1. Docs
  2. Reference
  3. API
  4. Azure
  5. waf
  6. Policy

Policy

Manages a Azure Web Application Firewall Policy instance.

Create a Policy Resource

new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);
def Policy(resource_name, opts=None, custom_rules=None, location=None, managed_rules=None, name=None, policy_settings=None, resource_group_name=None, tags=None, __props__=None);
func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)
public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args PolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args PolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args PolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Policy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Policy resource accepts the following input properties:

ManagedRules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

CustomRules List<PolicyCustomRuleArgs>

One or more custom_rules blocks as defined below.

Location string

Resource location. Changing this forces a new resource to be created.

Name string

The name of the policy. Changing this forces a new resource to be created.

PolicySettings PolicyPolicySettingsArgs

A policy_settings block as defined below.

Tags Dictionary<string, string>

A mapping of tags to assign to the Web Application Firewall Policy.

ManagedRules PolicyManagedRules

A managed_rules blocks as defined below.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

CustomRules []PolicyCustomRule

One or more custom_rules blocks as defined below.

Location string

Resource location. Changing this forces a new resource to be created.

Name string

The name of the policy. Changing this forces a new resource to be created.

PolicySettings PolicyPolicySettings

A policy_settings block as defined below.

Tags map[string]string

A mapping of tags to assign to the Web Application Firewall Policy.

managedRules PolicyManagedRules

A managed_rules blocks as defined below.

resourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

customRules PolicyCustomRule[]

One or more custom_rules blocks as defined below.

location string

Resource location. Changing this forces a new resource to be created.

name string

The name of the policy. Changing this forces a new resource to be created.

policySettings PolicyPolicySettings

A policy_settings block as defined below.

tags {[key: string]: string}

A mapping of tags to assign to the Web Application Firewall Policy.

managed_rules Dict[PolicyManagedRules]

A managed_rules blocks as defined below.

resource_group_name str

The name of the resource group. Changing this forces a new resource to be created.

custom_rules List[PolicyCustomRule]

One or more custom_rules blocks as defined below.

location str

Resource location. Changing this forces a new resource to be created.

name str

The name of the policy. Changing this forces a new resource to be created.

policy_settings Dict[PolicyPolicySettings]

A policy_settings block as defined below.

tags Dict[str, str]

A mapping of tags to assign to the Web Application Firewall Policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing Policy Resource

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy
static get(resource_name, id, opts=None, custom_rules=None, location=None, managed_rules=None, name=None, policy_settings=None, resource_group_name=None, tags=None, __props__=None);
func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)
public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

CustomRules List<PolicyCustomRuleArgs>

One or more custom_rules blocks as defined below.

Location string

Resource location. Changing this forces a new resource to be created.

ManagedRules PolicyManagedRulesArgs

A managed_rules blocks as defined below.

Name string

The name of the policy. Changing this forces a new resource to be created.

PolicySettings PolicyPolicySettingsArgs

A policy_settings block as defined below.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

Tags Dictionary<string, string>

A mapping of tags to assign to the Web Application Firewall Policy.

CustomRules []PolicyCustomRule

One or more custom_rules blocks as defined below.

Location string

Resource location. Changing this forces a new resource to be created.

ManagedRules PolicyManagedRules

A managed_rules blocks as defined below.

Name string

The name of the policy. Changing this forces a new resource to be created.

PolicySettings PolicyPolicySettings

A policy_settings block as defined below.

ResourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

Tags map[string]string

A mapping of tags to assign to the Web Application Firewall Policy.

customRules PolicyCustomRule[]

One or more custom_rules blocks as defined below.

location string

Resource location. Changing this forces a new resource to be created.

managedRules PolicyManagedRules

A managed_rules blocks as defined below.

name string

The name of the policy. Changing this forces a new resource to be created.

policySettings PolicyPolicySettings

A policy_settings block as defined below.

resourceGroupName string

The name of the resource group. Changing this forces a new resource to be created.

tags {[key: string]: string}

A mapping of tags to assign to the Web Application Firewall Policy.

custom_rules List[PolicyCustomRule]

One or more custom_rules blocks as defined below.

location str

Resource location. Changing this forces a new resource to be created.

managed_rules Dict[PolicyManagedRules]

A managed_rules blocks as defined below.

name str

The name of the policy. Changing this forces a new resource to be created.

policy_settings Dict[PolicyPolicySettings]

A policy_settings block as defined below.

resource_group_name str

The name of the resource group. Changing this forces a new resource to be created.

tags Dict[str, str]

A mapping of tags to assign to the Web Application Firewall Policy.

Supporting Types

PolicyCustomRule

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Action string

Type of action.

MatchConditions List<PolicyCustomRuleMatchConditionArgs>

One or more match_conditions blocks as defined below.

Priority int

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

RuleType string

Describes the type of rule.

Name string

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

Action string

Type of action.

MatchConditions []PolicyCustomRuleMatchCondition

One or more match_conditions blocks as defined below.

Priority int

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

RuleType string

Describes the type of rule.

Name string

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

action string

Type of action.

matchConditions PolicyCustomRuleMatchCondition[]

One or more match_conditions blocks as defined below.

priority number

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

ruleType string

Describes the type of rule.

name string

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

action str

Type of action.

matchConditions List[PolicyCustomRuleMatchCondition]

One or more match_conditions blocks as defined below.

priority float

Describes priority of the rule. Rules with a lower value will be evaluated before rules with a higher value.

ruleType str

Describes the type of rule.

name str

Gets name of the resource that is unique within a policy. This name can be used to access the resource.

