Docs Home
Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi
cloudngfwaws.SecurityRule
Explore with Pulumi AI
Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi
Resource for security rule manipulation.
Admin Permission Type
Rulestack(forscope="Local")Global Rulestack(forscope="Global")
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudngfwaws from "@pulumi/cloudngfwaws";
const r = new cloudngfwaws.Rulestack("r", {
name: "terraform-rulestack",
scope: "Local",
accountId: "123456789",
description: "Made by Pulumi",
profileConfig: {
antiSpyware: "BestPractice",
},
});
const example = new cloudngfwaws.SecurityRule("example", {
rulestack: r.name,
ruleList: "LocalRule",
priority: 3,
name: "tf-security-rule",
description: "Also configured by Terraform",
source: {
cidrs: ["any"],
},
destination: {
cidrs: ["192.168.0.0/16"],
},
negateDestination: true,
applications: ["any"],
category: {},
action: "Allow",
logging: true,
auditComment: "initial config",
});
import pulumi
import pulumi_cloudngfwaws as cloudngfwaws
r = cloudngfwaws.Rulestack("r",
name="terraform-rulestack",
scope="Local",
account_id="123456789",
description="Made by Pulumi",
profile_config={
"anti_spyware": "BestPractice",
})
example = cloudngfwaws.SecurityRule("example",
rulestack=r.name,
rule_list="LocalRule",
priority=3,
name="tf-security-rule",
description="Also configured by Terraform",
source={
"cidrs": ["any"],
},
destination={
"cidrs": ["192.168.0.0/16"],
},
negate_destination=True,
applications=["any"],
category={},
action="Allow",
logging=True,
audit_comment="initial config")
package main
import (
"github.com/pulumi/pulumi-cloudngfwaws/sdk/go/cloudngfwaws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
r, err := cloudngfwaws.NewRulestack(ctx, "r", &cloudngfwaws.RulestackArgs{
Name: pulumi.String("terraform-rulestack"),
Scope: pulumi.String("Local"),
AccountId: pulumi.String("123456789"),
Description: pulumi.String("Made by Pulumi"),
ProfileConfig: &cloudngfwaws.RulestackProfileConfigArgs{
AntiSpyware: pulumi.String("BestPractice"),
},
})
if err != nil {
return err
}
_, err = cloudngfwaws.NewSecurityRule(ctx, "example", &cloudngfwaws.SecurityRuleArgs{
Rulestack: r.Name,
RuleList: pulumi.String("LocalRule"),
Priority: pulumi.Int(3),
Name: pulumi.String("tf-security-rule"),
Description: pulumi.String("Also configured by Terraform"),
Source: &cloudngfwaws.SecurityRuleSourceArgs{
Cidrs: pulumi.StringArray{
pulumi.String("any"),
},
},
Destination: &cloudngfwaws.SecurityRuleDestinationArgs{
Cidrs: pulumi.StringArray{
pulumi.String("192.168.0.0/16"),
},
},
NegateDestination: pulumi.Bool(true),
Applications: pulumi.StringArray{
pulumi.String("any"),
},
Category: &cloudngfwaws.SecurityRuleCategoryArgs{},
Action: pulumi.String("Allow"),
Logging: pulumi.Bool(true),
AuditComment: pulumi.String("initial config"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using CloudNgfwAws = Pulumi.CloudNgfwAws;
return await Deployment.RunAsync(() =>
{
var r = new CloudNgfwAws.Rulestack("r", new()
{
Name = "terraform-rulestack",
Scope = "Local",
AccountId = "123456789",
Description = "Made by Pulumi",
ProfileConfig = new CloudNgfwAws.Inputs.RulestackProfileConfigArgs
{
AntiSpyware = "BestPractice",
},
});
var example = new CloudNgfwAws.SecurityRule("example", new()
{
Rulestack = r.Name,
RuleList = "LocalRule",
Priority = 3,
Name = "tf-security-rule",
Description = "Also configured by Terraform",
Source = new CloudNgfwAws.Inputs.SecurityRuleSourceArgs
{
Cidrs = new[]
{
"any",
},
},
Destination = new CloudNgfwAws.Inputs.SecurityRuleDestinationArgs
{
Cidrs = new[]
{
"192.168.0.0/16",
},
},
NegateDestination = true,
Applications = new[]
{
"any",
},
Category = null,
Action = "Allow",
Logging = true,
AuditComment = "initial config",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudngfwaws.Rulestack;
import com.pulumi.cloudngfwaws.RulestackArgs;
import com.pulumi.cloudngfwaws.inputs.RulestackProfileConfigArgs;
import com.pulumi.cloudngfwaws.SecurityRule;
import com.pulumi.cloudngfwaws.SecurityRuleArgs;
import com.pulumi.cloudngfwaws.inputs.SecurityRuleSourceArgs;
import com.pulumi.cloudngfwaws.inputs.SecurityRuleDestinationArgs;
import com.pulumi.cloudngfwaws.inputs.SecurityRuleCategoryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var r = new Rulestack("r", RulestackArgs.builder()
.name("terraform-rulestack")
.scope("Local")
.accountId("123456789")
.description("Made by Pulumi")
.profileConfig(RulestackProfileConfigArgs.builder()
.antiSpyware("BestPractice")
.build())
.build());
var example = new SecurityRule("example", SecurityRuleArgs.builder()
.rulestack(r.name())
.ruleList("LocalRule")
.priority(3)
.name("tf-security-rule")
.description("Also configured by Terraform")
.source(SecurityRuleSourceArgs.builder()
.cidrs("any")
.build())
.destination(SecurityRuleDestinationArgs.builder()
.cidrs("192.168.0.0/16")
.build())
.negateDestination(true)
.applications("any")
.category()
.action("Allow")
.logging(true)
.auditComment("initial config")
.build());
}
}
resources:
example:
type: cloudngfwaws:SecurityRule
properties:
rulestack: ${r.name}
ruleList: LocalRule
priority: 3
name: tf-security-rule
description: Also configured by Terraform
source:
cidrs:
- any
destination:
cidrs:
- 192.168.0.0/16
negateDestination: true
applications:
- any
category: {}
action: Allow
logging: true
auditComment: initial config
r:
type: cloudngfwaws:Rulestack
properties:
name: terraform-rulestack
scope: Local
accountId: '123456789'
description: Made by Pulumi
profileConfig:
antiSpyware: BestPractice
Create SecurityRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecurityRule(name: string, args: SecurityRuleArgs, opts?: CustomResourceOptions);@overload
def SecurityRule(resource_name: str,
args: SecurityRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecurityRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
applications: Optional[Sequence[str]] = None,
source: Optional[SecurityRuleSourceArgs] = None,
category: Optional[SecurityRuleCategoryArgs] = None,
rulestack: Optional[str] = None,
priority: Optional[int] = None,
destination: Optional[SecurityRuleDestinationArgs] = None,
negate_destination: Optional[bool] = None,
logging: Optional[bool] = None,
name: Optional[str] = None,
enabled: Optional[bool] = None,
negate_source: Optional[bool] = None,
description: Optional[str] = None,
prot_port_lists: Optional[Sequence[str]] = None,
protocol: Optional[str] = None,
rule_list: Optional[str] = None,
decryption_rule_type: Optional[str] = None,
scope: Optional[str] = None,
audit_comment: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewSecurityRule(ctx *Context, name string, args SecurityRuleArgs, opts ...ResourceOption) (*SecurityRule, error)public SecurityRule(string name, SecurityRuleArgs args, CustomResourceOptions? opts = null)
public SecurityRule(String name, SecurityRuleArgs args)
public SecurityRule(String name, SecurityRuleArgs args, CustomResourceOptions options)
type: cloudngfwaws:SecurityRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecurityRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecurityRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecurityRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecurityRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecurityRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var securityRuleResource = new CloudNgfwAws.SecurityRule("securityRuleResource", new()
{
Action = "string",
Applications = new[]
{
"string",
},
Source = new CloudNgfwAws.Inputs.SecurityRuleSourceArgs
{
Cidrs = new[]
{
"string",
},
Countries = new[]
{
"string",
},
Feeds = new[]
{
"string",
},
PrefixLists = new[]
{
"string",
},
},
Category = new CloudNgfwAws.Inputs.SecurityRuleCategoryArgs
{
Feeds = new[]
{
"string",
},
UrlCategoryNames = new[]
{
"string",
},
},
Rulestack = "string",
Priority = 0,
Destination = new CloudNgfwAws.Inputs.SecurityRuleDestinationArgs
{
Cidrs = new[]
{
"string",
},
Countries = new[]
{
"string",
},
Feeds = new[]
{
"string",
},
FqdnLists = new[]
{
"string",
},
PrefixLists = new[]
{
"string",
},
},
NegateDestination = false,
Logging = false,
Name = "string",
Enabled = false,
NegateSource = false,
Description = "string",
ProtPortLists = new[]
{
"string",
},
Protocol = "string",
