Palo Alto Networks Cloud NGFW for AWS v1.0.0 published on Wednesday, Oct 8, 2025 by Pulumi
cloudngfwaws.Ngfw
Palo Alto Networks Cloud NGFW for AWS v1.0.0 published on Wednesday, Oct 8, 2025 by Pulumi
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as cloudngfwaws from "@pulumi/cloudngfwaws";
const rs = new cloudngfwaws.CommitRulestack("rs", {rulestack: "my-rulestack"});
const exampleVpc = new aws.index.Vpc("example", {
cidrBlock: "172.16.0.0/16",
tags: {
name: "tf-example",
},
});
const subnet1 = new aws.index.Subnet("subnet1", {
vpcId: myVpc.id,
cidrBlock: "172.16.10.0/24",
availabilityZone: "us-west-2a",
tags: {
name: "tf-example",
},
});
const example = new cloudngfwaws.Ngfw("example", {
name: "example-instance",
description: "Example description",
endpoints: [{
subnetId: subnet1.id,
mode: "ServiceManaged",
vpcId: exampleVpc.id,
accountId: "12345678",
}],
rulestack: rs.rulestack,
tags: {
Foo: "bar",
},
});
const subnet2 = new aws.index.Subnet("subnet2", {
vpcId: myVpc.id,
cidrBlock: "172.16.20.0/24",
availabilityZone: "us-west-2b",
tags: {
name: "tf-example",
},
});
import pulumi
import pulumi_aws as aws
import pulumi_cloudngfwaws as cloudngfwaws
rs = cloudngfwaws.CommitRulestack("rs", rulestack="my-rulestack")
example_vpc = aws.index.Vpc("example",
cidr_block=172.16.0.0/16,
tags={
name: tf-example,
})
subnet1 = aws.index.Subnet("subnet1",
vpc_id=my_vpc.id,
cidr_block=172.16.10.0/24,
availability_zone=us-west-2a,
tags={
name: tf-example,
})
example = cloudngfwaws.Ngfw("example",
name="example-instance",
description="Example description",
endpoints=[{
"subnet_id": subnet1["id"],
"mode": "ServiceManaged",
"vpc_id": example_vpc["id"],
"account_id": "12345678",
}],
rulestack=rs.rulestack,
tags={
"Foo": "bar",
})
subnet2 = aws.index.Subnet("subnet2",
vpc_id=my_vpc.id,
cidr_block=172.16.20.0/24,
availability_zone=us-west-2b,
tags={
name: tf-example,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/go/aws"
"github.com/pulumi/pulumi-cloudngfwaws/sdk/go/cloudngfwaws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
rs, err := cloudngfwaws.NewCommitRulestack(ctx, "rs", &cloudngfwaws.CommitRulestackArgs{
Rulestack: pulumi.String("my-rulestack"),
})
if err != nil {
return err
}
exampleVpc, err := aws.NewVpc(ctx, "example", &aws.VpcArgs{
CidrBlock: "172.16.0.0/16",
Tags: map[string]interface{}{
"name": "tf-example",
},
})
if err != nil {
return err
}
subnet1, err := aws.NewSubnet(ctx, "subnet1", &aws.SubnetArgs{
VpcId: myVpc.Id,
CidrBlock: "172.16.10.0/24",
AvailabilityZone: "us-west-2a",
Tags: map[string]interface{}{
"name": "tf-example",
},
})
if err != nil {
return err
}
_, err = cloudngfwaws.NewNgfw(ctx, "example", &cloudngfwaws.NgfwArgs{
Name: pulumi.String("example-instance"),
Description: pulumi.String("Example description"),
Endpoints: cloudngfwaws.NgfwEndpointArray{
&cloudngfwaws.NgfwEndpointArgs{
SubnetId: subnet1.Id,
Mode: pulumi.String("ServiceManaged"),
VpcId: exampleVpc.Id,
AccountId: pulumi.String("12345678"),
},
},
Rulestack: rs.Rulestack,
Tags: pulumi.StringMap{
"Foo": pulumi.String("bar"),
},
})
if err != nil {
return err
}
_, err = aws.NewSubnet(ctx, "subnet2", &aws.SubnetArgs{
VpcId: myVpc.Id,
CidrBlock: "172.16.20.0/24",
AvailabilityZone: "us-west-2b",
Tags: map[string]interface{}{
"name": "tf-example",
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using CloudNgfwAws = Pulumi.CloudNgfwAws;
return await Deployment.RunAsync(() =>
{
var rs = new CloudNgfwAws.CommitRulestack("rs", new()
{
Rulestack = "my-rulestack",
});
var exampleVpc = new Aws.Index.Vpc("example", new()
{
CidrBlock = "172.16.0.0/16",
Tags =
{
{ "name", "tf-example" },
},
});
var subnet1 = new Aws.Index.Subnet("subnet1", new()
{
VpcId = myVpc.Id,
CidrBlock = "172.16.10.0/24",
AvailabilityZone = "us-west-2a",
Tags =
{
{ "name", "tf-example" },
},
});
var example = new CloudNgfwAws.Ngfw("example", new()
{
Name = "example-instance",
Description = "Example description",
Endpoints = new[]
{
new CloudNgfwAws.Inputs.NgfwEndpointArgs
{
SubnetId = subnet1.Id,
Mode = "ServiceManaged",
VpcId = exampleVpc.Id,
AccountId = "12345678",
},
},
Rulestack = rs.Rulestack,
Tags =
{
{ "Foo", "bar" },
},
});
var subnet2 = new Aws.Index.Subnet("subnet2", new()
{
VpcId = myVpc.Id,
CidrBlock = "172.16.20.0/24",
AvailabilityZone = "us-west-2b",
Tags =
{
{ "name", "tf-example" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudngfwaws.CommitRulestack;
import com.pulumi.cloudngfwaws.CommitRulestackArgs;
import com.pulumi.aws.vpc;
import com.pulumi.aws.vpcArgs;
import com.pulumi.aws.subnet;
import com.pulumi.aws.subnetArgs;
import com.pulumi.cloudngfwaws.Ngfw;
import com.pulumi.cloudngfwaws.NgfwArgs;
import com.pulumi.cloudngfwaws.inputs.NgfwEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var rs = new CommitRulestack("rs", CommitRulestackArgs.builder()
.rulestack("my-rulestack")
.build());
var exampleVpc = new Vpc("exampleVpc", VpcArgs.builder()
.cidrBlock("172.16.0.0/16")
.tags(Map.of("name", "tf-example"))
.build());
var subnet1 = new Subnet("subnet1", SubnetArgs.builder()
.vpcId(myVpc.id())
.cidrBlock("172.16.10.0/24")
.availabilityZone("us-west-2a")
.tags(Map.of("name", "tf-example"))
.build());
var example = new Ngfw("example", NgfwArgs.builder()
.name("example-instance")
.description("Example description")
.endpoints(NgfwEndpointArgs.builder()
.subnetId(subnet1.id())
.mode("ServiceManaged")
.vpcId(exampleVpc.id())
.accountId("12345678")
.build())
.rulestack(rs.rulestack())
.tags(Map.of("Foo", "bar"))
.build());
var subnet2 = new Subnet("subnet2", SubnetArgs.builder()
.vpcId(myVpc.id())
.cidrBlock("172.16.20.0/24")
.availabilityZone("us-west-2b")
.tags(Map.of("name", "tf-example"))
.build());
}
}
resources:
example:
type: cloudngfwaws:Ngfw
properties:
name: example-instance
description: Example description
endpoints:
- subnetId: ${subnet1.id}
mode: ServiceManaged
vpcId: ${exampleVpc.id}
accountId: '12345678'
rulestack: ${rs.rulestack}
tags:
Foo: bar
rs:
type: cloudngfwaws:CommitRulestack
properties:
rulestack: my-rulestack
exampleVpc:
type: aws:vpc
name: example
properties:
cidrBlock: 172.16.0.0/16
tags:
name: tf-example
subnet1:
type: aws:subnet
properties:
vpcId: ${myVpc.id}
cidrBlock: 172.16.10.0/24
availabilityZone: us-west-2a
tags:
name: tf-example
subnet2:
type: aws:subnet
properties:
vpcId: ${myVpc.id}
cidrBlock: 172.16.20.0/24
availabilityZone: us-west-2b
tags:
name: tf-example
Create Ngfw Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Ngfw(name: string, args: NgfwArgs, opts?: CustomResourceOptions);@overload
def Ngfw(resource_name: str,
args: NgfwArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Ngfw(resource_name: str,
opts: Optional[ResourceOptions] = None,
az_lists: Optional[Sequence[str]] = None,
global_rulestack: Optional[str] = None,
link_id: Optional[str] = None,
automatic_upgrade_app_id_version: Optional[bool] = None,
account_id: Optional[str] = None,
change_protections: Optional[Sequence[str]] = None,
description: Optional[str] = None,
egress_nats: Optional[Sequence[NgfwEgressNatArgs]] = None,
endpoint_mode: Optional[str] = None,
app_id_version: Optional[str] = None,
endpoints: Optional[Sequence[NgfwEndpointArgs]] = None,
allowlist_accounts: Optional[Sequence[str]] = None,
multi_vpc: Optional[bool] = None,
name: Optional[str] = None,
private_accesses: Optional[Sequence[NgfwPrivateAccessArgs]] = None,
rulestack: Optional[str] = None,
subnet_mappings: Optional[Sequence[NgfwSubnetMappingArgs]] = None,
tags: Optional[Mapping[str, str]] = None,
user_ids: Optional[Sequence[NgfwUserIdArgs]] = None,
vpc_id: Optional[str] = None)func NewNgfw(ctx *Context, name string, args NgfwArgs, opts ...ResourceOption) (*Ngfw, error)public Ngfw(string name, NgfwArgs args, CustomResourceOptions? opts = null)type: cloudngfwaws:Ngfw
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NgfwArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NgfwArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NgfwArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NgfwArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NgfwArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ngfwResource = new CloudNgfwAws.Ngfw("ngfwResource", new()
{
AzLists = new[]
{
"string",
},
GlobalRulestack = "string",
LinkId = "string",
AutomaticUpgradeAppIdVersion = false,
AccountId = "string",
ChangeProtections = new[]
{
"string",
},
Description = "string",
EgressNats = new[]
{
new CloudNgfwAws.Inputs.NgfwEgressNatArgs
{
Enabled = false,
Settings = new[]
{
new CloudNgfwAws.Inputs.NgfwEgressNatSettingArgs
{
IpPoolType = "string",
IpamPoolId = "string",
},
},
},
},
EndpointMode = "string",
AppIdVersion = "string",
Endpoints = new[]
{
new CloudNgfwAws.Inputs.NgfwEndpointArgs
{
Mode = "string",
AccountId = "string",
EgressNatEnabled = false,
EndpointId = "string",
Prefixes = new[]
{
new CloudNgfwAws.Inputs.NgfwEndpointPrefixArgs
{
PrivatePrefixes = new[]
{
new CloudNgfwAws.Inputs.NgfwEndpointPrefixPrivatePrefixArgs
{
Cidrs = new[]
{
"string",
},
},
},
},
},
RejectedReason = "string",
Status = "string",
SubnetId = "string",
VpcId = "string",
ZoneId = "string",
},
},
AllowlistAccounts = new[]
{
"string",
},
MultiVpc = false,
Name = "string",
PrivateAccesses = new[]
{
new CloudNgfwAws.Inputs.NgfwPrivateAccessArgs
{
ResourceId = "string",
Type = "string",
},
},
Rulestack = "string",
SubnetMappings = new[]
{
new CloudNgfwAws.Inputs.NgfwSubnetMappingArgs
{
AvailabilityZone = "string",
AvailabilityZoneId = "string",
SubnetId = "string",
},
},
Tags =
{
{ "string", "string" },
},
UserIds = new[]
{
new CloudNgfwAws.Inputs.NgfwUserIdArgs
{
Enabled = false,
Port = 0,
AgentName = "string",
CollectorName = "string",
CustomIncludeExcludeNetworks = new[]
{
new CloudNgfwAws.Inputs.NgfwUserIdCustomIncludeExcludeNetworkArgs
{
DiscoveryInclude = false,
Enabled = false,
Name = "string",
NetworkAddress = "string",
},
},
SecretKeyArn = "string",
UserIdStatus = "string",
},
},
VpcId = "string",
});
example, err := cloudngfwaws.NewNgfw(ctx, "ngfwResource", &cloudngfwaws.NgfwArgs{
AzLists: pulumi.StringArray{
pulumi.String("string"),
},
GlobalRulestack: pulumi.String("string"),
LinkId: pulumi.String("string"),
AutomaticUpgradeAppIdVersion: pulumi.Bool(false),
AccountId: pulumi.String("string"),
ChangeProtections: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
EgressNats: cloudngfwaws.NgfwEgressNatArray{
&cloudngfwaws.NgfwEgressNatArgs{
Enabled: pulumi.Bool(false),
Settings: cloudngfwaws.NgfwEgressNatSettingArray{
&cloudngfwaws.NgfwEgressNatSettingArgs{
IpPoolType: pulumi.String("string"),
IpamPoolId: pulumi.String("string"),
},
},
},
},
EndpointMode: pulumi.String("string"),
AppIdVersion: pulumi.String("string"),
Endpoints: cloudngfwaws.NgfwEndpointArray{
&cloudngfwaws.NgfwEndpointArgs{
Mode: pulumi.String("string"),
AccountId: pulumi.String("string"),
EgressNatEnabled: pulumi.Bool(false),
EndpointId: pulumi.String("string"),
Prefixes: cloudngfwaws.NgfwEndpointPrefixArray{
&cloudngfwaws.NgfwEndpointPrefixArgs{
PrivatePrefixes: cloudngfwaws.NgfwEndpointPrefixPrivatePrefixArray{
&cloudngfwaws.NgfwEndpointPrefixPrivatePrefixArgs{
Cidrs: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
RejectedReason: pulumi.String("string"),
Status: pulumi.String("string"),
SubnetId: pulumi.String("string"),
VpcId: pulumi.String("string"),
ZoneId: pulumi.String("string"),
},
},
AllowlistAccounts: pulumi.StringArray{
pulumi.String("string"),
},
MultiVpc: pulumi.Bool(false),
Name: pulumi.String("string"),
PrivateAccesses: cloudngfwaws.NgfwPrivateAccessArray{
&cloudngfwaws.NgfwPrivateAccessArgs{
ResourceId: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Rulestack: pulumi.String("string"),
SubnetMappings: cloudngfwaws.NgfwSubnetMappingArray{
&cloudngfwaws.NgfwSubnetMappingArgs{
AvailabilityZone: pulumi.String("string"),
AvailabilityZoneId: pulumi.String("string"),
SubnetId: pulumi.String("string"),
},
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
UserIds: cloudngfwaws.NgfwUserIdArray{
&cloudngfwaws.NgfwUserIdArgs{
Enabled: pulumi.Bool(false),
Port: pulumi.Int(0),
AgentName: pulumi.String("string"),
CollectorName: pulumi.String("string"),
CustomIncludeExcludeNetworks: cloudngfwaws.NgfwUserIdCustomIncludeExcludeNetworkArray{
&cloudngfwaws.NgfwUserIdCustomIncludeExcludeNetworkArgs{
DiscoveryInclude: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
NetworkAddress: pulumi.String("string"),
},
},
SecretKeyArn: pulumi.String("string"),
UserIdStatus: pulumi.String("string"),
},
},
VpcId: pulumi.String("string"),
})
var ngfwResource = new Ngfw("ngfwResource", NgfwArgs.builder()
.azLists("string")
.globalRulestack("string")
.linkId("string")
.automaticUpgradeAppIdVersion(false)
.accountId("string")
.changeProtections("string")
.description("string")
.egressNats(NgfwEgressNatArgs.builder()
.enabled(false)
.settings(NgfwEgressNatSettingArgs.builder()
.ipPoolType("string")
.ipamPoolId("string")
.build())
.build())
.endpointMode("string")
.appIdVersion("string")
.endpoints(NgfwEndpointArgs.builder()
.mode("string")
.accountId("string")
.egressNatEnabled(false)
.endpointId("string")
.prefixes(NgfwEndpointPrefixArgs.builder()
.privatePrefixes(NgfwEndpointPrefixPrivatePrefixArgs.builder()
.cidrs("string")
.build())
.build())
.rejectedReason("string")
.status("string")
.subnetId("string")