PolicyCustomRuleMatchCondition

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

MatchValues List<string>

A list of match values.

MatchVariables List<PolicyCustomRuleMatchConditionMatchVariableArgs>

One or more match_variables blocks as defined below.

Operator string

Describes operator to be matched.

NegationCondition bool

Describes if this is negate condition or not

MatchValues []string

A list of match values.

MatchVariables []PolicyCustomRuleMatchConditionMatchVariable

One or more match_variables blocks as defined below.

Operator string

Describes operator to be matched.

NegationCondition bool

Describes if this is negate condition or not

matchValues string[]

A list of match values.

matchVariables PolicyCustomRuleMatchConditionMatchVariable[]

One or more match_variables blocks as defined below.

operator string

Describes operator to be matched.

negationCondition boolean

Describes if this is negate condition or not

matchValues List[str]

A list of match values.

matchVariables List[PolicyCustomRuleMatchConditionMatchVariable]

One or more match_variables blocks as defined below.

operator str

Describes operator to be matched.

negationCondition bool

Describes if this is negate condition or not

PolicyCustomRuleMatchConditionMatchVariable

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

VariableName string

The name of the Match Variable

Selector string

Describes field of the matchVariable collection

VariableName string

The name of the Match Variable

Selector string

Describes field of the matchVariable collection

variableName string

The name of the Match Variable

selector string

Describes field of the matchVariable collection

variableName str

The name of the Match Variable

selector str

Describes field of the matchVariable collection

PolicyManagedRules

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

ManagedRuleSets List<PolicyManagedRulesManagedRuleSetArgs>

One or more managed_rule_set block defined below.

Exclusions List<PolicyManagedRulesExclusionArgs>

One or more exclusion block defined below.

ManagedRuleSets []PolicyManagedRulesManagedRuleSet

One or more managed_rule_set block defined below.

Exclusions []PolicyManagedRulesExclusion

One or more exclusion block defined below.

managedRuleSets PolicyManagedRulesManagedRuleSet[]

One or more managed_rule_set block defined below.

exclusions PolicyManagedRulesExclusion[]

One or more exclusion block defined below.

managedRuleSets List[PolicyManagedRulesManagedRuleSet]

One or more managed_rule_set block defined below.

exclusions List[PolicyManagedRulesExclusion]

One or more exclusion block defined below.

PolicyManagedRulesExclusion

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

MatchVariable string
Selector string

Describes field of the matchVariable collection.

SelectorMatchOperator string

Describes operator to be matched. Possible values: Contains, EndsWith, Equals, EqualsAny, StartsWith.

MatchVariable string
Selector string

Describes field of the matchVariable collection.

SelectorMatchOperator string

Describes operator to be matched. Possible values: Contains, EndsWith, Equals, EqualsAny, StartsWith.

matchVariable string
selector string

Describes field of the matchVariable collection.

selectorMatchOperator string

Describes operator to be matched. Possible values: Contains, EndsWith, Equals, EqualsAny, StartsWith.

matchVariable str
selector str

Describes field of the matchVariable collection.

selectorMatchOperator str

Describes operator to be matched. Possible values: Contains, EndsWith, Equals, EqualsAny, StartsWith.

PolicyManagedRulesManagedRuleSet

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Version string

The rule set version.

RuleGroupOverrides List<PolicyManagedRulesManagedRuleSetRuleGroupOverrideArgs>

One or more rule_group_override block defined below.

Type string

The rule set type.

Version string

The rule set version.

RuleGroupOverrides []PolicyManagedRulesManagedRuleSetRuleGroupOverride

One or more rule_group_override block defined below.

Type string

The rule set type.

version string

The rule set version.

ruleGroupOverrides PolicyManagedRulesManagedRuleSetRuleGroupOverride[]

One or more rule_group_override block defined below.

type string

The rule set type.

version str

The rule set version.

ruleGroupOverrides List[PolicyManagedRulesManagedRuleSetRuleGroupOverride]

One or more rule_group_override block defined below.

type str

The rule set type.

PolicyManagedRulesManagedRuleSetRuleGroupOverride

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

DisabledRules List<string>

One or more Rule ID’s

RuleGroupName string

The name of the Rule Group

DisabledRules []string

One or more Rule ID’s

RuleGroupName string

The name of the Rule Group

disabledRules string[]

One or more Rule ID’s

ruleGroupName string

The name of the Rule Group

disabledRules List[str]

One or more Rule ID’s

ruleGroupName str

The name of the Rule Group

PolicyPolicySettings

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Enabled bool

Describes if the policy is in enabled state or disabled state Defaults to Enabled.

Mode string

Describes if it is in detection mode or prevention mode at the policy level Defaults to Prevention.

Enabled bool

Describes if the policy is in enabled state or disabled state Defaults to Enabled.

Mode string

Describes if it is in detection mode or prevention mode at the policy level Defaults to Prevention.

enabled boolean

Describes if the policy is in enabled state or disabled state Defaults to Enabled.

mode string

Describes if it is in detection mode or prevention mode at the policy level Defaults to Prevention.

enabled bool

Describes if the policy is in enabled state or disabled state Defaults to Enabled.

mode str

Describes if it is in detection mode or prevention mode at the policy level Defaults to Prevention.

Package Details

Repository
https://github.com/pulumi/pulumi-azure
License
Apache-2.0
Notes
This Pulumi package is based on the azurerm Terraform Provider.