Firewall

Provides a DigitalOcean Cloud Firewall resource. This can be used to create, modify, and delete Firewalls.

Create a Firewall Resource

new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);

def Firewall(resource_name, opts=None, droplet_ids=None, inbound_rules=None, name=None, outbound_rules=None, tags=None, __props__=None);

func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)

public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args FirewallArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Firewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Firewall resource accepts the following input properties:

DropletIds List<int>: The list of the IDs of the Droplets assigned to the Firewall.
InboundRules List<Pulumi.DigitalOcean.Inputs.FirewallInboundRuleArgs>: The inbound access rule block for the Firewall. The inbound_rule block is documented below.
Name string: The Firewall name
OutboundRules List<Pulumi.DigitalOcean.Inputs.FirewallOutboundRuleArgs>: The outbound access rule block for the Firewall. The outbound_rule block is documented below.
Tags List<string>: The names of the Tags assigned to the Firewall.

DropletIds []int: The list of the IDs of the Droplets assigned to the Firewall.
InboundRules []FirewallInboundRule: The inbound access rule block for the Firewall. The inbound_rule block is documented below.
Name string: The Firewall name
OutboundRules []FirewallOutboundRule: The outbound access rule block for the Firewall. The outbound_rule block is documented below.
Tags []string: The names of the Tags assigned to the Firewall.

dropletIds number[]: The list of the IDs of the Droplets assigned to the Firewall.
inboundRules FirewallInboundRule[]: The inbound access rule block for the Firewall. The inbound_rule block is documented below.
name string: The Firewall name
outboundRules FirewallOutboundRule[]: The outbound access rule block for the Firewall. The outbound_rule block is documented below.
tags string[]: The names of the Tags assigned to the Firewall.

droplet_ids List[Integer]: The list of the IDs of the Droplets assigned to the Firewall.
inbound_rules List[FirewallInboundRule]: The inbound access rule block for the Firewall. The inbound_rule block is documented below.
name str: The Firewall name
outbound_rules List[FirewallOutboundRule]: The outbound access rule block for the Firewall. The outbound_rule block is documented below.
tags List[str]: The names of the Tags assigned to the Firewall.

Outputs

All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

CreatedAt string: A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
Id string: The provider-assigned unique ID for this managed resource.
PendingChanges List<Pulumi.DigitalOcean.Outputs.FirewallPendingChange>: An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
Status string: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.

CreatedAt string: A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
Id string: The provider-assigned unique ID for this managed resource.
PendingChanges []FirewallPendingChange: An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
Status string: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.

createdAt string: A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
id string: The provider-assigned unique ID for this managed resource.
pendingChanges FirewallPendingChange[]: An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
status string: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.

created_at str: A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
id str: The provider-assigned unique ID for this managed resource.
pending_changes List[FirewallPendingChange]: An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
status str: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.

Look up an Existing Firewall Resource

Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall

static get(resource_name, id, opts=None, created_at=None, droplet_ids=None, inbound_rules=None, name=None, outbound_rules=None, pending_changes=None, status=None, tags=None, __props__=None);

func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)

public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CreatedAt string: A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
DropletIds List<int>: The list of the IDs of the Droplets assigned to the Firewall.
InboundRules List<Pulumi.DigitalOcean.Inputs.FirewallInboundRuleArgs>: The inbound access rule block for the Firewall. The inbound_rule block is documented below.
Name string: The Firewall name
OutboundRules List<Pulumi.DigitalOcean.Inputs.FirewallOutboundRuleArgs>: The outbound access rule block for the Firewall. The outbound_rule block is documented below.
PendingChanges List<Pulumi.DigitalOcean.Inputs.FirewallPendingChangeArgs>: An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
Status string: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
Tags List<string>: The names of the Tags assigned to the Firewall.

CreatedAt string: A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
DropletIds []int: The list of the IDs of the Droplets assigned to the Firewall.
InboundRules []FirewallInboundRule: The inbound access rule block for the Firewall. The inbound_rule block is documented below.
Name string: The Firewall name
OutboundRules []FirewallOutboundRule: The outbound access rule block for the Firewall. The outbound_rule block is documented below.
PendingChanges []FirewallPendingChange: An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
Status string: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
Tags []string: The names of the Tags assigned to the Firewall.

createdAt string: A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
dropletIds number[]: The list of the IDs of the Droplets assigned to the Firewall.
inboundRules FirewallInboundRule[]: The inbound access rule block for the Firewall. The inbound_rule block is documented below.
name string: The Firewall name
outboundRules FirewallOutboundRule[]: The outbound access rule block for the Firewall. The outbound_rule block is documented below.
pendingChanges FirewallPendingChange[]: An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
status string: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
tags string[]: The names of the Tags assigned to the Firewall.

created_at str: A time value given in ISO8601 combined date and time format that represents when the Firewall was created.
droplet_ids List[Integer]: The list of the IDs of the Droplets assigned to the Firewall.
inbound_rules List[FirewallInboundRule]: The inbound access rule block for the Firewall. The inbound_rule block is documented below.
name str: The Firewall name
outbound_rules List[FirewallOutboundRule]: The outbound access rule block for the Firewall. The outbound_rule block is documented below.
pending_changes List[FirewallPendingChange]: An list of object containing the fields, “droplet_id”, “removing”, and “status”. It is provided to detail exactly which Droplets are having their security policies updated. When empty, all changes have been successfully applied.
status str: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.
tags List[str]: The names of the Tags assigned to the Firewall.

Supporting Types

FirewallInboundRule

See the input and output API doc for this type.

Protocol string: The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
PortRange string: The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
SourceAddresses List<string>: An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
SourceDropletIds List<int>: An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
SourceLoadBalancerUids List<string>: An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
SourceTags List<string>: An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

Protocol string: The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
PortRange string: The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
SourceAddresses []string: An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
SourceDropletIds []int: An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
SourceLoadBalancerUids []string: An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
SourceTags []string: An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

protocol string: The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
portRange string: The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
sourceAddresses string[]: An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
sourceDropletIds number[]: An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
sourceLoadBalancerUids string[]: An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
sourceTags string[]: An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

protocol str: The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
portRange str: The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.
sourceAddresses List[str]: An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which the inbound traffic will be accepted.
sourceDropletIds List[Integer]: An array containing the IDs of the Droplets from which the inbound traffic will be accepted.
sourceLoadBalancerUids List[str]: An array containing the IDs of the Load Balancers from which the inbound traffic will be accepted.
sourceTags List[str]: An array containing the names of Tags corresponding to groups of Droplets from which the inbound traffic will be accepted.

FirewallOutboundRule

See the input and output API doc for this type.

Protocol string: The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
DestinationAddresses List<string>: An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
DestinationDropletIds List<int>: An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
DestinationLoadBalancerUids List<string>: An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
DestinationTags List<string>: An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed. traffic.
PortRange string: The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.

Protocol string: The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
DestinationAddresses []string: An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
DestinationDropletIds []int: An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
DestinationLoadBalancerUids []string: An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
DestinationTags []string: An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed. traffic.
PortRange string: The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.

protocol string: The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
destinationAddresses string[]: An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
destinationDropletIds number[]: An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
destinationLoadBalancerUids string[]: An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
destinationTags string[]: An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed. traffic.
portRange string: The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.

protocol str: The type of traffic to be allowed. This may be one of “tcp”, “udp”, or “icmp”.
destinationAddresses List[str]: An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs to which the outbound traffic will be allowed.
destinationDropletIds List[Integer]: An array containing the IDs of the Droplets to which the outbound traffic will be allowed.
destinationLoadBalancerUids List[str]: An array containing the IDs of the Load Balancers to which the outbound traffic will be allowed.
destinationTags List[str]: An array containing the names of Tags corresponding to groups of Droplets to which the outbound traffic will be allowed. traffic.
portRange str: The ports on which traffic will be allowed specified as a string containing a single port, a range (e.g. “8000-9000”), or “1-65535” to open all ports for a protocol. Required for when protocol is tcp or udp.

FirewallPendingChange

See the output API doc for this type.

DropletId int
Removing bool
Status string: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.

DropletId int
Removing bool
Status string: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.

dropletId number
removing boolean
status string: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.

droplet_id float
removing bool
status str: A status string indicating the current state of the Firewall. This can be “waiting”, “succeeded”, or “failed”.

Package Details

Repository: https://github.com/pulumi/pulumi-digitalocean
License: Apache-2.0
Notes: This Pulumi package is based on the digitalocean Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud