google_compute_firewall_policy_rule

The Compute FirewallPolicyRule resource

Example Usage - basic_fir_sec_rule

resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
  name        = "policy"
  parent      = "organizations/123456789"
  description = "Sample global networksecurity_address_group"
  location    = "global"
  items       = ["208.80.154.224/32"]
  type        = "IPV4"
  capacity    = 100
}

resource "google_folder" "folder" {
  display_name = "policy"
  parent       = "organizations/123456789"
}

resource "google_compute_firewall_policy" "default" {
  parent      = google_folder.folder.id
  short_name  = "policy"
  description = "Resource created for Terraform acceptance testing"
}

resource "google_compute_firewall_policy_rule" "primary" {
  firewall_policy = google_compute_firewall_policy.default.name
  description     = "Resource created for Terraform acceptance testing"
  priority        = 9000
  enable_logging  = true
  action          = "allow"
  direction       = "EGRESS"
  disabled        = false
  match {
    layer4_configs {
      ip_protocol = "tcp"
      ports = [8080]
    }
    layer4_configs {
      ip_protocol = "udp"
      ports = [22]
    }
    dest_ip_ranges = ["11.100.0.1/32"]
    dest_fqdns = []
    dest_region_codes = ["US"]
    dest_threat_intelligences = ["iplist-known-malicious-ips"]
    src_address_groups = []
    dest_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
  }
  target_service_accounts = ["my@service-account.com"]
}

Argument Reference

The following arguments are supported:

The match block supports:

The layer4_configs block supports:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

FirewallPolicyRule can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import FirewallPolicyRule using one of the formats above. For example:

import {
  id = "locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}"
  to = google_compute_firewall_policy_rule.default
}

When using the terraform import command, FirewallPolicyRule can be imported using one of the formats above. For example:

$ terraform import google_compute_firewall_policy_rule.default locations/global/firewallPolicies/{{firewall_policy}}/rules/{{priority}}
$ terraform import google_compute_firewall_policy_rule.default {{firewall_policy}}/{{priority}}