Docs Home
ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud
ibm.CisFirewall
Explore with Pulumi AI
Create, update, or delete a firewall for a domain that you included in your IBM Cloud Internet Services instance and a CIS domain resource. For more information, about CIS firewall resource, see using fields, functions, and expressions.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
// Add a firewall to the domain
const lockdown = new ibm.CisFirewall("lockdown", {
cisId: ibm_cis.instance.id,
domainId: ibm_cis_domain.example.id,
firewallType: "lockdowns",
lockdown: {
paused: false,
description: "test",
urls: ["www.cis-terraform.com"],
configurations: [{
target: "ip",
value: "127.0.0.2",
}],
priority: 1,
},
});
const accessRules = new ibm.CisFirewall("accessRules", {
cisId: ibm_cis.instance.id,
domainId: ibm_cis_domain.example.id,
firewallType: "access_rules",
accessRule: {
mode: "block",
notes: "access rule notes",
configuration: {
target: "asn",
value: "AS12346",
},
},
});
const uaRules = new ibm.CisFirewall("uaRules", {
cisId: ibm_cis.instance.id,
domainId: ibm_cis_domain.example.id,
firewallType: "ua_rules",
uaRule: {
mode: "challenge",
configuration: {
target: "ua",
value: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4",
},
},
});
import pulumi
import pulumi_ibm as ibm
# Add a firewall to the domain
lockdown = ibm.CisFirewall("lockdown",
cis_id=ibm_cis["instance"]["id"],
domain_id=ibm_cis_domain["example"]["id"],
firewall_type="lockdowns",
lockdown={
"paused": False,
"description": "test",
"urls": ["www.cis-terraform.com"],
"configurations": [{
"target": "ip",
"value": "127.0.0.2",
}],
"priority": 1,
})
access_rules = ibm.CisFirewall("accessRules",
cis_id=ibm_cis["instance"]["id"],
domain_id=ibm_cis_domain["example"]["id"],
firewall_type="access_rules",
access_rule={
"mode": "block",
"notes": "access rule notes",
"configuration": {
"target": "asn",
"value": "AS12346",
},
})
ua_rules = ibm.CisFirewall("uaRules",
cis_id=ibm_cis["instance"]["id"],
domain_id=ibm_cis_domain["example"]["id"],
firewall_type="ua_rules",
ua_rule={
"mode": "challenge",
"configuration": {
"target": "ua",
"value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4",
},
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Add a firewall to the domain
_, err := ibm.NewCisFirewall(ctx, "lockdown", &ibm.CisFirewallArgs{
CisId: pulumi.Any(ibm_cis.Instance.Id),
DomainId: pulumi.Any(ibm_cis_domain.Example.Id),
FirewallType: pulumi.String("lockdowns"),
Lockdown: &ibm.CisFirewallLockdownArgs{
Paused: pulumi.Bool(false),
Description: pulumi.String("test"),
Urls: pulumi.StringArray{
pulumi.String("www.cis-terraform.com"),
},
Configurations: ibm.CisFirewallLockdownConfigurationArray{
&ibm.CisFirewallLockdownConfigurationArgs{
Target: pulumi.String("ip"),
Value: pulumi.String("127.0.0.2"),
},
},
Priority: pulumi.Float64(1),
},
})
if err != nil {
return err
}
_, err = ibm.NewCisFirewall(ctx, "accessRules", &ibm.CisFirewallArgs{
CisId: pulumi.Any(ibm_cis.Instance.Id),
DomainId: pulumi.Any(ibm_cis_domain.Example.Id),
FirewallType: pulumi.String("access_rules"),
AccessRule: &ibm.CisFirewallAccessRuleArgs{
Mode: pulumi.String("block"),
Notes: pulumi.String("access rule notes"),
Configuration: &ibm.CisFirewallAccessRuleConfigurationArgs{
Target: pulumi.String("asn"),
Value: pulumi.String("AS12346"),
},
},
})
if err != nil {
return err
}
_, err = ibm.NewCisFirewall(ctx, "uaRules", &ibm.CisFirewallArgs{
CisId: pulumi.Any(ibm_cis.Instance.Id),
DomainId: pulumi.Any(ibm_cis_domain.Example.Id),
FirewallType: pulumi.String("ua_rules"),
UaRule: &ibm.CisFirewallUaRuleArgs{
Mode: pulumi.String("challenge"),
Configuration: &ibm.CisFirewallUaRuleConfigurationArgs{
Target: pulumi.String("ua"),
Value: pulumi.String("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
// Add a firewall to the domain
var lockdown = new Ibm.CisFirewall("lockdown", new()
{
CisId = ibm_cis.Instance.Id,
DomainId = ibm_cis_domain.Example.Id,
FirewallType = "lockdowns",
Lockdown = new Ibm.Inputs.CisFirewallLockdownArgs
{
Paused = false,
Description = "test",
Urls = new[]
{
"www.cis-terraform.com",
