docs
docs copied to clipboard
pulumi
Azure Firewall PublicIPaddress
File: docs/reference/pkg/azure-nextgen/network/azurefirewall.md
Hi team,
I found a inaccuracy in the documentation. It says to use public_ip_address as a property name to refer a publicip resource, instead the correct property name is publicIPAddress as the follow example.
ip_configurations=[{ "name": "azureFirewallIpConfiguration", "subnet": { "id": vnet.subnets[1].id }, "publicIPAddress": { "id": pip.id }, }],
Cheers, Ric
Thanks for opening the issue, @ripom, and sorry for the trouble!
The primary issue is that the examples should be showing the use of the input classes (where the argument name is public_ip_address) rather than use of untyped dicts for these arguments.
import pulumi
import pulumi_azure_nextgen as azure_nextgen
azure_firewall = azure_nextgen.network.latest.AzureFirewall("azureFirewall",
application_rule_collections=[azure_nextgen.network.latest.AzureFirewallApplicationRuleCollectionArgs(
action=azure_nextgen.network.latest.AzureFirewallRCActionArgs(
type="Deny",
),
name="apprulecoll",
priority=110,
rules=[azure_nextgen.network.latest.AzureFirewallApplicationRuleArgs(
description="Deny inbound rule",
name="rule1",
protocols=[azure_nextgen.network.latest.AzureFirewallApplicationRuleProtocolArgs(
port=443,
protocol_type="Https",
)],
source_addresses=[
"216.58.216.164",
"10.0.0.0/24",
],
target_fqdns=["www.test.com"],
)],
)],
azure_firewall_name="azurefirewall",
ip_configurations=[azure_nextgen.network.latest.AzureFirewallIPConfigurationArgs(
name="azureFirewallIpConfiguration",
public_ip_address=azure_nextgen.network.latest.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
),
subnet=azure_nextgen.network.latest.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
),
)],
location="West US",
nat_rule_collections=[azure_nextgen.network.latest.AzureFirewallNatRuleCollectionArgs(
action=azure_nextgen.network.latest.AzureFirewallNatRCActionArgs(
type="Dnat",
),
name="natrulecoll",
priority=112,
rules=[
azure_nextgen.network.latest.AzureFirewallNatRuleArgs(
description="D-NAT all outbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["443"],
name="DNAT-HTTPS-traffic",
protocols=["TCP"],
source_addresses=["*"],
translated_address="1.2.3.5",
translated_port="8443",
),
azure_nextgen.network.latest.AzureFirewallNatRuleArgs(
description="D-NAT all inbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["80"],
name="DNAT-HTTP-traffic-With-FQDN",
protocols=["TCP"],
source_addresses=["*"],
translated_fqdn="internalhttpserver",
translated_port="880",
),
],
)],
network_rule_collections=[azure_nextgen.network.latest.AzureFirewallNetworkRuleCollectionArgs(
action=azure_nextgen.network.latest.AzureFirewallRCActionArgs(
type="Deny",
),
name="netrulecoll",
priority=112,
rules=[
azure_nextgen.network.latest.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports",
destination_addresses=["*"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic",
protocols=["TCP"],
source_addresses=[
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
),
azure_nextgen.network.latest.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports to amazon",
destination_fqdns=["www.amazon.com"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic-with-FQDN",
protocols=["TCP"],
source_addresses=["10.2.4.12-10.2.4.255"],
),
],
)],
resource_group_name="rg1",
sku=azure_nextgen.network.latest.AzureFirewallSkuArgs(
name="AZFW_VNet",
tier="Standard",
),
tags={
"key1": "value1",
},
threat_intel_mode="Alert",
zones=[])
The updated documentation associated with the next release of the provider should reflect this.
