public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-09-06 17:16:44 +00:00
Code Issues Projects Releases Wiki Activity
e5d9fe6163
terraform-provider-google/website/docs/r/compute_firewall.html.markdown

3.2 KiB
Raw Blame History

layout page_title sidebar_current description
google Google: google_compute_firewall docs-google-compute-firewall Manages a firewall resource within GCE.

google_compute_firewall

Manages a firewall resource within GCE. For more information see the official documentation and API.

Example Usage

resource "google_compute_firewall" "default" {
  name    = "test-firewall"
  network = "${google_compute_network.other.name}"

  allow {
    protocol = "icmp"
  }

  allow {
    protocol = "tcp"
    ports    = ["80", "8080", "1000-2000"]
  }

  source_tags = ["web"]
}

Argument Reference

The following arguments are supported:

  • name - (Required) A unique name for the resource, required by GCE. Changing this forces a new resource to be created.

  • network - (Required) The name or self_link of the network to attach this firewall to.

  • allow - (Required) Can be specified multiple times for each allow rule. Each allow block supports fields documented below.

  • description - (Optional) Textual description field.

  • project - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used.

  • priority - (Optional) The priority for this firewall. Ranges from 0-65535, inclusive. Defaults to 1000. Firewall resources with lower priority values have higher precedence (e.g. a firewall resource with a priority value of 0 takes effect over all other firewall rules with a non-zero priority).

  • source_ranges - (Optional) A list of source CIDR ranges that this firewall applies to. Can't be used for EGRESS.

  • source_tags - (Optional) A list of source tags for this firewall. Can't be used for EGRESS.

  • target_tags - (Optional) A list of target tags for this firewall.

  • deny - (Optional, Beta) Can be specified multiple times for each deny rule. Each deny block supports fields documented below. Can be specified instead of allow.

  • direction - (Optional, Beta) Direction of traffic to which this firewall applies; One of INGRESS or EGRESS. Defaults to INGRESS.

  • destination_ranges - (Optional, Beta) A list of destination CIDR ranges that this firewall applies to. Can't be used for INGRESS.

The allow block supports:

  • protocol - (Required) The name of the protocol to allow.

  • ports - (Optional) List of ports and/or port ranges to allow. This can only be specified if the protocol is TCP or UDP.

The deny block supports:

  • protocol - (Required) The name of the protocol to allow.

  • ports - (Optional) List of ports and/or port ranges to allow. This can only be specified if the protocol is TCP or UDP.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • self_link - The URI of the created resource.

Import

Firewalls can be imported using the name, e.g.

$ terraform import google_compute_firewall.default test-firewall