RuleList = "string",
DecryptionRuleType = "string",
Scope = "string",
AuditComment = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := cloudngfwaws.NewSecurityRule(ctx, "securityRuleResource", &cloudngfwaws.SecurityRuleArgs{
Action: pulumi.String("string"),
Applications: pulumi.StringArray{
pulumi.String("string"),
},
Source: &cloudngfwaws.SecurityRuleSourceArgs{
Cidrs: pulumi.StringArray{
pulumi.String("string"),
},
Countries: pulumi.StringArray{
pulumi.String("string"),
},
Feeds: pulumi.StringArray{
pulumi.String("string"),
},
PrefixLists: pulumi.StringArray{
pulumi.String("string"),
},
},
Category: &cloudngfwaws.SecurityRuleCategoryArgs{
Feeds: pulumi.StringArray{
pulumi.String("string"),
},
UrlCategoryNames: pulumi.StringArray{
pulumi.String("string"),
},
},
Rulestack: pulumi.String("string"),
Priority: pulumi.Int(0),
Destination: &cloudngfwaws.SecurityRuleDestinationArgs{
Cidrs: pulumi.StringArray{
pulumi.String("string"),
},
Countries: pulumi.StringArray{
pulumi.String("string"),
},
Feeds: pulumi.StringArray{
pulumi.String("string"),
},
FqdnLists: pulumi.StringArray{
pulumi.String("string"),
},
PrefixLists: pulumi.StringArray{
pulumi.String("string"),
},
},
NegateDestination: pulumi.Bool(false),
Logging: pulumi.Bool(false),
Name: pulumi.String("string"),
Enabled: pulumi.Bool(false),
NegateSource: pulumi.Bool(false),
Description: pulumi.String("string"),
ProtPortLists: pulumi.StringArray{
pulumi.String("string"),
},
Protocol: pulumi.String("string"),
RuleList: pulumi.String("string"),
DecryptionRuleType: pulumi.String("string"),
Scope: pulumi.String("string"),
AuditComment: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var securityRuleResource = new SecurityRule("securityRuleResource", SecurityRuleArgs.builder()
.action("string")
.applications("string")
.source(SecurityRuleSourceArgs.builder()
.cidrs("string")
.countries("string")
.feeds("string")
.prefixLists("string")
.build())
.category(SecurityRuleCategoryArgs.builder()
.feeds("string")
.urlCategoryNames("string")
.build())
.rulestack("string")
.priority(0)
.destination(SecurityRuleDestinationArgs.builder()
.cidrs("string")
.countries("string")
.feeds("string")
.fqdnLists("string")
.prefixLists("string")
.build())
.negateDestination(false)
.logging(false)
.name("string")
.enabled(false)
.negateSource(false)
.description("string")
.protPortLists("string")
.protocol("string")
.ruleList("string")
.decryptionRuleType("string")
.scope("string")
.auditComment("string")
.tags(Map.of("string", "string"))
.build());
security_rule_resource = cloudngfwaws.SecurityRule("securityRuleResource",
action="string",
applications=["string"],
source={
"cidrs": ["string"],
"countries": ["string"],
"feeds": ["string"],
"prefix_lists": ["string"],
},
category={
"feeds": ["string"],
"url_category_names": ["string"],
},
rulestack="string",
priority=0,
destination={
"cidrs": ["string"],
"countries": ["string"],
"feeds": ["string"],
"fqdn_lists": ["string"],
"prefix_lists": ["string"],
},
negate_destination=False,
logging=False,
name="string",
enabled=False,
negate_source=False,
description="string",
prot_port_lists=["string"],
protocol="string",
rule_list="string",
decryption_rule_type="string",
scope="string",
audit_comment="string",
tags={
"string": "string",
})
const securityRuleResource = new cloudngfwaws.SecurityRule("securityRuleResource", {
action: "string",
applications: ["string"],
source: {
cidrs: ["string"],
countries: ["string"],
feeds: ["string"],
prefixLists: ["string"],
},
category: {
feeds: ["string"],
urlCategoryNames: ["string"],
},
rulestack: "string",
priority: 0,
destination: {
cidrs: ["string"],
countries: ["string"],
feeds: ["string"],
fqdnLists: ["string"],
prefixLists: ["string"],
},
negateDestination: false,
logging: false,
name: "string",
enabled: false,
negateSource: false,
description: "string",
protPortLists: ["string"],
protocol: "string",
ruleList: "string",
decryptionRuleType: "string",
scope: "string",
auditComment: "string",
tags: {
string: "string",
},
});
type: cloudngfwaws:SecurityRule
properties:
action: string
applications:
- string
auditComment: string
