opentelekomcloud_fw_firewall_group_v2

Manages a v1 firewall group resource within OpenTelekomCloud.

Example Usage

resource "opentelekomcloud_fw_rule_v2" "rule_1" {
  name             = "my-rule-1"
  description      = "drop TELNET traffic"
  action           = "deny"
  protocol         = "tcp"
  destination_port = "23"
  enabled          = "true"
}

resource "opentelekomcloud_fw_rule_v2" "rule_2" {
  name             = "my-rule-2"
  description      = "drop NTP traffic"
  action           = "deny"
  protocol         = "udp"
  destination_port = "123"
  enabled          = "false"
}

resource "opentelekomcloud_fw_policy_v2" "policy_1" {
  name = "my-policy"

  rules = ["${opentelekomcloud_fw_rule_v2.rule_1.id}",
    "${opentelekomcloud_fw_rule_v2.rule_2.id}",
  ]
}

resource "opentelekomcloud_fw_firewall_group_v2" "firewall_group_1" {
  name      = "my-firewall-group"
  ingress_policy_id = "${opentelekomcloud_fw_policy_v2.policy_1.id}"
}

Argument Reference

The following arguments are supported:

  • region - (Optional) The region in which to obtain the v1 networking client. A networking client is needed to create a firewall group. If omitted, the region argument of the provider is used. Changing this creates a new firewall group.

  • ingress_policy_id - The ingress policy resource id for the firewall group. Changing this updates the ingress_policy_id of an existing firewall group.

  • egress_policy_id - The egress policy resource id for the firewall group. Changing this updates the egress_policy_id of an existing firewall group.

  • name - (Optional) A name for the firewall group. Changing this updates the name of an existing firewall group.

  • description - (Required) A description for the firewall group. Changing this updates the description of an existing firewall group.

  • admin_state_up - (Optional) Administrative up/down status for the firewall group (must be "true" or "false" if provided - defaults to "true"). Changing this updates the admin_state_up of an existing firewall group.

  • tenant_id - (Optional) The owner of the floating IP. Required if admin wants to create a firewall group for another tenant. Changing this creates a new firewall group.

  • ports - (Optional) Port(s) to associate this firewall group instance with. Must be a list of strings. Changing this updates the associated routers of an existing firewall group.

  • value_specs - (Optional) Map of additional options.

Attributes Reference

The following attributes are exported:

  • region - See Argument Reference above.
  • policy_id - See Argument Reference above.
  • name - See Argument Reference above.
  • description - See Argument Reference above.
  • admin_state_up - See Argument Reference above.
  • tenant_id - See Argument Reference above.
  • ports - See Argument Reference above.

Import

Firewall Groups can be imported using the id, e.g.

$ terraform import opentelekomcloud_fw_firewall_group_v2.firewall_group_1 c9e39fb2-ce20-46c8-a964-25f3898c7a97