com.pulumi.azurenative.network.AzureFirewall Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure-native Show documentation
Show all versions of azure-native Show documentation
A native Pulumi package for creating and managing Azure resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.azurenative.network;
import com.pulumi.azurenative.Utilities;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.outputs.AzureFirewallApplicationRuleCollectionResponse;
import com.pulumi.azurenative.network.outputs.AzureFirewallIPConfigurationResponse;
import com.pulumi.azurenative.network.outputs.AzureFirewallIpGroupsResponse;
import com.pulumi.azurenative.network.outputs.AzureFirewallNatRuleCollectionResponse;
import com.pulumi.azurenative.network.outputs.AzureFirewallNetworkRuleCollectionResponse;
import com.pulumi.azurenative.network.outputs.AzureFirewallSkuResponse;
import com.pulumi.azurenative.network.outputs.HubIPAddressesResponse;
import com.pulumi.azurenative.network.outputs.SubResourceResponse;
import com.pulumi.core.Alias;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Export;
import com.pulumi.core.annotations.ResourceType;
import com.pulumi.core.internal.Codegen;
import java.lang.String;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* Azure Firewall resource.
* Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-11-01.
*
* Other available API versions: 2020-04-01, 2023-04-01, 2023-05-01, 2023-06-01, 2023-09-01, 2023-11-01, 2024-01-01, 2024-03-01.
*
* ## Example Usage
* ### Create Azure Firewall
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.network.AzureFirewall;
* import com.pulumi.azurenative.network.AzureFirewallArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
* import com.pulumi.azurenative.network.inputs.SubResourceArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
* .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
* .action(AzureFirewallRCActionArgs.builder()
* .type("Deny")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
* .name("apprulecoll")
* .priority(110)
* .rules(AzureFirewallApplicationRuleArgs.builder()
* .description("Deny inbound rule")
* .name("rule1")
* .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
* .port(443)
* .protocolType("Https")
* .build())
* .sourceAddresses(
* "216.58.216.164",
* "10.0.0.0/24")
* .targetFqdns("www.test.com")
* .build())
* .build())
* .azureFirewallName("azurefirewall")
* .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
* .name("azureFirewallIpConfiguration")
* .publicIPAddress(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
* .build())
* .subnet(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
* .build())
* .build())
* .location("West US")
* .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
* .action(AzureFirewallNatRCActionArgs.builder()
* .type("Dnat")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
* .name("natrulecoll")
* .priority(112)
* .rules(
* AzureFirewallNatRuleArgs.builder()
* .description("D-NAT all outbound web traffic for inspection")
* .destinationAddresses("1.2.3.4")
* .destinationPorts("443")
* .name("DNAT-HTTPS-traffic")
* .protocols("TCP")
* .sourceAddresses("*")
* .translatedAddress("1.2.3.5")
* .translatedPort("8443")
* .build(),
* AzureFirewallNatRuleArgs.builder()
* .description("D-NAT all inbound web traffic for inspection")
* .destinationAddresses("1.2.3.4")
* .destinationPorts("80")
* .name("DNAT-HTTP-traffic-With-FQDN")
* .protocols("TCP")
* .sourceAddresses("*")
* .translatedFqdn("internalhttpserver")
* .translatedPort("880")
* .build())
* .build())
* .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
* .action(AzureFirewallRCActionArgs.builder()
* .type("Deny")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
* .name("netrulecoll")
* .priority(112)
* .rules(
* AzureFirewallNetworkRuleArgs.builder()
* .description("Block traffic based on source IPs and ports")
* .destinationAddresses("*")
* .destinationPorts(
* "443-444",
* "8443")
* .name("L4-traffic")
* .protocols("TCP")
* .sourceAddresses(
* "192.168.1.1-192.168.1.12",
* "10.1.4.12-10.1.4.255")
* .build(),
* AzureFirewallNetworkRuleArgs.builder()
* .description("Block traffic based on source IPs and ports to amazon")
* .destinationFqdns("www.amazon.com")
* .destinationPorts(
* "443-444",
* "8443")
* .name("L4-traffic-with-FQDN")
* .protocols("TCP")
* .sourceAddresses("10.2.4.12-10.2.4.255")
* .build())
* .build())
* .resourceGroupName("rg1")
* .sku(AzureFirewallSkuArgs.builder()
* .name("AZFW_VNet")
* .tier("Standard")
* .build())
* .tags(Map.of("key1", "value1"))
* .threatIntelMode("Alert")
* .zones()
* .build());
*
* }
* }
*
* }
*
* ### Create Azure Firewall With Additional Properties
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.network.AzureFirewall;
* import com.pulumi.azurenative.network.AzureFirewallArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
* import com.pulumi.azurenative.network.inputs.SubResourceArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
* .additionalProperties(Map.ofEntries(
* Map.entry("key1", "value1"),
* Map.entry("key2", "value2")
* ))
* .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
* .action(AzureFirewallRCActionArgs.builder()
* .type("Deny")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
* .name("apprulecoll")
* .priority(110)
* .rules(AzureFirewallApplicationRuleArgs.builder()
* .description("Deny inbound rule")
* .name("rule1")
* .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
* .port(443)
* .protocolType("Https")
* .build())
* .sourceAddresses(
* "216.58.216.164",
* "10.0.0.0/24")
* .targetFqdns("www.test.com")
* .build())
* .build())
* .azureFirewallName("azurefirewall")
* .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
* .name("azureFirewallIpConfiguration")
* .publicIPAddress(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
* .build())
* .subnet(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
* .build())
* .build())
* .location("West US")
* .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
* .action(AzureFirewallNatRCActionArgs.builder()
* .type("Dnat")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
* .name("natrulecoll")
* .priority(112)
* .rules(
* AzureFirewallNatRuleArgs.builder()
* .description("D-NAT all outbound web traffic for inspection")
* .destinationAddresses("1.2.3.4")
* .destinationPorts("443")
* .name("DNAT-HTTPS-traffic")
* .protocols("TCP")
* .sourceAddresses("*")
* .translatedAddress("1.2.3.5")
* .translatedPort("8443")
* .build(),
* AzureFirewallNatRuleArgs.builder()
* .description("D-NAT all inbound web traffic for inspection")
* .destinationAddresses("1.2.3.4")
* .destinationPorts("80")
* .name("DNAT-HTTP-traffic-With-FQDN")
* .protocols("TCP")
* .sourceAddresses("*")
* .translatedFqdn("internalhttpserver")
* .translatedPort("880")
* .build())
* .build())
* .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
* .action(AzureFirewallRCActionArgs.builder()
* .type("Deny")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
* .name("netrulecoll")
* .priority(112)
* .rules(
* AzureFirewallNetworkRuleArgs.builder()
* .description("Block traffic based on source IPs and ports")
* .destinationAddresses("*")
* .destinationPorts(
* "443-444",
* "8443")
* .name("L4-traffic")
* .protocols("TCP")
* .sourceAddresses(
* "192.168.1.1-192.168.1.12",
* "10.1.4.12-10.1.4.255")
* .build(),
* AzureFirewallNetworkRuleArgs.builder()
* .description("Block traffic based on source IPs and ports to amazon")
* .destinationFqdns("www.amazon.com")
* .destinationPorts(
* "443-444",
* "8443")
* .name("L4-traffic-with-FQDN")
* .protocols("TCP")
* .sourceAddresses("10.2.4.12-10.2.4.255")
* .build())
* .build())
* .resourceGroupName("rg1")
* .sku(AzureFirewallSkuArgs.builder()
* .name("AZFW_VNet")
* .tier("Standard")
* .build())
* .tags(Map.of("key1", "value1"))
* .threatIntelMode("Alert")
* .zones()
* .build());
*
* }
* }
*
* }
*
* ### Create Azure Firewall With IpGroups
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.network.AzureFirewall;
* import com.pulumi.azurenative.network.AzureFirewallArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
* import com.pulumi.azurenative.network.inputs.SubResourceArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
* .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
* .action(AzureFirewallRCActionArgs.builder()
* .type("Deny")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
* .name("apprulecoll")
* .priority(110)
* .rules(AzureFirewallApplicationRuleArgs.builder()
* .description("Deny inbound rule")
* .name("rule1")
* .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
* .port(443)
* .protocolType("Https")
* .build())
* .sourceAddresses(
* "216.58.216.164",
* "10.0.0.0/24")
* .targetFqdns("www.test.com")
* .build())
* .build())
* .azureFirewallName("azurefirewall")
* .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
* .name("azureFirewallIpConfiguration")
* .publicIPAddress(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
* .build())
* .subnet(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
* .build())
* .build())
* .location("West US")
* .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
* .action(AzureFirewallNatRCActionArgs.builder()
* .type("Dnat")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
* .name("natrulecoll")
* .priority(112)
* .rules(
* AzureFirewallNatRuleArgs.builder()
* .description("D-NAT all outbound web traffic for inspection")
* .destinationAddresses("1.2.3.4")
* .destinationPorts("443")
* .name("DNAT-HTTPS-traffic")
* .protocols("TCP")
* .sourceAddresses("*")
* .translatedAddress("1.2.3.5")
* .translatedPort("8443")
* .build(),
* AzureFirewallNatRuleArgs.builder()
* .description("D-NAT all inbound web traffic for inspection")
* .destinationAddresses("1.2.3.4")
* .destinationPorts("80")
* .name("DNAT-HTTP-traffic-With-FQDN")
* .protocols("TCP")
* .sourceAddresses("*")
* .translatedFqdn("internalhttpserver")
* .translatedPort("880")
* .build())
* .build())
* .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
* .action(AzureFirewallRCActionArgs.builder()
* .type("Deny")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
* .name("netrulecoll")
* .priority(112)
* .rules(
* AzureFirewallNetworkRuleArgs.builder()
* .description("Block traffic based on source IPs and ports")
* .destinationAddresses("*")
* .destinationPorts(
* "443-444",
* "8443")
* .name("L4-traffic")
* .protocols("TCP")
* .sourceAddresses(
* "192.168.1.1-192.168.1.12",
* "10.1.4.12-10.1.4.255")
* .build(),
* AzureFirewallNetworkRuleArgs.builder()
* .description("Block traffic based on source IPs and ports to amazon")
* .destinationFqdns("www.amazon.com")
* .destinationPorts(
* "443-444",
* "8443")
* .name("L4-traffic-with-FQDN")
* .protocols("TCP")
* .sourceAddresses("10.2.4.12-10.2.4.255")
* .build())
* .build())
* .resourceGroupName("rg1")
* .sku(AzureFirewallSkuArgs.builder()
* .name("AZFW_VNet")
* .tier("Standard")
* .build())
* .tags(Map.of("key1", "value1"))
* .threatIntelMode("Alert")
* .zones()
* .build());
*
* }
* }
*
* }
*
* ### Create Azure Firewall With Zones
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.network.AzureFirewall;
* import com.pulumi.azurenative.network.AzureFirewallArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
* import com.pulumi.azurenative.network.inputs.SubResourceArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
* .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
* .action(AzureFirewallRCActionArgs.builder()
* .type("Deny")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
* .name("apprulecoll")
* .priority(110)
* .rules(AzureFirewallApplicationRuleArgs.builder()
* .description("Deny inbound rule")
* .name("rule1")
* .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
* .port(443)
* .protocolType("Https")
* .build())
* .sourceAddresses(
* "216.58.216.164",
* "10.0.0.0/24")
* .targetFqdns("www.test.com")
* .build())
* .build())
* .azureFirewallName("azurefirewall")
* .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
* .name("azureFirewallIpConfiguration")
* .publicIPAddress(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
* .build())
* .subnet(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
* .build())
* .build())
* .location("West US 2")
* .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
* .action(AzureFirewallNatRCActionArgs.builder()
* .type("Dnat")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
* .name("natrulecoll")
* .priority(112)
* .rules(
* AzureFirewallNatRuleArgs.builder()
* .description("D-NAT all outbound web traffic for inspection")
* .destinationAddresses("1.2.3.4")
* .destinationPorts("443")
* .name("DNAT-HTTPS-traffic")
* .protocols("TCP")
* .sourceAddresses("*")
* .translatedAddress("1.2.3.5")
* .translatedPort("8443")
* .build(),
* AzureFirewallNatRuleArgs.builder()
* .description("D-NAT all inbound web traffic for inspection")
* .destinationAddresses("1.2.3.4")
* .destinationPorts("80")
* .name("DNAT-HTTP-traffic-With-FQDN")
* .protocols("TCP")
* .sourceAddresses("*")
* .translatedFqdn("internalhttpserver")
* .translatedPort("880")
* .build())
* .build())
* .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
* .action(AzureFirewallRCActionArgs.builder()
* .type("Deny")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
* .name("netrulecoll")
* .priority(112)
* .rules(
* AzureFirewallNetworkRuleArgs.builder()
* .description("Block traffic based on source IPs and ports")
* .destinationAddresses("*")
* .destinationPorts(
* "443-444",
* "8443")
* .name("L4-traffic")
* .protocols("TCP")
* .sourceAddresses(
* "192.168.1.1-192.168.1.12",
* "10.1.4.12-10.1.4.255")
* .build(),
* AzureFirewallNetworkRuleArgs.builder()
* .description("Block traffic based on source IPs and ports to amazon")
* .destinationFqdns("www.amazon.com")
* .destinationPorts(
* "443-444",
* "8443")
* .name("L4-traffic-with-FQDN")
* .protocols("TCP")
* .sourceAddresses("10.2.4.12-10.2.4.255")
* .build())
* .build())
* .resourceGroupName("rg1")
* .sku(AzureFirewallSkuArgs.builder()
* .name("AZFW_VNet")
* .tier("Standard")
* .build())
* .tags(Map.of("key1", "value1"))
* .threatIntelMode("Alert")
* .zones(
* "1",
* "2",
* "3")
* .build());
*
* }
* }
*
* }
*
* ### Create Azure Firewall With management subnet
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.network.AzureFirewall;
* import com.pulumi.azurenative.network.AzureFirewallArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
* import com.pulumi.azurenative.network.inputs.SubResourceArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
* .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
* .action(AzureFirewallRCActionArgs.builder()
* .type("Deny")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
* .name("apprulecoll")
* .priority(110)
* .rules(AzureFirewallApplicationRuleArgs.builder()
* .description("Deny inbound rule")
* .name("rule1")
* .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
* .port(443)
* .protocolType("Https")
* .build())
* .sourceAddresses(
* "216.58.216.164",
* "10.0.0.0/24")
* .targetFqdns("www.test.com")
* .build())
* .build())
* .azureFirewallName("azurefirewall")
* .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
* .name("azureFirewallIpConfiguration")
* .publicIPAddress(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
* .build())
* .subnet(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
* .build())
* .build())
* .location("West US")
* .managementIpConfiguration(AzureFirewallIPConfigurationArgs.builder()
* .name("azureFirewallMgmtIpConfiguration")