category:
feeds:
- string
urlCategoryNames:
- string
decryptionRuleType: string
description: string
destination:
cidrs:
- string
countries:
- string
feeds:
- string
fqdnLists:
- string
prefixLists:
- string
enabled: false
logging: false
name: string
negateDestination: false
negateSource: false
priority: 0
protPortLists:
- string
protocol: string
ruleList: string
rulestack: string
scope: string
source:
cidrs:
- string
countries:
- string
feeds:
- string
prefixLists:
- string
tags:
string: string
SecurityRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecurityRule resource accepts the following input properties:
- Action string
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - Applications List<string>
- The list of applications.
- Category
Pulumi.
Cloud Ngfw Aws. Inputs. Security Rule Category - The category spec.
- Destination
Pulumi.
Cloud Ngfw Aws. Inputs. Security Rule Destination - The destination spec.
- Priority int
- The rule priority.
- Rulestack string
- The rulestack.
- Source
Pulumi.
Cloud Ngfw Aws. Inputs. Security Rule Source - The source spec.
- Audit
Comment string - The audit comment.
- Decryption
Rule stringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - Description string
- The description.
- Enabled bool
- Set to false to disable this rule. Defaults to
true. - Logging bool
- Enable logging at end. Defaults to
true. - Name string
- The name.
- Negate
Destination bool - Negate the destination definition.
- Negate
Source bool - Negate the source definition.
- Prot
Port List<string>Lists - Protocol port list.
- Protocol string
- The protocol.
- Rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - Scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - Dictionary<string, string>
- The tags.
- Action string
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - Applications []string
- The list of applications.
- Category
Security
Rule Category Args - The category spec.
- Destination
Security
Rule Destination Args - The destination spec.
- Priority int
- The rule priority.
- Rulestack string
- The rulestack.
- Source
Security
Rule Source Args - The source spec.
- Audit
Comment string - The audit comment.
- Decryption
Rule stringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - Description string
- The description.
- Enabled bool
- Set to false to disable this rule. Defaults to
true. - Logging bool
- Enable logging at end. Defaults to
true. - Name string
- The name.
- Negate
Destination bool - Negate the destination definition.
- Negate
Source bool - Negate the source definition.
- Prot
Port []stringLists - Protocol port list.
- Protocol string
- The protocol.
- Rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - Scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - map[string]string
- The tags.
- action String
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications List<String>
- The list of applications.
- category
Security
Rule Category - The category spec.
- destination
Security
Rule Destination - The destination spec.
- priority Integer
- The rule priority.
- rulestack String
- The rulestack.
- source
Security
Rule Source - The source spec.
- audit
Comment String - The audit comment.
- decryption
Rule StringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description String
- The description.
- enabled Boolean
- Set to false to disable this rule. Defaults to
true. - logging Boolean
- Enable logging at end. Defaults to
true. - name String
- The name.
- negate
Destination Boolean - Negate the destination definition.
- negate
Source Boolean - Negate the source definition.
- prot
Port List<String>Lists - Protocol port list.
- protocol String
- The protocol.
- rule
List String - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope String
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - Map<String,String>
- The tags.
- action string
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications string[]
- The list of applications.
- category
Security
Rule Category - The category spec.
- destination
Security
Rule Destination - The destination spec.
- priority number
- The rule priority.
- rulestack string
- The rulestack.
- source
Security
Rule Source - The source spec.
- audit
Comment string - The audit comment.
- decryption
Rule stringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description string
- The description.
- enabled boolean
- Set to false to disable this rule. Defaults to
true. - logging boolean
- Enable logging at end. Defaults to
true. - name string
- The name.
- negate
Destination boolean - Negate the destination definition.
- negate
Source boolean - Negate the source definition.
- prot
Port string[]Lists - Protocol port list.
- protocol string
- The protocol.
- rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - {[key: string]: string}
- The tags.
- action str
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications Sequence[str]
- The list of applications.
- category
Security
Rule Category Args - The category spec.
- destination
Security
Rule Destination Args - The destination spec.
- priority int
- The rule priority.
- rulestack str
- The rulestack.
- source
Security
Rule Source Args - The source spec.
- audit_
comment str - The audit comment.
- decryption_
rule_ strtype - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description str
- The description.
- enabled bool
- Set to false to disable this rule. Defaults to
true. - logging bool
- Enable logging at end. Defaults to
true. - name str
- The name.
- negate_
destination bool - Negate the destination definition.
- negate_
source bool - Negate the source definition.
- prot_
port_ Sequence[str]lists - Protocol port list.
- protocol str
- The protocol.
- rule_
list str - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope str
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - Mapping[str, str]
- The tags.
- action String
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications List<String>
- The list of applications.
- category Property Map
- The category spec.
- destination Property Map
- The destination spec.
- priority Number
- The rule priority.
- rulestack String
- The rulestack.
- source Property Map
- The source spec.
- audit
Comment String - The audit comment.
- decryption
Rule StringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description String
- The description.
- enabled Boolean
- Set to false to disable this rule. Defaults to
true. - logging Boolean
- Enable logging at end. Defaults to
true. - name String
- The name.
- negate
Destination Boolean - Negate the destination definition.
- negate
Source Boolean - Negate the source definition.
- prot
Port List<String>Lists - Protocol port list.
- protocol String
- The protocol.
- rule
List String - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope String
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - Map<String>
- The tags.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecurityRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Update
Token string - The update token.
- Id string
- The provider-assigned unique ID for this managed resource.
- Update
Token string - The update token.
- id String
- The provider-assigned unique ID for this managed resource.
- update
Token String - The update token.
- id string
- The provider-assigned unique ID for this managed resource.
- update
Token string - The update token.
- id str
- The provider-assigned unique ID for this managed resource.
- update_
token str - The update token.
- id String
- The provider-assigned unique ID for this managed resource.
- update
Token String - The update token.
Look up Existing SecurityRule Resource
Get an existing SecurityRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecurityRuleState, opts?: CustomResourceOptions): SecurityRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
applications: Optional[Sequence[str]] = None,
audit_comment: Optional[str] = None,
category: Optional[SecurityRuleCategoryArgs] = None,
decryption_rule_type: Optional[str] = None,
description: Optional[str] = None,
destination: Optional[SecurityRuleDestinationArgs] = None,
enabled: Optional[bool] = None,
logging: Optional[bool] = None,
name: Optional[str] = None,
negate_destination: Optional[bool] = None,
negate_source: Optional[bool] = None,
priority: Optional[int] = None,
prot_port_lists: Optional[Sequence[str]] = None,
protocol: Optional[str] = None,
rule_list: Optional[str] = None,
rulestack: Optional[str] = None,
scope: Optional[str] = None,
source: Optional[SecurityRuleSourceArgs] = None,
tags: Optional[Mapping[str, str]] = None,
update_token: Optional[str] = None) -> SecurityRulefunc GetSecurityRule(ctx *Context, name string, id IDInput, state *SecurityRuleState, opts ...ResourceOption) (*SecurityRule, error)public static SecurityRule Get(string name, Input<string> id, SecurityRuleState? state, CustomResourceOptions? opts = null)public static SecurityRule get(String name, Output<String> id, SecurityRuleState state, CustomResourceOptions options)resources: _: type: cloudngfwaws:SecurityRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - Applications List<string>
- The list of applications.
- Audit
Comment string - The audit comment.
- Category
Pulumi.
Cloud Ngfw Aws. Inputs. Security Rule Category - The category spec.
- Decryption
Rule stringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - Description string
- The description.
- Destination
Pulumi.
Cloud Ngfw Aws. Inputs. Security Rule Destination - The destination spec.
- Enabled bool
- Set to false to disable this rule. Defaults to
true. - Logging bool
- Enable logging at end. Defaults to
true. - Name string
- The name.
- Negate
Destination bool - Negate the destination definition.
- Negate
Source bool - Negate the source definition.
- Priority int
- The rule priority.
- Prot
Port List<string>Lists - Protocol port list.
- Protocol string
- The protocol.
- Rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - Rulestack string
- The rulestack.
- Scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - Source
Pulumi.
Cloud Ngfw Aws. Inputs. Security Rule Source - The source spec.
- Dictionary<string, string>
- The tags.
- Update
Token string - The update token.
- Action string
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - Applications []string
- The list of applications.
- Audit
Comment string - The audit comment.
- Category
Security
Rule Category Args - The category spec.
- Decryption
Rule stringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - Description string
- The description.
- Destination
Security
Rule Destination Args - The destination spec.
- Enabled bool
- Set to false to disable this rule. Defaults to
true. - Logging bool
- Enable logging at end. Defaults to
true. - Name string
- The name.
- Negate
Destination bool - Negate the destination definition.
- Negate
Source bool - Negate the source definition.
- Priority int
- The rule priority.
- Prot
Port []stringLists - Protocol port list.
- Protocol string
- The protocol.
- Rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - Rulestack string
- The rulestack.
- Scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - Source
Security
Rule Source Args - The source spec.
- map[string]string
- The tags.
- Update
Token string - The update token.
- action String
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications List<String>
- The list of applications.
- audit
Comment String - The audit comment.
- category
Security
Rule Category - The category spec.
- decryption
Rule StringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description String
- The description.
- destination
Security
Rule Destination - The destination spec.
- enabled Boolean
- Set to false to disable this rule. Defaults to
true. - logging Boolean
- Enable logging at end. Defaults to
true. - name String
- The name.
- negate
Destination Boolean - Negate the destination definition.
- negate
Source Boolean - Negate the source definition.
- priority Integer
- The rule priority.
- prot
Port List<String>Lists - Protocol port list.
- protocol String
- The protocol.
- rule
List String - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - rulestack String
- The rulestack.
- scope String
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - source
Security
Rule Source - The source spec.
- Map<String,String>
- The tags.
- update
Token String - The update token.
- action string
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications string[]
- The list of applications.
- audit
Comment string - The audit comment.
- category
Security
Rule Category - The category spec.
- decryption
Rule stringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description string
- The description.
- destination
Security
Rule Destination - The destination spec.
- enabled boolean
- Set to false to disable this rule. Defaults to
true. - logging boolean
- Enable logging at end. Defaults to
true. - name string
- The name.
- negate
Destination boolean - Negate the destination definition.
- negate
Source boolean - Negate the source definition.
- priority number
- The rule priority.
- prot
Port string[]Lists - Protocol port list.
- protocol string
- The protocol.
- rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - rulestack string
- The rulestack.
- scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - source
Security
Rule Source - The source spec.
- {[key: string]: string}
- The tags.
- update
Token string - The update token.
- action str
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications Sequence[str]
- The list of applications.
- audit_
comment str - The audit comment.
- category
Security
Rule Category Args - The category spec.
- decryption_
rule_ strtype - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description str
- The description.
- destination
Security
Rule Destination Args - The destination spec.
- enabled bool
- Set to false to disable this rule. Defaults to
true. - logging bool
- Enable logging at end. Defaults to
true. - name str
- The name.
- negate_
destination bool - Negate the destination definition.
- negate_
source bool - Negate the source definition.
- priority int
- The rule priority.
- prot_
port_ Sequence[str]lists - Protocol port list.
- protocol str
- The protocol.
- rule_
list str - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - rulestack str
- The rulestack.
- scope str
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - source
Security
Rule Source Args - The source spec.
- Mapping[str, str]
- The tags.
- update_
token str - The update token.
- action String
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications List<String>
- The list of applications.
- audit
Comment String - The audit comment.
- category Property Map
- The category spec.
- decryption
Rule StringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description String
- The description.
- destination Property Map
- The destination spec.
- enabled Boolean
- Set to false to disable this rule. Defaults to
true. - logging Boolean
- Enable logging at end. Defaults to
true. - name String
- The name.
- negate
Destination Boolean - Negate the destination definition.
- negate
Source Boolean - Negate the source definition.
- priority Number
- The rule priority.
- prot
Port List<String>Lists - Protocol port list.
- protocol String
- The protocol.
- rule
List String - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - rulestack String
- The rulestack.
- scope String
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal. - source Property Map
- The source spec.
- Map<String>
- The tags.
- update
Token String - The update token.
Supporting Types
SecurityRuleCategory, SecurityRuleCategoryArgs
- Feeds List<string>
- List of feeds.
- Url
Category List<string>Names - List of URL category names.
- Feeds []string
- List of feeds.
- Url
Category []stringNames - List of URL category names.
- feeds List<String>
- List of feeds.
- url
Category List<String>Names - List of URL category names.
- feeds string[]
- List of feeds.
- url
Category string[]Names - List of URL category names.
- feeds Sequence[str]
- List of feeds.
- url_
category_ Sequence[str]names - List of URL category names.
- feeds List<String>
- List of feeds.
- url
Category List<String>Names - List of URL category names.
SecurityRuleDestination, SecurityRuleDestinationArgs
- Cidrs List<string>
- List of CIDRs.
- Countries List<string>
- List of countries.
- Feeds List<string>
- List of feeds.
- Fqdn
Lists List<string> - List of FQDN lists.
- Prefix
Lists List<string> - List of prefix list.
- Cidrs []string
- List of CIDRs.
- Countries []string
- List of countries.
- Feeds []string
- List of feeds.
- Fqdn
Lists []string - List of FQDN lists.
- Prefix
Lists []string - List of prefix list.
- cidrs List<String>
- List of CIDRs.
- countries List<String>
- List of countries.
- feeds List<String>
- List of feeds.
- fqdn
Lists List<String> - List of FQDN lists.
- prefix
Lists List<String> - List of prefix list.
- cidrs string[]
- List of CIDRs.
- countries string[]
- List of countries.
- feeds string[]
- List of feeds.
- fqdn
Lists string[] - List of FQDN lists.
- prefix
Lists string[] - List of prefix list.
- cidrs Sequence[str]
- List of CIDRs.
- countries Sequence[str]
- List of countries.
- feeds Sequence[str]
- List of feeds.
- fqdn_
lists Sequence[str] - List of FQDN lists.
- prefix_
lists Sequence[str] - List of prefix list.
- cidrs List<String>
- List of CIDRs.
- countries List<String>
- List of countries.
- feeds List<String>
- List of feeds.
- fqdn
Lists List<String> - List of FQDN lists.
- prefix
Lists List<String> - List of prefix list.
SecurityRuleSource, SecurityRuleSourceArgs
- Cidrs List<string>
- List of CIDRs.
- Countries List<string>
- List of countries.
- Feeds List<string>
- List of feeds.
- Prefix
Lists List<string> - List of prefix list.
- Cidrs []string
- List of CIDRs.
- Countries []string
- List of countries.
- Feeds []string
- List of feeds.
- Prefix
Lists []string - List of prefix list.
- cidrs List<String>
- List of CIDRs.
- countries List<String>
- List of countries.
- feeds List<String>
- List of feeds.
- prefix
Lists List<String> - List of prefix list.
- cidrs string[]
- List of CIDRs.
- countries string[]
- List of countries.
- feeds string[]
- List of feeds.
- prefix
Lists string[] - List of prefix list.
- cidrs Sequence[str]
- List of CIDRs.
- countries Sequence[str]
- List of countries.
- feeds Sequence[str]
- List of feeds.
- prefix_
lists Sequence[str] - List of prefix list.
- cidrs List<String>
- List of CIDRs.
- countries List<String>
- List of countries.
- feeds List<String>
- List of feeds.
- prefix
Lists List<String> - List of prefix list.
Import
import name is
$ pulumi import cloudngfwaws:index/securityRule:SecurityRule example Local:terraform-rulestack:LocalRule:3
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- cloudngfwaws pulumi/pulumi-cloudngfwaws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudngfwawsTerraform Provider.
Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi