description of the resource.
displayName string: Display name of the resource.
locked boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path string: The NSX path of the policy resource.
revision number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules VpcGatewayPolicyRule[]: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber number: An int value used to resolve conflicts between security policies
stateful boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags VpcGatewayPolicyTag[]: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
vpcGatewayPolicyId string: ID of the Security Policy.

comments str: Comments for this Gateway Policy including lock/unlock comments.
context VpcGatewayPolicyContextArgs: The context which the object belongs to
description str: Description of the resource.
display_name str: Display name of the resource.
locked bool: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path str: The NSX path of the policy resource.
revision float: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules Sequence[VpcGatewayPolicyRuleArgs]: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequence_number float: An int value used to resolve conflicts between security policies
stateful bool: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags Sequence[VpcGatewayPolicyTagArgs]: A list of scope + tag pairs to associate with this Gateway Policy.
tcp_strict bool: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
vpc_gateway_policy_id str: ID of the Security Policy.

comments String: Comments for this Gateway Policy including lock/unlock comments.
context Property Map: The context which the object belongs to
description String: Description of the resource.
displayName String: Display name of the resource.
locked Boolean: A boolean value indicating if the policy is locked. If locked, no other users can update the resource.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path String: The NSX path of the policy resource.
revision Number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules List<Property Map>: A repeatable block to specify rules for the Gateway Policy. Each rule includes the following fields:
sequenceNumber Number: An int value used to resolve conflicts between security policies
stateful Boolean: A boolean value to indicate if this Policy is stateful. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed.
tags List<Property Map>: A list of scope + tag pairs to associate with this Gateway Policy.
tcpStrict Boolean: A boolean value to enable/disable a 3 way TCP handshake is done before the data packets are sent.
vpcGatewayPolicyId String: ID of the Security Policy.

Supporting Types

VpcGatewayPolicyContext, VpcGatewayPolicyContextArgs

ProjectId string: The ID of the project which the object belongs to
VpcId string: The ID of the VPC which the object belongs to

ProjectId string: The ID of the project which the object belongs to
VpcId string: The ID of the VPC which the object belongs to

projectId String: The ID of the project which the object belongs to
vpcId String: The ID of the VPC which the object belongs to

projectId string: The ID of the project which the object belongs to
vpcId string: The ID of the VPC which the object belongs to

project_id str: The ID of the project which the object belongs to
vpc_id str: The ID of the VPC which the object belongs to

projectId String: The ID of the project which the object belongs to
vpcId String: The ID of the VPC which the object belongs to

VpcGatewayPolicyRule, VpcGatewayPolicyRuleArgs

DisplayName string: Display name of the resource.
Action string: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
Description string: Description of the resource.
DestinationGroups List<string>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
DestinationsExcluded bool: A boolean value indicating negation of destination groups.
Direction string: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
Disabled bool: A boolean value to indicate the rule is disabled. Defaults to false.
IpVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
LogLabel string: Additional information (string) which will be propagated to the rule syslog.
Logged bool: A boolean flag to enable packet logging.
Notes string: Text for additional notes on changes for the rule.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
Path string: The NSX path of the policy resource.
Profiles List<string>: A list of context profiles for the rule.
Revision double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
RuleId double: Unique positive number that is assigned by the system and is useful for debugging.
Scopes List<string>: List of policy paths where the rule is applied
SequenceNumber double: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
Services List<string>: List of services to match.
SourceGroups List<string>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
SourcesExcluded bool: Negation of source groups
Tags List<VpcGatewayPolicyRuleTag>: A list of scope + tag pairs to associate with this Rule.

DisplayName string: Display name of the resource.
Action string: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
Description string: Description of the resource.
DestinationGroups []string: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
DestinationsExcluded bool: A boolean value indicating negation of destination groups.
Direction string: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
Disabled bool: A boolean value to indicate the rule is disabled. Defaults to false.
IpVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
LogLabel string: Additional information (string) which will be propagated to the rule syslog.
Logged bool: A boolean flag to enable packet logging.
Notes string: Text for additional notes on changes for the rule.
NsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
Path string: The NSX path of the policy resource.
Profiles []string: A list of context profiles for the rule.
Revision float64: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
RuleId float64: Unique positive number that is assigned by the system and is useful for debugging.
Scopes []string: List of policy paths where the rule is applied
SequenceNumber float64: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
Services []string: List of services to match.
SourceGroups []string: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
SourcesExcluded bool: Negation of source groups
Tags []VpcGatewayPolicyRuleTag: A list of scope + tag pairs to associate with this Rule.

displayName String: Display name of the resource.
action String: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
destinationsExcluded Boolean: A boolean value indicating negation of destination groups.
direction String: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
disabled Boolean: A boolean value to indicate the rule is disabled. Defaults to false.
ipVersion String: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
logLabel String: Additional information (string) which will be propagated to the rule syslog.
logged Boolean: A boolean flag to enable packet logging.
notes String: Text for additional notes on changes for the rule.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path String: The NSX path of the policy resource.
profiles List<String>: A list of context profiles for the rule.
revision Double: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId Double: Unique positive number that is assigned by the system and is useful for debugging.
scopes List<String>: List of policy paths where the rule is applied
sequenceNumber Double: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services List<String>: List of services to match.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
sourcesExcluded Boolean: Negation of source groups
tags List<VpcGatewayPolicyRuleTag>: A list of scope + tag pairs to associate with this Rule.

displayName string: Display name of the resource.
action string: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
description string: Description of the resource.
destinationGroups string[]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
destinationsExcluded boolean: A boolean value indicating negation of destination groups.
direction string: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
disabled boolean: A boolean value to indicate the rule is disabled. Defaults to false.
ipVersion string: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
logLabel string: Additional information (string) which will be propagated to the rule syslog.
logged boolean: A boolean flag to enable packet logging.
notes string: Text for additional notes on changes for the rule.
nsxId string: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path string: The NSX path of the policy resource.
profiles string[]: A list of context profiles for the rule.
revision number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId number: Unique positive number that is assigned by the system and is useful for debugging.
scopes string[]: List of policy paths where the rule is applied
sequenceNumber number: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services string[]: List of services to match.
sourceGroups string[]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
sourcesExcluded boolean: Negation of source groups
tags VpcGatewayPolicyRuleTag[]: A list of scope + tag pairs to associate with this Rule.

display_name str: Display name of the resource.
action str: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
description str: Description of the resource.
destination_groups Sequence[str]: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
destinations_excluded bool: A boolean value indicating negation of destination groups.
direction str: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
disabled bool: A boolean value to indicate the rule is disabled. Defaults to false.
ip_version str: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
log_label str: Additional information (string) which will be propagated to the rule syslog.
logged bool: A boolean flag to enable packet logging.
notes str: Text for additional notes on changes for the rule.
nsx_id str: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path str: The NSX path of the policy resource.
profiles Sequence[str]: A list of context profiles for the rule.
revision float: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rule_id float: Unique positive number that is assigned by the system and is useful for debugging.
scopes Sequence[str]: List of policy paths where the rule is applied
sequence_number float: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services Sequence[str]: List of services to match.
source_groups Sequence[str]: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
sources_excluded bool: Negation of source groups
tags Sequence[VpcGatewayPolicyRuleTag]: A list of scope + tag pairs to associate with this Rule.

displayName String: Display name of the resource.
action String: The action for the Rule. Must be one of: ALLOW, DROP or REJECT. Defaults to ALLOW.
description String: Description of the resource.
destinationGroups List<String>: Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
destinationsExcluded Boolean: A boolean value indicating negation of destination groups.
direction String: The traffic direction for the policy. Must be one of: IN, OUT or IN_OUT. Defaults to IN_OUT.
disabled Boolean: A boolean value to indicate the rule is disabled. Defaults to false.
ipVersion String: The IP Protocol for the rule. Must be one of: IPV4, IPV6 or IPV4_IPV6. Defaults to IPV4_IPV6.
logLabel String: Additional information (string) which will be propagated to the rule syslog.
logged Boolean: A boolean flag to enable packet logging.
notes String: Text for additional notes on changes for the rule.
nsxId String: The NSX ID of this resource. If set, this ID will be used to create the Gateway Policy resource.
path String: The NSX path of the policy resource.
profiles List<String>: A list of context profiles for the rule.
revision Number: Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId Number: Unique positive number that is assigned by the system and is useful for debugging.
scopes List<String>: List of policy paths where the rule is applied
sequenceNumber Number: It is recommended not to specify sequence number for rules, but rather rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1, not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services List<String>: List of services to match.
sourceGroups List<String>: Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs. An empty set can be used to specify "Any".
sourcesExcluded Boolean: Negation of source groups
tags List<Property Map>: A list of scope + tag pairs to associate with this Rule.

VpcGatewayPolicyRuleTag, VpcGatewayPolicyRuleTagArgs

Scope string
Tag string: A list of scope + tag pairs to associate with this Gateway Policy.

Scope string
Tag string: A list of scope + tag pairs to associate with this Gateway Policy.

scope String
tag String: A list of scope + tag pairs to associate with this Gateway Policy.

scope string
tag string: A list of scope + tag pairs to associate with this Gateway Policy.

scope str
tag str: A list of scope + tag pairs to associate with this Gateway Policy.

scope String
tag String: A list of scope + tag pairs to associate with this Gateway Policy.

VpcGatewayPolicyTag, VpcGatewayPolicyTagArgs

Scope string
Tag string: A list of scope + tag pairs to associate with this Gateway Policy.

Scope string
Tag string: A list of scope + tag pairs to associate with this Gateway Policy.

scope String
tag String: A list of scope + tag pairs to associate with this Gateway Policy.

scope string
tag string: A list of scope + tag pairs to associate with this Gateway Policy.

scope str
tag str: A list of scope + tag pairs to associate with this Gateway Policy.

scope String
tag String: A list of scope + tag pairs to associate with this Gateway Policy.

Package Details

Repository: nsxt vmware/terraform-provider-nsxt
License
Notes: This Pulumi package is based on the nsxt Terraform Provider.

nsxt 3.8.0 published on Monday, Apr 14, 2025 by vmware

vmware/terraform-provider-nsxt

nsxt.VpcGatewayPolicy

On this page

On this page

Create VpcGatewayPolicy Resource

Constructor syntax

Parameters

Constructor example

VpcGatewayPolicy Resource Properties

Inputs

Outputs

Look up Existing VpcGatewayPolicy Resource

Supporting Types

VpcGatewayPolicyContext, VpcGatewayPolicyContextArgs

VpcGatewayPolicyRule, VpcGatewayPolicyRuleArgs

VpcGatewayPolicyRuleTag, VpcGatewayPolicyRuleTagArgs

VpcGatewayPolicyTag, VpcGatewayPolicyTagArgs

Package Details

On this page

On this page