},
Configurations = new[]
{
new Ibm.Inputs.CisFirewallLockdownConfigurationArgs
{
Target = "ip",
Value = "127.0.0.2",
},
},
Priority = 1,
},
});
var accessRules = new Ibm.CisFirewall("accessRules", new()
{
CisId = ibm_cis.Instance.Id,
DomainId = ibm_cis_domain.Example.Id,
FirewallType = "access_rules",
AccessRule = new Ibm.Inputs.CisFirewallAccessRuleArgs
{
Mode = "block",
Notes = "access rule notes",
Configuration = new Ibm.Inputs.CisFirewallAccessRuleConfigurationArgs
{
Target = "asn",
Value = "AS12346",
},
},
});
var uaRules = new Ibm.CisFirewall("uaRules", new()
{
CisId = ibm_cis.Instance.Id,
DomainId = ibm_cis_domain.Example.Id,
FirewallType = "ua_rules",
UaRule = new Ibm.Inputs.CisFirewallUaRuleArgs
{
Mode = "challenge",
Configuration = new Ibm.Inputs.CisFirewallUaRuleConfigurationArgs
{
Target = "ua",
Value = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.CisFirewall;
import com.pulumi.ibm.CisFirewallArgs;
import com.pulumi.ibm.inputs.CisFirewallLockdownArgs;
import com.pulumi.ibm.inputs.CisFirewallAccessRuleArgs;
import com.pulumi.ibm.inputs.CisFirewallAccessRuleConfigurationArgs;
import com.pulumi.ibm.inputs.CisFirewallUaRuleArgs;
import com.pulumi.ibm.inputs.CisFirewallUaRuleConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Add a firewall to the domain
var lockdown = new CisFirewall("lockdown", CisFirewallArgs.builder()
.cisId(ibm_cis.instance().id())
.domainId(ibm_cis_domain.example().id())
.firewallType("lockdowns")
.lockdown(CisFirewallLockdownArgs.builder()
.paused("false")
.description("test")
.urls("www.cis-terraform.com")
.configurations(CisFirewallLockdownConfigurationArgs.builder()
.target("ip")
.value("127.0.0.2")
.build())
.priority(1)
.build())
.build());
var accessRules = new CisFirewall("accessRules", CisFirewallArgs.builder()
.cisId(ibm_cis.instance().id())
.domainId(ibm_cis_domain.example().id())
.firewallType("access_rules")
.accessRule(CisFirewallAccessRuleArgs.builder()
.mode("block")
.notes("access rule notes")
.configuration(CisFirewallAccessRuleConfigurationArgs.builder()
.target("asn")
.value("AS12346")
.build())
.build())
.build());
var uaRules = new CisFirewall("uaRules", CisFirewallArgs.builder()
.cisId(ibm_cis.instance().id())
.domainId(ibm_cis_domain.example().id())
.firewallType("ua_rules")
.uaRule(CisFirewallUaRuleArgs.builder()
.mode("challenge")
.configuration(CisFirewallUaRuleConfigurationArgs.builder()
.target("ua")
.value("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4")
.build())
.build())
.build());
}
}
resources:
# Add a firewall to the domain
lockdown:
type: ibm:CisFirewall
properties:
cisId: ${ibm_cis.instance.id}
domainId: ${ibm_cis_domain.example.id}
firewallType: lockdowns
lockdown:
paused: 'false'
description: test
urls:
- www.cis-terraform.com
configurations:
- target: ip
value: 127.0.0.2
priority: 1
accessRules:
type: ibm:CisFirewall
properties:
cisId: ${ibm_cis.instance.id}
domainId: ${ibm_cis_domain.example.id}
firewallType: access_rules
accessRule:
mode: block
notes: access rule notes
configuration:
target: asn
value: AS12346
uaRules:
type: ibm:CisFirewall
properties:
cisId: ${ibm_cis.instance.id}
domainId: ${ibm_cis_domain.example.id}
firewallType: ua_rules
uaRule:
mode: challenge
configuration:
target: ua
value: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4
Create CisFirewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CisFirewall(name: string, args: CisFirewallArgs, opts?: CustomResourceOptions);@overload
def CisFirewall(resource_name: str,
args: CisFirewallArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CisFirewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
cis_id: Optional[str] = None,
domain_id: Optional[str] = None,
firewall_type: Optional[str] = None,
access_rule: Optional[CisFirewallAccessRuleArgs] = None,
cis_firewall_id: Optional[str] = None,
lockdown: Optional[CisFirewallLockdownArgs] = None,
ua_rule: Optional[CisFirewallUaRuleArgs] = None)func NewCisFirewall(ctx *Context, name string, args CisFirewallArgs, opts ...ResourceOption) (*CisFirewall, error)public CisFirewall(string name, CisFirewallArgs args, CustomResourceOptions? opts = null)public CisFirewall(String name, CisFirewallArgs args)