* .publicIPAddress(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName")
* .build())
* .subnet(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet")
* .build())
* .build())
* .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
* .action(AzureFirewallNatRCActionArgs.builder()
* .type("Dnat")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
* .name("natrulecoll")
* .priority(112)
* .rules(
* AzureFirewallNatRuleArgs.builder()
* .description("D-NAT all outbound web traffic for inspection")
* .destinationAddresses("1.2.3.4")
* .destinationPorts("443")
* .name("DNAT-HTTPS-traffic")
* .protocols("TCP")
* .sourceAddresses("*")
* .translatedAddress("1.2.3.5")
* .translatedPort("8443")
* .build(),
* AzureFirewallNatRuleArgs.builder()
* .description("D-NAT all inbound web traffic for inspection")
* .destinationAddresses("1.2.3.4")
* .destinationPorts("80")
* .name("DNAT-HTTP-traffic-With-FQDN")
* .protocols("TCP")
* .sourceAddresses("*")
* .translatedFqdn("internalhttpserver")
* .translatedPort("880")
* .build())
* .build())
* .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
* .action(AzureFirewallRCActionArgs.builder()
* .type("Deny")
* .build())
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
* .name("netrulecoll")
* .priority(112)
* .rules(
* AzureFirewallNetworkRuleArgs.builder()
* .description("Block traffic based on source IPs and ports")
* .destinationAddresses("*")
* .destinationPorts(
* "443-444",
* "8443")
* .name("L4-traffic")
* .protocols("TCP")
* .sourceAddresses(
* "192.168.1.1-192.168.1.12",
* "10.1.4.12-10.1.4.255")
* .build(),
* AzureFirewallNetworkRuleArgs.builder()
* .description("Block traffic based on source IPs and ports to amazon")
* .destinationFqdns("www.amazon.com")
* .destinationPorts(
* "443-444",
* "8443")
* .name("L4-traffic-with-FQDN")
* .protocols("TCP")
* .sourceAddresses("10.2.4.12-10.2.4.255")
* .build())
* .build())
* .resourceGroupName("rg1")
* .sku(AzureFirewallSkuArgs.builder()
* .name("AZFW_VNet")
* .tier("Standard")
* .build())
* .tags(Map.of("key1", "value1"))
* .threatIntelMode("Alert")
* .zones()
* .build());
*
* }
* }
*
* }
*
* ### Create Azure Firewall in virtual Hub
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.network.AzureFirewall;
* import com.pulumi.azurenative.network.AzureFirewallArgs;
* import com.pulumi.azurenative.network.inputs.SubResourceArgs;
* import com.pulumi.azurenative.network.inputs.HubIPAddressesArgs;
* import com.pulumi.azurenative.network.inputs.HubPublicIPAddressesArgs;
* import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
* .azureFirewallName("azurefirewall")
* .firewallPolicy(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1")
* .build())
* .hubIPAddresses(HubIPAddressesArgs.builder()
* .publicIPs(HubPublicIPAddressesArgs.builder()
* .addresses()
* .count(1)
* .build())
* .build())
* .location("West US")
* .resourceGroupName("rg1")
* .sku(AzureFirewallSkuArgs.builder()
* .name("AZFW_Hub")
* .tier("Standard")
* .build())
* .tags(Map.of("key1", "value1"))
* .threatIntelMode("Alert")
* .virtualHub(SubResourceArgs.builder()
* .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1")
* .build())
* .zones()
* .build());
*
* }
* }
*
* }
*
*
* ## Import
*
* An existing resource can be imported using its type token, name, and identifier, e.g.
*
* ```sh
* $ pulumi import azure-native:network:AzureFirewall azurefirewall /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/azureFirewalls/{azureFirewallName}
* ```
*
*/
@ResourceType(type="azure-native:network:AzureFirewall")
public class AzureFirewall extends com.pulumi.resources.CustomResource {
/**
* The additional properties used to further config this azure firewall.
*
*/
@Export(name="additionalProperties", refs={Map.class,String.class}, tree="[0,1,1]")
private Output> additionalProperties;
/**
* @return The additional properties used to further config this azure firewall.
*
*/
public Output>> additionalProperties() {
return Codegen.optional(this.additionalProperties);
}
/**
* Collection of application rule collections used by Azure Firewall.
*
*/
@Export(name="applicationRuleCollections", refs={List.class,AzureFirewallApplicationRuleCollectionResponse.class}, tree="[0,1]")
private Output> applicationRuleCollections;
/**
* @return Collection of application rule collections used by Azure Firewall.
*
*/
public Output>> applicationRuleCollections() {
return Codegen.optional(this.applicationRuleCollections);
}
/**
* A unique read-only string that changes whenever the resource is updated.
*
*/
@Export(name="etag", refs={String.class}, tree="[0]")
private Output etag;
/**
* @return A unique read-only string that changes whenever the resource is updated.
*
*/
public Output etag() {
return this.etag;
}
/**
* The firewallPolicy associated with this azure firewall.
*
*/
@Export(name="firewallPolicy", refs={SubResourceResponse.class}, tree="[0]")
private Output firewallPolicy;
/**
* @return The firewallPolicy associated with this azure firewall.
*
*/
public Output> firewallPolicy() {
return Codegen.optional(this.firewallPolicy);
}
/**
* IP addresses associated with AzureFirewall.
*
*/
@Export(name="hubIPAddresses", refs={HubIPAddressesResponse.class}, tree="[0]")
private Output hubIPAddresses;
/**
* @return IP addresses associated with AzureFirewall.
*
*/
public Output> hubIPAddresses() {
return Codegen.optional(this.hubIPAddresses);
}
/**
* IP configuration of the Azure Firewall resource.
*
*/
@Export(name="ipConfigurations", refs={List.class,AzureFirewallIPConfigurationResponse.class}, tree="[0,1]")
private Output> ipConfigurations;
/**
* @return IP configuration of the Azure Firewall resource.
*
*/
public Output>> ipConfigurations() {
return Codegen.optional(this.ipConfigurations);
}
/**
* IpGroups associated with AzureFirewall.
*
*/
@Export(name="ipGroups", refs={List.class,AzureFirewallIpGroupsResponse.class}, tree="[0,1]")
private Output> ipGroups;
/**
* @return IpGroups associated with AzureFirewall.
*
*/
public Output> ipGroups() {
return this.ipGroups;
}
/**
* Resource location.
*
*/
@Export(name="location", refs={String.class}, tree="[0]")
private Output location;
/**
* @return Resource location.
*
*/
public Output> location() {
return Codegen.optional(this.location);
}
/**
* IP configuration of the Azure Firewall used for management traffic.
*
*/
@Export(name="managementIpConfiguration", refs={AzureFirewallIPConfigurationResponse.class}, tree="[0]")
private Output managementIpConfiguration;
/**
* @return IP configuration of the Azure Firewall used for management traffic.
*
*/
public Output> managementIpConfiguration() {
return Codegen.optional(this.managementIpConfiguration);
}
/**
* Resource name.
*
*/
@Export(name="name", refs={String.class}, tree="[0]")
private Output name;
/**
* @return Resource name.
*
*/
public Output name() {
return this.name;
}
/**
* Collection of NAT rule collections used by Azure Firewall.
*
*/
@Export(name="natRuleCollections", refs={List.class,AzureFirewallNatRuleCollectionResponse.class}, tree="[0,1]")
private Output> natRuleCollections;
/**
* @return Collection of NAT rule collections used by Azure Firewall.
*
*/
public Output>> natRuleCollections() {
return Codegen.optional(this.natRuleCollections);
}
/**
* Collection of network rule collections used by Azure Firewall.
*
*/
@Export(name="networkRuleCollections", refs={List.class,AzureFirewallNetworkRuleCollectionResponse.class}, tree="[0,1]")
private Output> networkRuleCollections;
/**
* @return Collection of network rule collections used by Azure Firewall.
*
*/
public Output>> networkRuleCollections() {
return Codegen.optional(this.networkRuleCollections);
}
/**
* The provisioning state of the Azure firewall resource.
*
*/
@Export(name="provisioningState", refs={String.class}, tree="[0]")
private Output provisioningState;
/**
* @return The provisioning state of the Azure firewall resource.
*
*/
public Output provisioningState() {
return this.provisioningState;
}
/**
* The Azure Firewall Resource SKU.
*
*/
@Export(name="sku", refs={AzureFirewallSkuResponse.class}, tree="[0]")
private Output sku;
/**
* @return The Azure Firewall Resource SKU.
*
*/
public Output> sku() {
return Codegen.optional(this.sku);
}
/**
* Resource tags.
*
*/
@Export(name="tags", refs={Map.class,String.class}, tree="[0,1,1]")
private Output> tags;
/**
* @return Resource tags.
*
*/
public Output>> tags() {
return Codegen.optional(this.tags);
}
/**
* The operation mode for Threat Intelligence.
*
*/
@Export(name="threatIntelMode", refs={String.class}, tree="[0]")
private Output threatIntelMode;
/**
* @return The operation mode for Threat Intelligence.
*
*/
public Output> threatIntelMode() {
return Codegen.optional(this.threatIntelMode);
}
/**
* Resource type.
*
*/
@Export(name="type", refs={String.class}, tree="[0]")
private Output type;
/**
* @return Resource type.
*
*/
public Output type() {
return this.type;
}
/**
* The virtualHub to which the firewall belongs.
*
*/
@Export(name="virtualHub", refs={SubResourceResponse.class}, tree="[0]")
private Output virtualHub;
/**
* @return The virtualHub to which the firewall belongs.
*
*/
public Output> virtualHub() {
return Codegen.optional(this.virtualHub);
}
/**
* A list of availability zones denoting where the resource needs to come from.
*
*/
@Export(name="zones", refs={List.class,String.class}, tree="[0,1]")
private Output> zones;
/**
* @return A list of availability zones denoting where the resource needs to come from.
*
*/
public Output>> zones() {
return Codegen.optional(this.zones);
}
/**
*
* @param name The _unique_ name of the resulting resource.
*/
public AzureFirewall(java.lang.String name) {
this(name, AzureFirewallArgs.Empty);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
*/
public AzureFirewall(java.lang.String name, AzureFirewallArgs args) {
this(name, args, null);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
* @param options A bag of options that control this resource's behavior.
*/
public AzureFirewall(java.lang.String name, AzureFirewallArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure-native:network:AzureFirewall", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
}
private AzureFirewall(java.lang.String name, Output id, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure-native:network:AzureFirewall", name, null, makeResourceOptions(options, id), false);
}
private static AzureFirewallArgs makeArgs(AzureFirewallArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
if (options != null && options.getUrn().isPresent()) {
return null;
}
return args == null ? AzureFirewallArgs.Empty : args;
}
private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
.version(Utilities.getVersion())
.aliases(List.of(
Output.of(Alias.builder().type("azure-native:network/v20180401:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20180601:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20180701:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20180801:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20181001:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20181101:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20181201:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20190201:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20190401:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20190601:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20190701:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20190801:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20190901:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20191101:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20191201:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20200301:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20200401:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20200501:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20200601:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20200701:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20200801:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20201101:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20210201:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20210301:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20210501:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20210801:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20220101:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20220501:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20220701:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20220901:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20221101:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20230201:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20230401:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20230501:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20230601:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20230901:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20231101:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20240101:AzureFirewall").build()),
Output.of(Alias.builder().type("azure-native:network/v20240301:AzureFirewall").build())
))
.build();
return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
}
/**
* Get an existing Host resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param options Optional settings to control the behavior of the CustomResource.
*/
public static AzureFirewall get(java.lang.String name, Output id, @Nullable com.pulumi.resources.CustomResourceOptions options) {
return new AzureFirewall(name, id, options);
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy