twingate.TwingateSSHResource

Twingate v4.1.0, Apr 13 26

Viewing docs for Twingate v4.1.0
published on Monday, Apr 13, 2026 by Twingate

Schema (JSON)

twingate/pulumi-twingate

Viewing docs for Twingate v4.1.0
published on Monday, Apr 13, 2026 by Twingate

Schema (JSON)

twingate/pulumi-twingate

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as std from "@pulumi/std";
import * as twingate from "@twingate/pulumi-twingate";

const prod = new twingate.TwingateRemoteNetwork("prod", {name: "Production Network"});
const tls = new twingate.TwingateX509CertificateAuthority("tls", {
    name: "My TLS CA",
    certificate: std.file({
        input: "ca.pem",
    }).then(invoke => invoke.result),
});
const ssh = new twingate.TwingateSSHCertificateAuthority("ssh", {
    name: "My SSH CA",
    publicKey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr+Aj3O8csUrFRNWS7wViafil3rMlZ0glQ/OZ0CjCti",
});
const main = new twingate.TwingateGateway("main", {
    remoteNetworkId: prod.id,
    address: "10.0.0.1:8443",
    x509CaId: tls.id,
    sshCaId: ssh.id,
});
const sshServer = new twingate.TwingateSSHResource("ssh_server", {
    name: "SSH Server",
    gatewayId: main.id,
    alias: "test.int",
    remoteNetworkId: prod.id,
    address: "10.128.0.105",
    username: "ubuntu",
});

import pulumi
import pulumi_std as std
import pulumi_twingate as twingate

prod = twingate.TwingateRemoteNetwork("prod", name="Production Network")
tls = twingate.TwingateX509CertificateAuthority("tls",
    name="My TLS CA",
    certificate=std.file(input="ca.pem").result)
ssh = twingate.TwingateSSHCertificateAuthority("ssh",
    name="My SSH CA",
    public_key="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr+Aj3O8csUrFRNWS7wViafil3rMlZ0glQ/OZ0CjCti")
main = twingate.TwingateGateway("main",
    remote_network_id=prod.id,
    address="10.0.0.1:8443",
    x509_ca_id=tls.id,
    ssh_ca_id=ssh.id)
ssh_server = twingate.TwingateSSHResource("ssh_server",
    name="SSH Server",
    gateway_id=main.id,
    alias="test.int",
    remote_network_id=prod.id,
    address="10.128.0.105",
    username="ubuntu")

package main

import (
	"github.com/Twingate/pulumi-twingate/sdk/v4/go/twingate"
	"github.com/pulumi/pulumi-std/sdk/v2/go/std"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		prod, err := twingate.NewTwingateRemoteNetwork(ctx, "prod", &twingate.TwingateRemoteNetworkArgs{
			Name: pulumi.String("Production Network"),
		})
		if err != nil {
			return err
		}
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "ca.pem",
		}, nil)
		if err != nil {
			return err
		}
		tls, err := twingate.NewTwingateX509CertificateAuthority(ctx, "tls", &twingate.TwingateX509CertificateAuthorityArgs{
			Name:        pulumi.String("My TLS CA"),
			Certificate: pulumi.String(invokeFile.Result),
		})
		if err != nil {
			return err
		}
		ssh, err := twingate.NewTwingateSSHCertificateAuthority(ctx, "ssh", &twingate.TwingateSSHCertificateAuthorityArgs{
			Name:      pulumi.String("My SSH CA"),
			PublicKey: pulumi.String("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr+Aj3O8csUrFRNWS7wViafil3rMlZ0glQ/OZ0CjCti"),
		})
		if err != nil {
			return err
		}
		main, err := twingate.NewTwingateGateway(ctx, "main", &twingate.TwingateGatewayArgs{
			RemoteNetworkId: prod.ID(),
			Address:         pulumi.String("10.0.0.1:8443"),
			X509CaId:        tls.ID(),
			SshCaId:         ssh.ID(),
		})
		if err != nil {
			return err
		}
		_, err = twingate.NewTwingateSSHResource(ctx, "ssh_server", &twingate.TwingateSSHResourceArgs{
			Name:            pulumi.String("SSH Server"),
			GatewayId:       main.ID(),
			Alias:           pulumi.String("test.int"),
			RemoteNetworkId: prod.ID(),
			Address:         pulumi.String("10.128.0.105"),
			Username:        pulumi.String("ubuntu"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Std = Pulumi.Std;
using Twingate = Twingate.Twingate;