public CisFirewall(String name, CisFirewallArgs args, CustomResourceOptions options)
type: ibm:CisFirewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. CisFirewallArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. CisFirewallArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. CisFirewallArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. CisFirewallArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. CisFirewallArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var cisFirewallResource = new Ibm.CisFirewall("cisFirewallResource", new()
{
CisId = "string",
DomainId = "string",
FirewallType = "string",
AccessRule = new Ibm.Inputs.CisFirewallAccessRuleArgs
{
Configuration = new Ibm.Inputs.CisFirewallAccessRuleConfigurationArgs
{
Target = "string",
Value = "string",
},
Mode = "string",
AccessRuleId = "string",
Notes = "string",
},
CisFirewallId = "string",
Lockdown = new Ibm.Inputs.CisFirewallLockdownArgs
{
Configurations = new[]
{
new Ibm.Inputs.CisFirewallLockdownConfigurationArgs
{
Target = "string",
Value = "string",
},
},
Urls = new[]
{
"string",
},
Description = "string",
LockdownId = "string",
Paused = false,
Priority = 0,
},
UaRule = new Ibm.Inputs.CisFirewallUaRuleArgs
{
Configuration = new Ibm.Inputs.CisFirewallUaRuleConfigurationArgs
{
Target = "string",
Value = "string",
},
Mode = "string",
Description = "string",
Paused = false,
UaRuleId = "string",
},
});
example, err := ibm.NewCisFirewall(ctx, "cisFirewallResource", &ibm.CisFirewallArgs{
CisId: pulumi.String("string"),
DomainId: pulumi.String("string"),
FirewallType: pulumi.String("string"),
AccessRule: &.CisFirewallAccessRuleArgs{
Configuration: &.CisFirewallAccessRuleConfigurationArgs{
Target: pulumi.String("string"),
Value: pulumi.String("string"),
},
Mode: pulumi.String("string"),
AccessRuleId: pulumi.String("string"),
Notes: pulumi.String("string"),
},
CisFirewallId: pulumi.String("string"),
Lockdown: &.CisFirewallLockdownArgs{
Configurations: .CisFirewallLockdownConfigurationArray{
&.CisFirewallLockdownConfigurationArgs{
Target: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Urls: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
LockdownId: pulumi.String("string"),
Paused: pulumi.Bool(false),
Priority: pulumi.Float64(0),
},
UaRule: &.CisFirewallUaRuleArgs{
Configuration: &.CisFirewallUaRuleConfigurationArgs{
Target: pulumi.String("string"),
Value: pulumi.String("string"),
},
Mode: pulumi.String("string"),
Description: pulumi.String("string"),
Paused: pulumi.Bool(false),
UaRuleId: pulumi.String("string"),
},
})
var cisFirewallResource = new CisFirewall("cisFirewallResource", CisFirewallArgs.builder()
.cisId("string")
.domainId("string")
.firewallType("string")
.accessRule(CisFirewallAccessRuleArgs.builder()
.configuration(CisFirewallAccessRuleConfigurationArgs.builder()
.target("string")
.value("string")
.build())
.mode("string")
.accessRuleId("string")
.notes("string")
.build())
.cisFirewallId("string")
.lockdown(CisFirewallLockdownArgs.builder()
.configurations(CisFirewallLockdownConfigurationArgs.builder()
.target("string")
.value("string")
.build())
.urls("string")
.description("string")
.lockdownId("string")
.paused(false)
.priority(0)
.build())
.uaRule(CisFirewallUaRuleArgs.builder()
.configuration(CisFirewallUaRuleConfigurationArgs.builder()
.target("string")
.value("string")
.build())
.mode("string")
.description("string")
.paused(false)
.uaRuleId("string")
.build())
.build());
cis_firewall_resource = ibm.CisFirewall("cisFirewallResource",
cis_id="string",
domain_id="string",
firewall_type="string",
access_rule={
"configuration": {
"target": "string",
"value": "string",
},
"mode": "string",
"access_rule_id": "string",
"notes": "string",
},
cis_firewall_id="string",
lockdown={
"configurations": [{
"target": "string",
"value": "string",
}],
"urls": ["string"],
"description": "string",
"lockdown_id": "string",
"paused": False,
"priority": 0,
},
ua_rule={
"configuration": {
"target": "string",
"value": "string",
},
"mode": "string",
"description": "string",
"paused": False,
"ua_rule_id": "string",
})
const cisFirewallResource = new ibm.CisFirewall("cisFirewallResource", {
cisId: "string",
domainId: "string",
firewallType: "string",
accessRule: {
configuration: {
target: "string",
value: "string",
},
mode: "string",
accessRuleId: "string",
notes: "string",
},
cisFirewallId: "string",
lockdown: {
configurations: [{
target: "string",
value: "string",
}],
urls: ["string"],
description: "string",
lockdownId: "string",
paused: false,
priority: 0,
},
uaRule: {
configuration: {
target: "string",
value: "string",
},
mode: "string",
description: "string",
paused: false,
uaRuleId: "string",
},
});
type: ibm:CisFirewall
properties:
accessRule:
accessRuleId: string
configuration:
target: string
value: string
mode: string
notes: string
cisFirewallId: string
cisId: string
domainId: string
firewallType: string
lockdown:
configurations:
- target: string
value: string
description: string
lockdownId: string
paused: false
priority: 0
urls:
- string
uaRule:
configuration:
target: string
value: string
description: string
mode: string
paused: false
uaRuleId: string
CisFirewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CisFirewall resource accepts the following input properties:
- Cis
Id This property is required. string - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- Domain
Id This property is required. string - The ID of the domain where you want to apply the firewall rules.
- Firewall
Type This property is required. string - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - Access
Rule CisFirewall Access Rule Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- Cis
Firewall stringId - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - Lockdown
Cis
Firewall Lockdown A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- Ua
Rule CisFirewall Ua Rule Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
- Cis
Id This property is required. string - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- Domain
Id This property is required. string - The ID of the domain where you want to apply the firewall rules.
- Firewall
Type This property is required. string - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - Access
Rule CisFirewall Access Rule Args Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- Cis
Firewall stringId - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - Lockdown
Cis
Firewall Lockdown Args A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- Ua
Rule CisFirewall Ua Rule Args Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
- cis
Id This property is required. String - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- domain
Id This property is required. String - The ID of the domain where you want to apply the firewall rules.
- firewall
Type This property is required. String - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - access
Rule CisFirewall Access Rule Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- cis
Firewall StringId - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - lockdown
Cis
Firewall Lockdown A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- ua
Rule CisFirewall Ua Rule Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
- cis
Id This property is required. string - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- domain
Id This property is required. string - The ID of the domain where you want to apply the firewall rules.
- firewall
Type This property is required. string - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - access
Rule CisFirewall Access Rule Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- cis
Firewall stringId - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - lockdown
Cis
Firewall Lockdown A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- ua
Rule CisFirewall Ua Rule Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
- cis_
id This property is required. str - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- domain_
id This property is required. str - The ID of the domain where you want to apply the firewall rules.
- firewall_
type This property is required. str - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - access_
rule CisFirewall Access Rule Args Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- cis_
firewall_ strid - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - lockdown
Cis
Firewall Lockdown Args A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- ua_
rule CisFirewall Ua Rule Args Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
- cis
Id This property is required. String - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- domain
Id This property is required. String - The ID of the domain where you want to apply the firewall rules.
- firewall
Type This property is required. String - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - access
Rule Property Map Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- cis
Firewall StringId - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - lockdown Property Map
A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- ua
Rule Property Map Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
Outputs
All input properties are implicitly available as output properties. Additionally, the CisFirewall resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing CisFirewall Resource
Get an existing CisFirewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CisFirewallState, opts?: CustomResourceOptions): CisFirewall@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_rule: Optional[CisFirewallAccessRuleArgs] = None,
cis_firewall_id: Optional[str] = None,
cis_id: Optional[str] = None,
domain_id: Optional[str] = None,
firewall_type: Optional[str] = None,
lockdown: Optional[CisFirewallLockdownArgs] = None,
ua_rule: Optional[CisFirewallUaRuleArgs] = None) -> CisFirewallfunc GetCisFirewall(ctx *Context, name string, id IDInput, state *CisFirewallState, opts ...ResourceOption) (*CisFirewall, error)public static CisFirewall Get(string name, Input<string> id, CisFirewallState? state, CustomResourceOptions? opts = null)public static CisFirewall get(String name, Output<String> id, CisFirewallState state, CustomResourceOptions options)resources: _: type: ibm:CisFirewall get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Access
Rule CisFirewall Access Rule Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- Cis
Firewall stringId - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - Cis
Id string - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- Domain
Id string - The ID of the domain where you want to apply the firewall rules.
- Firewall
Type string - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - Lockdown
Cis
Firewall Lockdown A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- Ua
Rule CisFirewall Ua Rule Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
- Access
Rule CisFirewall Access Rule Args Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- Cis
Firewall stringId - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - Cis
Id string - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- Domain
Id string - The ID of the domain where you want to apply the firewall rules.
- Firewall
Type string - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - Lockdown
Cis
Firewall Lockdown Args A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- Ua
Rule CisFirewall Ua Rule Args Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
- access
Rule CisFirewall Access Rule Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- cis
Firewall StringId - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - cis
Id String - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- domain
Id String - The ID of the domain where you want to apply the firewall rules.
- firewall
Type String - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - lockdown
Cis
Firewall Lockdown A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- ua
Rule CisFirewall Ua Rule Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
- access
Rule CisFirewall Access Rule Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- cis
Firewall stringId - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - cis
Id string - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- domain
Id string - The ID of the domain where you want to apply the firewall rules.
- firewall
Type string - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - lockdown
Cis
Firewall Lockdown A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- ua
Rule CisFirewall Ua Rule Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
- access_
rule CisFirewall Access Rule Args Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- cis_
firewall_ strid - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - cis_
id str - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- domain_
id str - The ID of the domain where you want to apply the firewall rules.
- firewall_
type str - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - lockdown
Cis
Firewall Lockdown Args A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- ua_
rule CisFirewall Ua Rule Args Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
- access
Rule Property Map Create the data the describing access rule. (Maximum item is 1).
Nested scheme for
access_rules:- cis
Firewall StringId - (String) The ID of the record. The ID is composed of
<firewall_type>,<lockdown_id/access_rule_id/ua_rule_id>,<domain_ID>,<cis_crn>. Attributes are concatenated with:. - cis
Id String - The ID of the IBM Cloud Internet Services instance where you want to create the firewall.
- domain
Id String - The ID of the domain where you want to apply the firewall rules.
- firewall
Type String - The type of firewall that you want to create for your domain. Supported values are
lockdowns,access_rules, andua_rules. Consider the following information when choosing your firewall type: access_rules: Access rules allow, challenge, or block requests to your website. You can apply access rules to one domain only or all domains in the same service instance.ua_rules: Apply firewall rules only if the user agent that is used by the client matches the user agent that you defined. lockdowns: Allow access to your domain for specific IP addresses or IP address ranges only. If you choose this firewall type, you must define your firewall rules in thelockdowninput parameter.. - lockdown Property Map
A list of firewall rules that you want to create for your
lockdownsfirewall. You can specify one item in this list only.Nested scheme for
lockdown:- ua
Rule Property Map Create the data describing the user agent rule. (Maximum item is 1).
Nested scheme for
ua_rule:
Supporting Types
CisFirewallAccessRule, CisFirewallAccessRuleArgs
, CisFirewallAccessRuleArgs
- Configuration
This property is required. CisFirewall Access Rule Configuration The Configuration of firewall. (Maximum items is 1).
Nested scheme for
configuration:- Mode
This property is required. string - The mode of access rule. The valid modes are
block,challenge,whitelist,js_challenge. - Access
Rule stringId - (String) The access rule ID.
- Notes string
- The free text for notes.
- Configuration
This property is required. CisFirewall Access Rule Configuration The Configuration of firewall. (Maximum items is 1).
Nested scheme for
configuration:- Mode
This property is required. string - The mode of access rule. The valid modes are
block,challenge,whitelist,js_challenge. - Access
Rule stringId - (String) The access rule ID.
- Notes string
- The free text for notes.
- configuration
This property is required. CisFirewall Access Rule Configuration The Configuration of firewall. (Maximum items is 1).
Nested scheme for
configuration:- mode
This property is required. String - The mode of access rule. The valid modes are
block,challenge,whitelist,js_challenge. - access
Rule StringId - (String) The access rule ID.
- notes String
- The free text for notes.
- configuration
This property is required. CisFirewall Access Rule Configuration The Configuration of firewall. (Maximum items is 1).
Nested scheme for
configuration:- mode
This property is required. string - The mode of access rule. The valid modes are
block,challenge,whitelist,js_challenge. - access
Rule stringId - (String) The access rule ID.
- notes string
- The free text for notes.
- configuration
This property is required. CisFirewall Access Rule Configuration The Configuration of firewall. (Maximum items is 1).
Nested scheme for
configuration:- mode
This property is required. str - The mode of access rule. The valid modes are
block,challenge,whitelist,js_challenge. - access_
rule_ strid - (String) The access rule ID.
- notes str
- The free text for notes.
- configuration
This property is required. Property Map The Configuration of firewall. (Maximum items is 1).
Nested scheme for
configuration:- mode
This property is required. String - The mode of access rule. The valid modes are
block,challenge,whitelist,js_challenge. - access
Rule StringId - (String) The access rule ID.
- notes String
- The free text for notes.
CisFirewallAccessRuleConfiguration, CisFirewallAccessRuleConfigurationArgs
, CisFirewallAccessRuleConfigurationArgs
CisFirewallLockdown, CisFirewallLockdownArgs
, CisFirewallLockdownArgs
- Configurations
This property is required. List<CisFirewall Lockdown Configuration> A list of IP address or CIDR ranges that you want to allow access to the URLs that you defined in
urls.Nested scheme for
configurations:- Urls
This property is required. List<string> - A list of URLs that you want to include in your firewall rule. You can specify wildcard URLs. The URL pattern is escaped before use.
- Description string
- A description for your firewall rule.
- Lockdown
Id string - (String) The lock down ID.
- Paused bool
- If set to true, the firewall rule is disabled. If set to false, the firewall rule is enabled.
- Priority double
- The priority of the firewall rule. A low number is associated with a high priority.
- Configurations
This property is required. []CisFirewall Lockdown Configuration A list of IP address or CIDR ranges that you want to allow access to the URLs that you defined in
urls.Nested scheme for
configurations:- Urls
This property is required. []string - A list of URLs that you want to include in your firewall rule. You can specify wildcard URLs. The URL pattern is escaped before use.
- Description string
- A description for your firewall rule.
- Lockdown
Id string - (String) The lock down ID.
- Paused bool
- If set to true, the firewall rule is disabled. If set to false, the firewall rule is enabled.
- Priority float64
- The priority of the firewall rule. A low number is associated with a high priority.
- configurations
This property is required. List<CisFirewall Lockdown Configuration> A list of IP address or CIDR ranges that you want to allow access to the URLs that you defined in
urls.Nested scheme for
configurations:- urls
This property is required. List<String> - A list of URLs that you want to include in your firewall rule. You can specify wildcard URLs. The URL pattern is escaped before use.