return await Deployment.RunAsync(() => 
{
    var prod = new Twingate.TwingateRemoteNetwork("prod", new()
    {
        Name = "Production Network",
    });

    var tls = new Twingate.TwingateX509CertificateAuthority("tls", new()
    {
        Name = "My TLS CA",
        Certificate = Std.File.Invoke(new()
        {
            Input = "ca.pem",
        }).Apply(invoke => invoke.Result),
    });

    var ssh = new Twingate.TwingateSSHCertificateAuthority("ssh", new()
    {
        Name = "My SSH CA",
        PublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr+Aj3O8csUrFRNWS7wViafil3rMlZ0glQ/OZ0CjCti",
    });

    var main = new Twingate.TwingateGateway("main", new()
    {
        RemoteNetworkId = prod.Id,
        Address = "10.0.0.1:8443",
        X509CaId = tls.Id,
        SshCaId = ssh.Id,
    });

    var sshServer = new Twingate.TwingateSSHResource("ssh_server", new()
    {
        Name = "SSH Server",
        GatewayId = main.Id,
        Alias = "test.int",
        RemoteNetworkId = prod.Id,
        Address = "10.128.0.105",
        Username = "ubuntu",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.twingate.TwingateRemoteNetwork;
import com.pulumi.twingate.TwingateRemoteNetworkArgs;
import com.pulumi.twingate.TwingateX509CertificateAuthority;
import com.pulumi.twingate.TwingateX509CertificateAuthorityArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.FileArgs;
import com.pulumi.twingate.TwingateSSHCertificateAuthority;
import com.pulumi.twingate.TwingateSSHCertificateAuthorityArgs;
import com.pulumi.twingate.TwingateGateway;
import com.pulumi.twingate.TwingateGatewayArgs;
import com.pulumi.twingate.TwingateSSHResource;
import com.pulumi.twingate.TwingateSSHResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var prod = new TwingateRemoteNetwork("prod", TwingateRemoteNetworkArgs.builder()
            .name("Production Network")
            .build());

        var tls = new TwingateX509CertificateAuthority("tls", TwingateX509CertificateAuthorityArgs.builder()
            .name("My TLS CA")
            .certificate(StdFunctions.file(FileArgs.builder()
                .input("ca.pem")
                .build()).result())
            .build());

        var ssh = new TwingateSSHCertificateAuthority("ssh", TwingateSSHCertificateAuthorityArgs.builder()
            .name("My SSH CA")
            .publicKey("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr+Aj3O8csUrFRNWS7wViafil3rMlZ0glQ/OZ0CjCti")
            .build());

        var main = new TwingateGateway("main", TwingateGatewayArgs.builder()
            .remoteNetworkId(prod.id())
            .address("10.0.0.1:8443")
            .x509CaId(tls.id())
            .sshCaId(ssh.id())
            .build());

        var sshServer = new TwingateSSHResource("sshServer", TwingateSSHResourceArgs.builder()
            .name("SSH Server")
            .gatewayId(main.id())
            .alias("test.int")
            .remoteNetworkId(prod.id())
            .address("10.128.0.105")
            .username("ubuntu")
            .build());

    }
}

resources:
  prod:
    type: twingate:TwingateRemoteNetwork
    properties:
      name: Production Network
  tls:
    type: twingate:TwingateX509CertificateAuthority
    properties:
      name: My TLS CA
      certificate:
        fn::invoke:
          function: std:file
          arguments:
            input: ca.pem
          return: result
  ssh:
    type: twingate:TwingateSSHCertificateAuthority
    properties:
      name: My SSH CA
      publicKey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr+Aj3O8csUrFRNWS7wViafil3rMlZ0glQ/OZ0CjCti
  main:
    type: twingate:TwingateGateway
    properties:
      remoteNetworkId: ${prod.id}
      address: 10.0.0.1:8443
      x509CaId: ${tls.id}
      sshCaId: ${ssh.id}
  sshServer:
    type: twingate:TwingateSSHResource
    name: ssh_server
    properties:
      name: SSH Server
      gatewayId: ${main.id}
      alias: test.int
      remoteNetworkId: ${prod.id}
      address: 10.128.0.105
      username: ubuntu

Create TwingateSSHResource Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new TwingateSSHResource(name: string, args: TwingateSSHResourceArgs, opts?: CustomResourceOptions);

@overload
def TwingateSSHResource(resource_name: str,
                        args: TwingateSSHResourceArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def TwingateSSHResource(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        address: Optional[str] = None,
                        gateway_id: Optional[str] = None,
                        remote_network_id: Optional[str] = None,
                        access_groups: Optional[Sequence[TwingateSSHResourceAccessGroupArgs]] = None,
                        access_policies: Optional[Sequence[TwingateSSHResourceAccessPolicyArgs]] = None,
                        alias: Optional[str] = None,
                        is_visible: Optional[bool] = None,
                        name: Optional[str] = None,
                        protocols: Optional[TwingateSSHResourceProtocolsArgs] = None,
                        security_policy_id: Optional[str] = None,
                        tags: Optional[Mapping[str, str]] = None,
                        username: Optional[str] = None)

func NewTwingateSSHResource(ctx *Context, name string, args TwingateSSHResourceArgs, opts ...ResourceOption) (*TwingateSSHResource, error)

public TwingateSSHResource(string name, TwingateSSHResourceArgs args, CustomResourceOptions? opts = null)

public TwingateSSHResource(String name, TwingateSSHResourceArgs args)
public TwingateSSHResource(String name, TwingateSSHResourceArgs args, CustomResourceOptions options)

type: twingate:TwingateSSHResource
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args TwingateSSHResourceArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args TwingateSSHResourceArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args TwingateSSHResourceArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args TwingateSSHResourceArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args TwingateSSHResourceArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var twingateSSHResourceResource = new Twingate.TwingateSSHResource("twingateSSHResourceResource", new()
{
    Address = "string",
    GatewayId = "string",
    RemoteNetworkId = "string",
    AccessGroups = new[]
    {
        new Twingate.Inputs.TwingateSSHResourceAccessGroupArgs
        {
            AccessPolicies = new[]
            {
                new Twingate.Inputs.TwingateSSHResourceAccessGroupAccessPolicyArgs
                {
                    ApprovalMode = "string",
                    Duration = "string",
                    Mode = "string",
                },
            },
            GroupId = "string",
            SecurityPolicyId = "string",
        },
    },
    AccessPolicies = new[]
    {
        new Twingate.Inputs.TwingateSSHResourceAccessPolicyArgs
        {
            ApprovalMode = "string",
            Duration = "string",
            Mode = "string",
        },
    },
    Alias = "string",
    IsVisible = false,
    Name = "string",
    Protocols = new Twingate.Inputs.TwingateSSHResourceProtocolsArgs
    {
        AllowIcmp = false,
        Tcp = new Twingate.Inputs.TwingateSSHResourceProtocolsTcpArgs
        {
            Policy = "string",
            Ports = new[]
            {
                "string",
            },
        },
        Udp = new Twingate.Inputs.TwingateSSHResourceProtocolsUdpArgs
        {
            Policy = "string",
            Ports = new[]
            {
                "string",
            },
        },
    },
    SecurityPolicyId = "string",
    Tags = 
    {
        { "string", "string" },
    },
    Username = "string",
});

example, err := twingate.NewTwingateSSHResource(ctx, "twingateSSHResourceResource", &twingate.TwingateSSHResourceArgs{
	Address:         pulumi.String("string"),
	GatewayId:       pulumi.String("string"),
	RemoteNetworkId: pulumi.String("string"),
	AccessGroups: twingate.TwingateSSHResourceAccessGroupArray{
		&twingate.TwingateSSHResourceAccessGroupArgs{
			AccessPolicies: twingate.TwingateSSHResourceAccessGroupAccessPolicyArray{
				&twingate.TwingateSSHResourceAccessGroupAccessPolicyArgs{
					ApprovalMode: pulumi.String("string"),
					Duration:     pulumi.String("string"),
					Mode:         pulumi.String("string"),
				},
			},
			GroupId:          pulumi.String("string"),
			SecurityPolicyId: pulumi.String("string"),
		},
	},
	AccessPolicies: twingate.TwingateSSHResourceAccessPolicyArray{
		&twingate.TwingateSSHResourceAccessPolicyArgs{
			ApprovalMode: pulumi.String("string"),
			Duration:     pulumi.String("string"),
			Mode:         pulumi.String("string"),
		},
	},
	Alias:     pulumi.String("string"),
	IsVisible: pulumi.Bool(false),
	Name:      pulumi.String("string"),
	Protocols: &twingate.TwingateSSHResourceProtocolsArgs{
		AllowIcmp: pulumi.Bool(false),
		Tcp: &twingate.TwingateSSHResourceProtocolsTcpArgs{
			Policy: pulumi.String("string"),
			Ports: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
		Udp: &twingate.TwingateSSHResourceProtocolsUdpArgs{
			Policy: pulumi.String("string"),
			Ports: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	SecurityPolicyId: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Username: pulumi.String("string"),
})

var twingateSSHResourceResource = new TwingateSSHResource("twingateSSHResourceResource", TwingateSSHResourceArgs.builder()
    .address("string")
    .gatewayId("string")
    .remoteNetworkId("string")
    .accessGroups(TwingateSSHResourceAccessGroupArgs.builder()
        .accessPolicies(TwingateSSHResourceAccessGroupAccessPolicyArgs.builder()
            .approvalMode("string")
            .duration("string")
            .mode("string")
            .build())
        .groupId("string")
        .securityPolicyId("string")
        .build())
    .accessPolicies(TwingateSSHResourceAccessPolicyArgs.builder()
        .approvalMode("string")
        .duration("string")
        .mode("string")
        .build())
    .alias("string")
    .isVisible(false)
    .name("string")
    .protocols(TwingateSSHResourceProtocolsArgs.builder()
        .allowIcmp(false)
        .tcp(TwingateSSHResourceProtocolsTcpArgs.builder()
            .policy("string")
            .ports("string")
            .build())
        .udp(TwingateSSHResourceProtocolsUdpArgs.builder()
            .policy("string")
            .ports("string")
            .build())
        .build())
    .securityPolicyId("string")
    .tags(Map.of("string", "string"))
    .username("string")
    .build());

twingate_ssh_resource_resource = twingate.TwingateSSHResource("twingateSSHResourceResource",
    address="string",
    gateway_id="string",
    remote_network_id="string",
    access_groups=[{
        "access_policies": [{
            "approval_mode": "string",
            "duration": "string",
            "mode": "string",
        }],
        "group_id": "string",
        "security_policy_id": "string",
    }],
    access_policies=[{
        "approval_mode": "string",
        "duration": "string",
        "mode": "string",
    }],
    alias="string",
    is_visible=False,
    name="string",
    protocols={
        "allow_icmp": False,
        "tcp": {
            "policy": "string",
            "ports": ["string"],
        },
        "udp": {
            "policy": "string",
            "ports": ["string"],
        },
    },
    security_policy_id="string",
    tags={
        "string": "string",
    },
    username="string")

const twingateSSHResourceResource = new twingate.TwingateSSHResource("twingateSSHResourceResource", {
    address: "string",
    gatewayId: "string",
    remoteNetworkId: "string",
    accessGroups: [{
        accessPolicies: [{
            approvalMode: "string",
            duration: "string",
            mode: "string",
        }],
        groupId: "string",
        securityPolicyId: "string",
    }],
    accessPolicies: [{
        approvalMode: "string",
        duration: "string",
        mode: "string",
    }],
    alias: "string",
    isVisible: false,
    name: "string",
    protocols: {
        allowIcmp: false,
        tcp: {
            policy: "string",
            ports: ["string"],
        },
        udp: {
            policy: "string",
            ports: ["string"],
        },
    },
    securityPolicyId: "string",
    tags: {
        string: "string",
    },
    username: "string",
});

type: twingate:TwingateSSHResource
properties:
    accessGroups:
        - accessPolicies:
            - approvalMode: string
              duration: string
              mode: string
          groupId: string
          securityPolicyId: string
    accessPolicies:
        - approvalMode: string
          duration: string
          mode: string
    address: string
    alias: string
    gatewayId: string
    isVisible: false
    name: string
    protocols:
        allowIcmp: false
        tcp:
            policy: string
            ports:
                - string
        udp:
            policy: string
            ports:
                - string
    remoteNetworkId: string
    securityPolicyId: string
    tags:
        string: string
    username: string

TwingateSSHResource Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The TwingateSSHResource resource accepts the following input properties:

Address string: The address of the SSH Resource (IP or FQDN).
GatewayId string: The ID of the Gateway used to access this SSH Resource.
RemoteNetworkId string: The ID of the Remote Network the SSH Resource belongs to.
AccessGroups List<Twingate.Twingate.Inputs.TwingateSSHResourceAccessGroup>: Restrict access to certain group
AccessPolicies List<Twingate.Twingate.Inputs.TwingateSSHResourceAccessPolicy>: Restrict access according to JIT access policy
Alias string: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
IsVisible bool: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
Name string: The name of the SSH Resource.
Protocols Twingate.Twingate.Inputs.TwingateSSHResourceProtocols: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
SecurityPolicyId string: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
Tags Dictionary<string, string>: A map of key-value pair tags to set on this resource.
Username string: The username to use when connecting to the SSH Resource.

Address string: The address of the SSH Resource (IP or FQDN).
GatewayId string: The ID of the Gateway used to access this SSH Resource.
RemoteNetworkId string: The ID of the Remote Network the SSH Resource belongs to.
AccessGroups []TwingateSSHResourceAccessGroupArgs: Restrict access to certain group
AccessPolicies []TwingateSSHResourceAccessPolicyArgs: Restrict access according to JIT access policy
Alias string: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
IsVisible bool: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
Name string: The name of the SSH Resource.
Protocols TwingateSSHResourceProtocolsArgs: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
SecurityPolicyId string: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
Tags map[string]string: A map of key-value pair tags to set on this resource.
Username string: The username to use when connecting to the SSH Resource.

address String: The address of the SSH Resource (IP or FQDN).
gatewayId String: The ID of the Gateway used to access this SSH Resource.
remoteNetworkId String: The ID of the Remote Network the SSH Resource belongs to.
accessGroups List<TwingateSSHResourceAccessGroup>: Restrict access to certain group
accessPolicies List<TwingateSSHResourceAccessPolicy>: Restrict access according to JIT access policy
alias String: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
isVisible Boolean: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
name String: The name of the SSH Resource.
protocols TwingateSSHResourceProtocols: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
securityPolicyId String: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
tags Map<String,String>: A map of key-value pair tags to set on this resource.
username String: The username to use when connecting to the SSH Resource.

address string: The address of the SSH Resource (IP or FQDN).
gatewayId string: The ID of the Gateway used to access this SSH Resource.
remoteNetworkId string: The ID of the Remote Network the SSH Resource belongs to.
accessGroups TwingateSSHResourceAccessGroup[]: Restrict access to certain group
accessPolicies TwingateSSHResourceAccessPolicy[]: Restrict access according to JIT access policy
alias string: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
isVisible boolean: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
name string: The name of the SSH Resource.
protocols TwingateSSHResourceProtocols: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
securityPolicyId string: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
tags {[key: string]: string}: A map of key-value pair tags to set on this resource.
username string: The username to use when connecting to the SSH Resource.

address str: The address of the SSH Resource (IP or FQDN).
gateway_id str: The ID of the Gateway used to access this SSH Resource.
remote_network_id str: The ID of the Remote Network the SSH Resource belongs to.
access_groups Sequence[TwingateSSHResourceAccessGroupArgs]: Restrict access to certain group
access_policies Sequence[TwingateSSHResourceAccessPolicyArgs]: Restrict access according to JIT access policy
alias str: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
is_visible bool: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
name str: The name of the SSH Resource.
protocols TwingateSSHResourceProtocolsArgs: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
security_policy_id str: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
tags Mapping[str, str]: A map of key-value pair tags to set on this resource.
username str: The username to use when connecting to the SSH Resource.

address String: The address of the SSH Resource (IP or FQDN).
gatewayId String: The ID of the Gateway used to access this SSH Resource.
remoteNetworkId String: The ID of the Remote Network the SSH Resource belongs to.
accessGroups List<Property Map>: Restrict access to certain group
accessPolicies List<Property Map>: Restrict access according to JIT access policy
alias String: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
isVisible Boolean: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
name String: The name of the SSH Resource.
protocols Property Map: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
securityPolicyId String: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
tags Map<String>: A map of key-value pair tags to set on this resource.
username String: The username to use when connecting to the SSH Resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the TwingateSSHResource resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing TwingateSSHResource Resource

Get an existing TwingateSSHResource resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: TwingateSSHResourceState, opts?: CustomResourceOptions): TwingateSSHResource

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_groups: Optional[Sequence[TwingateSSHResourceAccessGroupArgs]] = None,
        access_policies: Optional[Sequence[TwingateSSHResourceAccessPolicyArgs]] = None,
        address: Optional[str] = None,
        alias: Optional[str] = None,
        gateway_id: Optional[str] = None,
        is_visible: Optional[bool] = None,
        name: Optional[str] = None,
        protocols: Optional[TwingateSSHResourceProtocolsArgs] = None,
        remote_network_id: Optional[str] = None,
        security_policy_id: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        username: Optional[str] = None) -> TwingateSSHResource

func GetTwingateSSHResource(ctx *Context, name string, id IDInput, state *TwingateSSHResourceState, opts ...ResourceOption) (*TwingateSSHResource, error)

public static TwingateSSHResource Get(string name, Input<string> id, TwingateSSHResourceState? state, CustomResourceOptions? opts = null)

public static TwingateSSHResource get(String name, Output<String> id, TwingateSSHResourceState state, CustomResourceOptions options)

resources:  _:    type: twingate:TwingateSSHResource    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessGroups List<Twingate.Twingate.Inputs.TwingateSSHResourceAccessGroup>: Restrict access to certain group
AccessPolicies List<Twingate.Twingate.Inputs.TwingateSSHResourceAccessPolicy>: Restrict access according to JIT access policy
Address string: The address of the SSH Resource (IP or FQDN).
Alias string: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
GatewayId string: The ID of the Gateway used to access this SSH Resource.
IsVisible bool: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
Name string: The name of the SSH Resource.
Protocols Twingate.Twingate.Inputs.TwingateSSHResourceProtocols: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
RemoteNetworkId string: The ID of the Remote Network the SSH Resource belongs to.
SecurityPolicyId string: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
Tags Dictionary<string, string>: A map of key-value pair tags to set on this resource.
Username string: The username to use when connecting to the SSH Resource.

AccessGroups []TwingateSSHResourceAccessGroupArgs: Restrict access to certain group
AccessPolicies []TwingateSSHResourceAccessPolicyArgs: Restrict access according to JIT access policy
Address string: The address of the SSH Resource (IP or FQDN).
Alias string: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
GatewayId string: The ID of the Gateway used to access this SSH Resource.
IsVisible bool: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
Name string: The name of the SSH Resource.
Protocols TwingateSSHResourceProtocolsArgs: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
RemoteNetworkId string: The ID of the Remote Network the SSH Resource belongs to.
SecurityPolicyId string: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
Tags map[string]string: A map of key-value pair tags to set on this resource.
Username string: The username to use when connecting to the SSH Resource.

accessGroups List<TwingateSSHResourceAccessGroup>: Restrict access to certain group
accessPolicies List<TwingateSSHResourceAccessPolicy>: Restrict access according to JIT access policy
address String: The address of the SSH Resource (IP or FQDN).
alias String: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
gatewayId String: The ID of the Gateway used to access this SSH Resource.
isVisible Boolean: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
name String: The name of the SSH Resource.
protocols TwingateSSHResourceProtocols: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
remoteNetworkId String: The ID of the Remote Network the SSH Resource belongs to.
securityPolicyId String: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
tags Map<String,String>: A map of key-value pair tags to set on this resource.
username String: The username to use when connecting to the SSH Resource.

accessGroups TwingateSSHResourceAccessGroup[]: Restrict access to certain group
accessPolicies TwingateSSHResourceAccessPolicy[]: Restrict access according to JIT access policy
address string: The address of the SSH Resource (IP or FQDN).
alias string: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
gatewayId string: The ID of the Gateway used to access this SSH Resource.
isVisible boolean: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
name string: The name of the SSH Resource.
protocols TwingateSSHResourceProtocols: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
remoteNetworkId string: The ID of the Remote Network the SSH Resource belongs to.
securityPolicyId string: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
tags {[key: string]: string}: A map of key-value pair tags to set on this resource.
username string: The username to use when connecting to the SSH Resource.

access_groups Sequence[TwingateSSHResourceAccessGroupArgs]: Restrict access to certain group
access_policies Sequence[TwingateSSHResourceAccessPolicyArgs]: Restrict access according to JIT access policy
address str: The address of the SSH Resource (IP or FQDN).
alias str: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
gateway_id str: The ID of the Gateway used to access this SSH Resource.
is_visible bool: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
name str: The name of the SSH Resource.
protocols TwingateSSHResourceProtocolsArgs: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
remote_network_id str: The ID of the Remote Network the SSH Resource belongs to.
security_policy_id str: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
tags Mapping[str, str]: A map of key-value pair tags to set on this resource.
username str: The username to use when connecting to the SSH Resource.

accessGroups List<Property Map>: Restrict access to certain group
accessPolicies List<Property Map>: Restrict access according to JIT access policy
address String: The address of the SSH Resource (IP or FQDN).
alias String: Set a DNS alias address for the Resource. Must be a DNS-valid name string.
gatewayId String: The ID of the Gateway used to access this SSH Resource.
isVisible Boolean: Controls whether this Resource will be visible in the main Resource list in the Twingate Client. Default is true.
name String: The name of the SSH Resource.
protocols Property Map: Restrict access to certain protocols and ports. By default or when this argument is not defined, there is no restriction, and all protocols and ports are allowed.
remoteNetworkId String: The ID of the Remote Network the SSH Resource belongs to.
securityPolicyId String: The ID of a twingate.getTwingateSecurityPolicy to set as this Resource's Security Policy. Default is 'Null' which points to Default Policy on Admin console.
tags Map<String>: A map of key-value pair tags to set on this resource.
username String: The username to use when connecting to the SSH Resource.

Supporting Types

TwingateSSHResourceAccessGroup, TwingateSSHResourceAccessGroupArgs

AccessPolicies List<Twingate.Twingate.Inputs.TwingateSSHResourceAccessGroupAccessPolicy>: Restrict access according to JIT access policy
GroupId string: Group ID that will have permission to access the Resource.
SecurityPolicyId string: The ID of a twingate.getTwingateSecurityPolicy to use as the access policy for the group IDs in the access block. Default is 'Null' which points to Default Policy on Admin console.

AccessPolicies []TwingateSSHResourceAccessGroupAccessPolicy: Restrict access according to JIT access policy
GroupId string: Group ID that will have permission to access the Resource.
SecurityPolicyId string: The ID of a twingate.getTwingateSecurityPolicy to use as the access policy for the group IDs in the access block. Default is 'Null' which points to Default Policy on Admin console.

accessPolicies List<TwingateSSHResourceAccessGroupAccessPolicy>: Restrict access according to JIT access policy
groupId String: Group ID that will have permission to access the Resource.
securityPolicyId String: The ID of a twingate.getTwingateSecurityPolicy to use as the access policy for the group IDs in the access block. Default is 'Null' which points to Default Policy on Admin console.

accessPolicies TwingateSSHResourceAccessGroupAccessPolicy[]: Restrict access according to JIT access policy
groupId string: Group ID that will have permission to access the Resource.
securityPolicyId string: The ID of a twingate.getTwingateSecurityPolicy to use as the access policy for the group IDs in the access block. Default is 'Null' which points to Default Policy on Admin console.

access_policies Sequence[TwingateSSHResourceAccessGroupAccessPolicy]: Restrict access according to JIT access policy
group_id str: Group ID that will have permission to access the Resource.
security_policy_id str: The ID of a twingate.getTwingateSecurityPolicy to use as the access policy for the group IDs in the access block. Default is 'Null' which points to Default Policy on Admin console.

accessPolicies List<Property Map>: Restrict access according to JIT access policy
groupId String: Group ID that will have permission to access the Resource.
securityPolicyId String: The ID of a twingate.getTwingateSecurityPolicy to use as the access policy for the group IDs in the access block. Default is 'Null' which points to Default Policy on Admin console.

TwingateSSHResourceAccessGroupAccessPolicy, TwingateSSHResourceAccessGroupAccessPolicyArgs

ApprovalMode string: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
Duration string: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
Mode string: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

ApprovalMode string: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
Duration string: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
Mode string: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

approvalMode String: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
duration String: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
mode String: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

approvalMode string: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
duration string: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
mode string: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

approval_mode str: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
duration str: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
mode str: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

approvalMode String: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
duration String: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
mode String: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

TwingateSSHResourceAccessPolicy, TwingateSSHResourceAccessPolicyArgs

ApprovalMode string: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
Duration string: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
Mode string: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

ApprovalMode string: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
Duration string: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
Mode string: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

approvalMode String: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
duration String: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
mode String: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

approvalMode string: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
duration string: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
mode string: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

approval_mode str: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
duration str: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
mode str: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

approvalMode String: This will set the approval model for the policy. The valid values are AUTOMATIC and MANUAL.
duration String: This will set the access duration for the policy. Duration must be between 1 hour and 365 days. Examples of valid values include 1h and 2d.
mode String: This will set the accessPolicy mode for the policy. The valid values are MANUAL, AUTO_LOCK and ACCESS_REQUEST.

TwingateSSHResourceProtocols, TwingateSSHResourceProtocolsArgs

AllowIcmp bool: Whether to allow ICMP (ping) traffic
Tcp Twingate.Twingate.Inputs.TwingateSSHResourceProtocolsTcp
Udp Twingate.Twingate.Inputs.TwingateSSHResourceProtocolsUdp

AllowIcmp bool: Whether to allow ICMP (ping) traffic
Tcp TwingateSSHResourceProtocolsTcp
Udp TwingateSSHResourceProtocolsUdp

allowIcmp Boolean: Whether to allow ICMP (ping) traffic
tcp TwingateSSHResourceProtocolsTcp
udp TwingateSSHResourceProtocolsUdp

allowIcmp boolean: Whether to allow ICMP (ping) traffic
tcp TwingateSSHResourceProtocolsTcp
udp TwingateSSHResourceProtocolsUdp

allow_icmp bool: Whether to allow ICMP (ping) traffic
tcp TwingateSSHResourceProtocolsTcp
udp TwingateSSHResourceProtocolsUdp

allowIcmp Boolean: Whether to allow ICMP (ping) traffic
tcp Property Map
udp Property Map

TwingateSSHResourceProtocolsTcp, TwingateSSHResourceProtocolsTcpArgs

Policy string: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
Ports List<string>: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

Policy string: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
Ports []string: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

policy String: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
ports List<String>: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

policy string: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
ports string[]: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

policy str: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
ports Sequence[str]: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

policy String: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
ports List<String>: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

TwingateSSHResourceProtocolsUdp, TwingateSSHResourceProtocolsUdpArgs

Policy string: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
Ports List<string>: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

Policy string: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
Ports []string: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

policy String: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
ports List<String>: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

policy string: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
ports string[]: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

policy str: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
ports Sequence[str]: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

policy String: Whether to allow or deny all ports, or restrict protocol access within certain port ranges: Can be RESTRICTED (only listed ports are allowed), ALLOW_ALL, or DENY_ALL
ports List<String>: List of port ranges between 1 and 65535 inclusive, in the format 100-200 for a range, or 8080 for a single port

Package Details

Repository: twingate Twingate/pulumi-twingate
License: Apache-2.0
Notes: This Pulumi package is based on the twingate Terraform Provider.

Viewing docs for Twingate v4.1.0
published on Monday, Apr 13, 2026 by Twingate

Schema (JSON)

twingate/pulumi-twingate

twingate.TwingateSSHResource

On this page

On this page

Example Usage

Create TwingateSSHResource Resource

Constructor syntax

Parameters

Constructor example

TwingateSSHResource Resource Properties

Inputs

Outputs

Look up Existing TwingateSSHResource Resource

Supporting Types

TwingateSSHResourceAccessGroup, TwingateSSHResourceAccessGroupArgs

TwingateSSHResourceAccessGroupAccessPolicy, TwingateSSHResourceAccessGroupAccessPolicyArgs

TwingateSSHResourceAccessPolicy, TwingateSSHResourceAccessPolicyArgs

TwingateSSHResourceProtocols, TwingateSSHResourceProtocolsArgs

TwingateSSHResourceProtocolsTcp, TwingateSSHResourceProtocolsTcpArgs

TwingateSSHResourceProtocolsUdp, TwingateSSHResourceProtocolsUdpArgs

Package Details

On this page

On this page