- description String
- A description for your firewall rule.
- lockdown
Id String - (String) The lock down ID.
- paused Boolean
- If set to true, the firewall rule is disabled. If set to false, the firewall rule is enabled.
- priority Double
- The priority of the firewall rule. A low number is associated with a high priority.
- configurations
This property is required. CisFirewall Lockdown Configuration[] A list of IP address or CIDR ranges that you want to allow access to the URLs that you defined in
urls.Nested scheme for
configurations:- urls
This property is required. string[] - A list of URLs that you want to include in your firewall rule. You can specify wildcard URLs. The URL pattern is escaped before use.
- description string
- A description for your firewall rule.
- lockdown
Id string - (String) The lock down ID.
- paused boolean
- If set to true, the firewall rule is disabled. If set to false, the firewall rule is enabled.
- priority number
- The priority of the firewall rule. A low number is associated with a high priority.
- configurations
This property is required. Sequence[CisFirewall Lockdown Configuration] A list of IP address or CIDR ranges that you want to allow access to the URLs that you defined in
urls.Nested scheme for
configurations:- urls
This property is required. Sequence[str] - A list of URLs that you want to include in your firewall rule. You can specify wildcard URLs. The URL pattern is escaped before use.
- description str
- A description for your firewall rule.
- lockdown_
id str - (String) The lock down ID.
- paused bool
- If set to true, the firewall rule is disabled. If set to false, the firewall rule is enabled.
- priority float
- The priority of the firewall rule. A low number is associated with a high priority.
- configurations
This property is required. List<Property Map> A list of IP address or CIDR ranges that you want to allow access to the URLs that you defined in
urls.Nested scheme for
configurations:- urls
This property is required. List<String> - A list of URLs that you want to include in your firewall rule. You can specify wildcard URLs. The URL pattern is escaped before use.
- description String
- A description for your firewall rule.
- lockdown
Id String - (String) The lock down ID.
- paused Boolean
- If set to true, the firewall rule is disabled. If set to false, the firewall rule is enabled.
- priority Number
- The priority of the firewall rule. A low number is associated with a high priority.
CisFirewallLockdownConfiguration, CisFirewallLockdownConfigurationArgs
, CisFirewallLockdownConfigurationArgs
- Target
This property is required. string - Specify if you want to target an
IPorip_range. - Value
This property is required. string - The IP address or IP address range that you want to target. Make sure that the value that you enter here matches the type of target that you specified in
lockdown.configurations.target.
- Target
This property is required. string - Specify if you want to target an
IPorip_range. - Value
This property is required. string - The IP address or IP address range that you want to target. Make sure that the value that you enter here matches the type of target that you specified in
lockdown.configurations.target.
- target
This property is required. String - Specify if you want to target an
IPorip_range. - value
This property is required. String - The IP address or IP address range that you want to target. Make sure that the value that you enter here matches the type of target that you specified in
lockdown.configurations.target.
- target
This property is required. string - Specify if you want to target an
IPorip_range. - value
This property is required. string - The IP address or IP address range that you want to target. Make sure that the value that you enter here matches the type of target that you specified in
lockdown.configurations.target.
- target
This property is required. str - Specify if you want to target an
IPorip_range. - value
This property is required. str - The IP address or IP address range that you want to target. Make sure that the value that you enter here matches the type of target that you specified in
lockdown.configurations.target.
- target
This property is required. String - Specify if you want to target an
IPorip_range. - value
This property is required. String - The IP address or IP address range that you want to target. Make sure that the value that you enter here matches the type of target that you specified in
lockdown.configurations.target.
CisFirewallUaRule, CisFirewallUaRuleArgs
, CisFirewallUaRuleArgs
- Configuration
This property is required. CisFirewall Ua Rule Configuration The Configuration of firewall. (Maximum item is 1).
Nested scheme for
configuration:- Mode
This property is required. string - The mode of access rule. The valid modes are
block,challenge,js_challenge. - Description string
- description
- Paused bool
Whether the rule is currently disabled.
Note
Exactly one of
lockdown,access_rule, andua_ruleis allowed for the firewall typeslockdowns,access_rules, andua_rules.- Ua
Rule stringId - (String) The user agent rule ID.
- Configuration
This property is required. CisFirewall Ua Rule Configuration The Configuration of firewall. (Maximum item is 1).
Nested scheme for
configuration:- Mode
This property is required. string - The mode of access rule. The valid modes are
block,challenge,js_challenge. - Description string
- description
- Paused bool
Whether the rule is currently disabled.
Note
Exactly one of
lockdown,access_rule, andua_ruleis allowed for the firewall typeslockdowns,access_rules, andua_rules.- Ua
Rule stringId - (String) The user agent rule ID.
- configuration
This property is required. CisFirewall Ua Rule Configuration The Configuration of firewall. (Maximum item is 1).
Nested scheme for
configuration:- mode
This property is required. String - The mode of access rule. The valid modes are
block,challenge,js_challenge. - description String
- description
- paused Boolean
Whether the rule is currently disabled.
Note
Exactly one of
lockdown,access_rule, andua_ruleis allowed for the firewall typeslockdowns,access_rules, andua_rules.- ua
Rule StringId - (String) The user agent rule ID.
- configuration
This property is required. CisFirewall Ua Rule Configuration The Configuration of firewall. (Maximum item is 1).
Nested scheme for
configuration:- mode
This property is required. string - The mode of access rule. The valid modes are
block,challenge,js_challenge. - description string
- description
- paused boolean
Whether the rule is currently disabled.
Note
Exactly one of
lockdown,access_rule, andua_ruleis allowed for the firewall typeslockdowns,access_rules, andua_rules.- ua
Rule stringId - (String) The user agent rule ID.
- configuration
This property is required. CisFirewall Ua Rule Configuration The Configuration of firewall. (Maximum item is 1).
Nested scheme for
configuration:- mode
This property is required. str - The mode of access rule. The valid modes are
block,challenge,js_challenge. - description str
- description
- paused bool
Whether the rule is currently disabled.
Note
Exactly one of
lockdown,access_rule, andua_ruleis allowed for the firewall typeslockdowns,access_rules, andua_rules.- ua_
rule_ strid - (String) The user agent rule ID.
- configuration
This property is required. Property Map The Configuration of firewall. (Maximum item is 1).
Nested scheme for
configuration:- mode
This property is required. String - The mode of access rule. The valid modes are
block,challenge,js_challenge. - description String
- description
- paused Boolean
Whether the rule is currently disabled.
Note
Exactly one of
lockdown,access_rule, andua_ruleis allowed for the firewall typeslockdowns,access_rules, andua_rules.- ua
Rule StringId - (String) The user agent rule ID.
CisFirewallUaRuleConfiguration, CisFirewallUaRuleConfigurationArgs
, CisFirewallUaRuleConfigurationArgs
Import
The ibm_cis_firewall resource is imported by using the ID. The ID is formed from the firewall type, the firewall ID, the domain ID of the domain and the CRN (Cloud Resource Name) concatenated using a : character.
The domain ID and CRN is located on the overview page of the internet services instance of the domain heading of the console, or by using the ibm cis command line commands.
Domain ID is a 32 digit character string of the form:
9caf68812ae9b3f0377fdf986751a78f.CRN is a 120 digit character string of the form:
crn:v1:bluemix:public:internet-svcs:global:a/4ea1882a2d3401ed1e459979941966ea:31fa970d-51d0-4b05-893e-251cba75a7b3::.Firewall ID is a 32 digit character string of the form:
489d96f0da6ed76251b475971b097205c.Firewall type is a string. It can be either of
lockdowns,access_rules,ua_rules.
Syntax
$ pulumi import ibm:index/cisFirewall:CisFirewall myorg <firewall_type>:<firewall_id>:<domain-id>:<crn>
Example
$ pulumi import ibm:index/cisFirewall:CisFirewall myorg lockdowns lockdowns:48996f0da6ed76251b475971b097205c:9caf68812ae9b3f0377fdf986751a78f:crn:v1:bluemix:public:internet-svcs:global:a/4ea1882a2d3401ed1e459979941966ea:31fa970d-51d0-4b05-893e-251cba75a7b3::
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.