.vpcId("string")
.zoneId("string")
.build())
.allowlistAccounts("string")
.multiVpc(false)
.name("string")
.privateAccesses(NgfwPrivateAccessArgs.builder()
.resourceId("string")
.type("string")
.build())
.rulestack("string")
.subnetMappings(NgfwSubnetMappingArgs.builder()
.availabilityZone("string")
.availabilityZoneId("string")
.subnetId("string")
.build())
.tags(Map.of("string", "string"))
.userIds(NgfwUserIdArgs.builder()
.enabled(false)
.port(0)
.agentName("string")
.collectorName("string")
.customIncludeExcludeNetworks(NgfwUserIdCustomIncludeExcludeNetworkArgs.builder()
.discoveryInclude(false)
.enabled(false)
.name("string")
.networkAddress("string")
.build())
.secretKeyArn("string")
.userIdStatus("string")
.build())
.vpcId("string")
.build());
ngfw_resource = cloudngfwaws.Ngfw("ngfwResource",
az_lists=["string"],
global_rulestack="string",
link_id="string",
automatic_upgrade_app_id_version=False,
account_id="string",
change_protections=["string"],
description="string",
egress_nats=[{
"enabled": False,
"settings": [{
"ip_pool_type": "string",
"ipam_pool_id": "string",
}],
}],
endpoint_mode="string",
app_id_version="string",
endpoints=[{
"mode": "string",
"account_id": "string",
"egress_nat_enabled": False,
"endpoint_id": "string",
"prefixes": [{
"private_prefixes": [{
"cidrs": ["string"],
}],
}],
"rejected_reason": "string",
"status": "string",
"subnet_id": "string",
"vpc_id": "string",
"zone_id": "string",
}],
allowlist_accounts=["string"],
multi_vpc=False,
name="string",
private_accesses=[{
"resource_id": "string",
"type": "string",
}],
rulestack="string",
subnet_mappings=[{
"availability_zone": "string",
"availability_zone_id": "string",
"subnet_id": "string",
}],
tags={
"string": "string",
},
user_ids=[{
"enabled": False,
"port": 0,
"agent_name": "string",
"collector_name": "string",
"custom_include_exclude_networks": [{
"discovery_include": False,
"enabled": False,
"name": "string",
"network_address": "string",
}],
"secret_key_arn": "string",
"user_id_status": "string",
}],
vpc_id="string")
const ngfwResource = new cloudngfwaws.Ngfw("ngfwResource", {
azLists: ["string"],
globalRulestack: "string",
linkId: "string",
automaticUpgradeAppIdVersion: false,
accountId: "string",
changeProtections: ["string"],
description: "string",
egressNats: [{
enabled: false,
settings: [{
ipPoolType: "string",
ipamPoolId: "string",
}],
}],
endpointMode: "string",
appIdVersion: "string",
endpoints: [{
mode: "string",
accountId: "string",
egressNatEnabled: false,
endpointId: "string",
prefixes: [{
privatePrefixes: [{
cidrs: ["string"],
}],
}],
rejectedReason: "string",
status: "string",
subnetId: "string",
vpcId: "string",
zoneId: "string",
}],
allowlistAccounts: ["string"],
multiVpc: false,
name: "string",
privateAccesses: [{
resourceId: "string",
type: "string",
}],
rulestack: "string",
subnetMappings: [{
availabilityZone: "string",
availabilityZoneId: "string",
subnetId: "string",
}],
tags: {
string: "string",
},
userIds: [{
enabled: false,
port: 0,
agentName: "string",
collectorName: "string",
customIncludeExcludeNetworks: [{
discoveryInclude: false,
enabled: false,
name: "string",
networkAddress: "string",
}],
secretKeyArn: "string",
userIdStatus: "string",
}],
vpcId: "string",
});
type: cloudngfwaws:Ngfw
properties:
accountId: string
allowlistAccounts:
- string
appIdVersion: string
automaticUpgradeAppIdVersion: false
azLists:
- string
changeProtections:
- string
description: string
egressNats:
- enabled: false
settings:
- ipPoolType: string
ipamPoolId: string
endpointMode: string
endpoints:
- accountId: string
egressNatEnabled: false
endpointId: string
mode: string
prefixes:
- privatePrefixes:
- cidrs:
- string
rejectedReason: string
status: string
subnetId: string
vpcId: string
zoneId: string
globalRulestack: string
linkId: string
multiVpc: false
name: string
privateAccesses:
- resourceId: string
type: string
rulestack: string
subnetMappings:
- availabilityZone: string
availabilityZoneId: string
subnetId: string
tags:
string: string
userIds:
- agentName: string
collectorName: string
customIncludeExcludeNetworks:
- discoveryInclude: false
enabled: false
name: string
networkAddress: string
enabled: false
port: 0
secretKeyArn: string
userIdStatus: string
vpcId: string
Ngfw Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Ngfw resource accepts the following input properties:
- Az
Lists List<string> - The list of availability zones for this NGFW.
- Account
Id string - The description.
- Allowlist
Accounts List<string> - The list of allowed accounts for this NGFW.
- App
Id stringVersion - App-ID version number.
- Automatic
Upgrade boolApp Id Version - Automatic App-ID upgrade version number. Defaults to
true. - Change
Protections List<string> - Enables or disables change protection for the NGFW.
- Description string
- The NGFW description.
- Egress
Nats List<Pulumi.Cloud Ngfw Aws. Inputs. Ngfw Egress Nat> - Endpoint
Mode string - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - Endpoints
List<Pulumi.
Cloud Ngfw Aws. Inputs. Ngfw Endpoint> - Global
Rulestack string - The global rulestack for this NGFW.
- Link
Id string - The link ID.
- Multi
Vpc bool - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- Name string
- The NGFW name.
- Private
Accesses List<Pulumi.Cloud Ngfw Aws. Inputs. Ngfw Private Access> - Rulestack string
- The rulestack for this NGFW.
- Subnet
Mappings List<Pulumi.Cloud Ngfw Aws. Inputs. Ngfw Subnet Mapping> - Subnet mappings.
- Dictionary<string, string>
- The tags.
- User
Ids List<Pulumi.Cloud Ngfw Aws. Inputs. Ngfw User Id> - Vpc
Id string - The VPC ID for the NGFW.
- Az
Lists []string - The list of availability zones for this NGFW.
- Account
Id string - The description.
- Allowlist
Accounts []string - The list of allowed accounts for this NGFW.
- App
Id stringVersion - App-ID version number.
- Automatic
Upgrade boolApp Id Version - Automatic App-ID upgrade version number. Defaults to
true. - Change
Protections []string - Enables or disables change protection for the NGFW.
- Description string
- The NGFW description.
- Egress
Nats []NgfwEgress Nat Args - Endpoint
Mode string - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - Endpoints
[]Ngfw
Endpoint Args - Global
Rulestack string - The global rulestack for this NGFW.
- Link
Id string - The link ID.
- Multi
Vpc bool - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- Name string
- The NGFW name.
- Private
Accesses []NgfwPrivate Access Args - Rulestack string
- The rulestack for this NGFW.
- Subnet
Mappings []NgfwSubnet Mapping Args - Subnet mappings.
- map[string]string
- The tags.
- User
Ids []NgfwUser Id Args - Vpc
Id string - The VPC ID for the NGFW.
- az
Lists List<String> - The list of availability zones for this NGFW.
- account
Id String - The description.
- allowlist
Accounts List<String> - The list of allowed accounts for this NGFW.
- app
Id StringVersion - App-ID version number.
- automatic
Upgrade BooleanApp Id Version - Automatic App-ID upgrade version number. Defaults to
true. - change
Protections List<String> - Enables or disables change protection for the NGFW.
- description String
- The NGFW description.
- egress
Nats List<NgfwEgress Nat> - endpoint
Mode String - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - endpoints
List<Ngfw
Endpoint> - global
Rulestack String - The global rulestack for this NGFW.
- link
Id String - The link ID.
- multi
Vpc Boolean - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- name String
- The NGFW name.
- private
Accesses List<NgfwPrivate Access> - rulestack String
- The rulestack for this NGFW.
- subnet
Mappings List<NgfwSubnet Mapping> - Subnet mappings.
- Map<String,String>
- The tags.
- user
Ids List<NgfwUser Id> - vpc
Id String - The VPC ID for the NGFW.
- az
Lists string[] - The list of availability zones for this NGFW.
- account
Id string - The description.
- allowlist
Accounts string[] - The list of allowed accounts for this NGFW.
- app
Id stringVersion - App-ID version number.
- automatic
Upgrade booleanApp Id Version - Automatic App-ID upgrade version number. Defaults to
true. - change
Protections string[] - Enables or disables change protection for the NGFW.
- description string
- The NGFW description.
- egress
Nats NgfwEgress Nat[] - endpoint
Mode string - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - endpoints
Ngfw
Endpoint[] - global
Rulestack string - The global rulestack for this NGFW.
- link
Id string - The link ID.
- multi
Vpc boolean - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- name string
- The NGFW name.
- private
Accesses NgfwPrivate Access[] - rulestack string
- The rulestack for this NGFW.
- subnet
Mappings NgfwSubnet Mapping[] - Subnet mappings.
- {[key: string]: string}
- The tags.
- user
Ids NgfwUser Id[] - vpc
Id string - The VPC ID for the NGFW.
- az_
lists Sequence[str] - The list of availability zones for this NGFW.
- account_
id str - The description.
- allowlist_
accounts Sequence[str] - The list of allowed accounts for this NGFW.
- app_
id_ strversion - App-ID version number.
- automatic_
upgrade_ boolapp_ id_ version - Automatic App-ID upgrade version number. Defaults to
true. - change_
protections Sequence[str] - Enables or disables change protection for the NGFW.
- description str
- The NGFW description.
- egress_
nats Sequence[NgfwEgress Nat Args] - endpoint_
mode str - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - endpoints
Sequence[Ngfw
Endpoint Args] - global_
rulestack str - The global rulestack for this NGFW.
- link_
id str - The link ID.
- multi_
vpc bool - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- name str
- The NGFW name.
- private_
accesses Sequence[NgfwPrivate Access Args] - rulestack str
- The rulestack for this NGFW.
- subnet_
mappings Sequence[NgfwSubnet Mapping Args] - Subnet mappings.
- Mapping[str, str]
- The tags.
- user_
ids Sequence[NgfwUser Id Args] - vpc_
id str - The VPC ID for the NGFW.
- az
Lists List<String> - The list of availability zones for this NGFW.
- account
Id String - The description.
- allowlist
Accounts List<String> - The list of allowed accounts for this NGFW.
- app
Id StringVersion - App-ID version number.
- automatic
Upgrade BooleanApp Id Version - Automatic App-ID upgrade version number. Defaults to
true. - change
Protections List<String> - Enables or disables change protection for the NGFW.
- description String
- The NGFW description.
- egress
Nats List<Property Map> - endpoint
Mode String - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - endpoints List<Property Map>
- global
Rulestack String - The global rulestack for this NGFW.
- link
Id String - The link ID.
- multi
Vpc Boolean - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- name String
- The NGFW name.
- private
Accesses List<Property Map> - rulestack String
- The rulestack for this NGFW.
- subnet
Mappings List<Property Map> - Subnet mappings.
- Map<String>
- The tags.
- user
Ids List<Property Map> - vpc
Id String - The VPC ID for the NGFW.
Outputs
All input properties are implicitly available as output properties. Additionally, the Ngfw resource produces the following output properties:
- Deployment
Update stringToken - The update token.
- Endpoint
Service stringName - The endpoint service name.
- Firewall
Id string - The Firewall ID.
- Id string
- The provider-assigned unique ID for this managed resource.
- Link
Status string - The link status.
- Statuses
List<Pulumi.
Cloud Ngfw Aws. Outputs. Ngfw Status> - Update
Token string - The update token.
- Deployment
Update stringToken - The update token.
- Endpoint
Service stringName - The endpoint service name.
- Firewall
Id string - The Firewall ID.
- Id string
- The provider-assigned unique ID for this managed resource.
- Link
Status string - The link status.
- Statuses
[]Ngfw
Status - Update
Token string - The update token.
- deployment
Update StringToken - The update token.
- endpoint
Service StringName - The endpoint service name.
- firewall
Id String - The Firewall ID.
- id String
- The provider-assigned unique ID for this managed resource.
- link
Status String - The link status.
- statuses
List<Ngfw
Status> - update
Token String - The update token.
- deployment
Update stringToken - The update token.
- endpoint
Service stringName - The endpoint service name.
- firewall
Id string - The Firewall ID.
- id string
- The provider-assigned unique ID for this managed resource.
- link
Status string - The link status.
- statuses
Ngfw
Status[] - update
Token string - The update token.
- deployment_
update_ strtoken - The update token.
- endpoint_
service_ strname - The endpoint service name.
- firewall_
id str - The Firewall ID.
- id str
- The provider-assigned unique ID for this managed resource.
- link_
status str - The link status.
- statuses
Sequence[Ngfw
Status] - update_
token str - The update token.
- deployment
Update StringToken - The update token.
- endpoint
Service StringName - The endpoint service name.
- firewall
Id String - The Firewall ID.
- id String
- The provider-assigned unique ID for this managed resource.
- link
Status String - The link status.
- statuses List<Property Map>
- update
Token String - The update token.
Look up Existing Ngfw Resource
Get an existing Ngfw resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NgfwState, opts?: CustomResourceOptions): Ngfw@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
allowlist_accounts: Optional[Sequence[str]] = None,
app_id_version: Optional[str] = None,
automatic_upgrade_app_id_version: Optional[bool] = None,
az_lists: Optional[Sequence[str]] = None,
change_protections: Optional[Sequence[str]] = None,
deployment_update_token: Optional[str] = None,
description: Optional[str] = None,
egress_nats: Optional[Sequence[NgfwEgressNatArgs]] = None,
endpoint_mode: Optional[str] = None,
endpoint_service_name: Optional[str] = None,
endpoints: Optional[Sequence[NgfwEndpointArgs]] = None,
firewall_id: Optional[str] = None,
global_rulestack: Optional[str] = None,
link_id: Optional[str] = None,
link_status: Optional[str] = None,
multi_vpc: Optional[bool] = None,
name: Optional[str] = None,
private_accesses: Optional[Sequence[NgfwPrivateAccessArgs]] = None,
rulestack: Optional[str] = None,
statuses: Optional[Sequence[NgfwStatusArgs]] = None,
subnet_mappings: Optional[Sequence[NgfwSubnetMappingArgs]] = None,
tags: Optional[Mapping[str, str]] = None,
update_token: Optional[str] = None,
user_ids: Optional[Sequence[NgfwUserIdArgs]] = None,
vpc_id: Optional[str] = None) -> Ngfwfunc GetNgfw(ctx *Context, name string, id IDInput, state *NgfwState, opts ...ResourceOption) (*Ngfw, error)public static Ngfw Get(string name, Input<string> id, NgfwState? state, CustomResourceOptions? opts = null)public static Ngfw get(String name, Output<String> id, NgfwState state, CustomResourceOptions options)resources: _: type: cloudngfwaws:Ngfw get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - The description.
- Allowlist
Accounts List<string> - The list of allowed accounts for this NGFW.
- App
Id stringVersion - App-ID version number.
- Automatic
Upgrade boolApp Id Version - Automatic App-ID upgrade version number. Defaults to
true. - Az
Lists List<string> - The list of availability zones for this NGFW.
- Change
Protections List<string> - Enables or disables change protection for the NGFW.
- Deployment
Update stringToken - The update token.
- Description string
- The NGFW description.
- Egress
Nats List<Pulumi.Cloud Ngfw Aws. Inputs. Ngfw Egress Nat> - Endpoint
Mode string - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - Endpoint
Service stringName - The endpoint service name.
- Endpoints
List<Pulumi.
Cloud Ngfw Aws. Inputs. Ngfw Endpoint> - Firewall
Id string - The Firewall ID.
- Global
Rulestack string - The global rulestack for this NGFW.
- Link
Id string - The link ID.
- Link
Status string - The link status.
- Multi
Vpc bool - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- Name string
- The NGFW name.
- Private
Accesses List<Pulumi.Cloud Ngfw Aws. Inputs. Ngfw Private Access> - Rulestack string
- The rulestack for this NGFW.
- Statuses
List<Pulumi.
Cloud Ngfw Aws. Inputs. Ngfw Status> - Subnet
Mappings List<Pulumi.Cloud Ngfw Aws. Inputs. Ngfw Subnet Mapping> - Subnet mappings.
- Dictionary<string, string>
- The tags.
- Update
Token string - The update token.
- User
Ids List<Pulumi.Cloud Ngfw Aws. Inputs. Ngfw User Id> - Vpc
Id string - The VPC ID for the NGFW.
- Account
Id string - The description.
- Allowlist
Accounts []string - The list of allowed accounts for this NGFW.
- App
Id stringVersion - App-ID version number.
- Automatic
Upgrade boolApp Id Version - Automatic App-ID upgrade version number. Defaults to
true. - Az
Lists []string - The list of availability zones for this NGFW.
- Change
Protections []string - Enables or disables change protection for the NGFW.
- Deployment
Update stringToken - The update token.
- Description string
- The NGFW description.
- Egress
Nats []NgfwEgress Nat Args - Endpoint
Mode string - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - Endpoint
Service stringName - The endpoint service name.
- Endpoints
[]Ngfw
Endpoint Args - Firewall
Id string - The Firewall ID.
- Global
Rulestack string - The global rulestack for this NGFW.
- Link
Id string - The link ID.
- Link
Status string - The link status.
- Multi
Vpc bool - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- Name string
- The NGFW name.
- Private
Accesses []NgfwPrivate Access Args - Rulestack string
- The rulestack for this NGFW.
- Statuses
[]Ngfw
Status Args - Subnet
Mappings []NgfwSubnet Mapping Args - Subnet mappings.
- map[string]string
- The tags.
- Update
Token string - The update token.
- User
Ids []NgfwUser Id Args - Vpc
Id string - The VPC ID for the NGFW.
- account
Id String - The description.
- allowlist
Accounts List<String> - The list of allowed accounts for this NGFW.
- app
Id StringVersion - App-ID version number.
- automatic
Upgrade BooleanApp Id Version - Automatic App-ID upgrade version number. Defaults to
true. - az
Lists List<String> - The list of availability zones for this NGFW.
- change
Protections List<String> - Enables or disables change protection for the NGFW.
- deployment
Update StringToken - The update token.
- description String
- The NGFW description.
- egress
Nats List<NgfwEgress Nat> - endpoint
Mode String - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - endpoint
Service StringName - The endpoint service name.
- endpoints
List<Ngfw
Endpoint> - firewall
Id String - The Firewall ID.
- global
Rulestack String - The global rulestack for this NGFW.
- link
Id String - The link ID.
- link
Status String - The link status.
- multi
Vpc Boolean - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- name String
- The NGFW name.
- private
Accesses List<NgfwPrivate Access> - rulestack String
- The rulestack for this NGFW.
- statuses
List<Ngfw
Status> - subnet
Mappings List<NgfwSubnet Mapping> - Subnet mappings.
- Map<String,String>
- The tags.
- update
Token String - The update token.
- user
Ids List<NgfwUser Id> - vpc
Id String - The VPC ID for the NGFW.
- account
Id string - The description.
- allowlist
Accounts string[] - The list of allowed accounts for this NGFW.
- app
Id stringVersion - App-ID version number.
- automatic
Upgrade booleanApp Id Version - Automatic App-ID upgrade version number. Defaults to
true. - az
Lists string[] - The list of availability zones for this NGFW.
- change
Protections string[] - Enables or disables change protection for the NGFW.
- deployment
Update stringToken - The update token.
- description string
- The NGFW description.
- egress
Nats NgfwEgress Nat[] - endpoint
Mode string - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - endpoint
Service stringName - The endpoint service name.
- endpoints
Ngfw
Endpoint[] - firewall
Id string - The Firewall ID.
- global
Rulestack string - The global rulestack for this NGFW.
- link
Id string - The link ID.
- link
Status string - The link status.
- multi
Vpc boolean - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- name string
- The NGFW name.
- private
Accesses NgfwPrivate Access[] - rulestack string
- The rulestack for this NGFW.
- statuses
Ngfw
Status[] - subnet
Mappings NgfwSubnet Mapping[] - Subnet mappings.
- {[key: string]: string}
- The tags.
- update
Token string - The update token.
- user
Ids NgfwUser Id[] - vpc
Id string - The VPC ID for the NGFW.
- account_
id str - The description.
- allowlist_
accounts Sequence[str] - The list of allowed accounts for this NGFW.
- app_
id_ strversion - App-ID version number.
- automatic_
upgrade_ boolapp_ id_ version - Automatic App-ID upgrade version number. Defaults to
true. - az_
lists Sequence[str] - The list of availability zones for this NGFW.
- change_
protections Sequence[str] - Enables or disables change protection for the NGFW.
- deployment_
update_ strtoken - The update token.
- description str
- The NGFW description.
- egress_
nats Sequence[NgfwEgress Nat Args] - endpoint_
mode str - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - endpoint_
service_ strname - The endpoint service name.
- endpoints
Sequence[Ngfw
Endpoint Args] - firewall_
id str - The Firewall ID.
- global_
rulestack str - The global rulestack for this NGFW.
- link_
id str - The link ID.
- link_
status str - The link status.
- multi_
vpc bool - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- name str
- The NGFW name.
- private_
accesses Sequence[NgfwPrivate Access Args] - rulestack str
- The rulestack for this NGFW.
- statuses
Sequence[Ngfw
Status Args] - subnet_
mappings Sequence[NgfwSubnet Mapping Args] - Subnet mappings.
- Mapping[str, str]
- The tags.
- update_
token str - The update token.
- user_
ids Sequence[NgfwUser Id Args] - vpc_
id str - The VPC ID for the NGFW.
- account
Id String - The description.
- allowlist
Accounts List<String> - The list of allowed accounts for this NGFW.
- app
Id StringVersion - App-ID version number.
- automatic
Upgrade BooleanApp Id Version - Automatic App-ID upgrade version number. Defaults to
true. - az
Lists List<String> - The list of availability zones for this NGFW.
- change
Protections List<String> - Enables or disables change protection for the NGFW.
- deployment
Update StringToken - The update token.
- description String
- The NGFW description.
- egress
Nats List<Property Map> - endpoint
Mode String - Set endpoint mode from the following options. Valid values are
ServiceManagedorCustomerManaged. - endpoint
Service StringName - The endpoint service name.
- endpoints List<Property Map>
- firewall
Id String - The Firewall ID.
- global
Rulestack String - The global rulestack for this NGFW.
- link
Id String - The link ID.
- link
Status String - The link status.
- multi
Vpc Boolean - Share NGFW with Multiple VPCs. This feature can be enabled only if the endpoint_mode is CustomerManaged.
- name String
- The NGFW name.
- private
Accesses List<Property Map> - rulestack String
- The rulestack for this NGFW.
- statuses List<Property Map>
- subnet
Mappings List<Property Map> - Subnet mappings.
- Map<String>
- The tags.
- update
Token String - The update token.
- user
Ids List<Property Map> - vpc
Id String - The VPC ID for the NGFW.
Supporting Types
NgfwEgressNat, NgfwEgressNatArgs
- Enabled bool
- Enable egress NAT
- Settings
List<Pulumi.
Cloud Ngfw Aws. Inputs. Ngfw Egress Nat Setting>
- Enabled bool
- Enable egress NAT
- Settings
[]Ngfw
Egress Nat Setting
- enabled Boolean
- Enable egress NAT
- settings
List<Ngfw
Egress Nat Setting>
- enabled boolean
- Enable egress NAT
- settings
Ngfw
Egress Nat Setting[]
- enabled bool
- Enable egress NAT
- settings
Sequence[Ngfw
Egress Nat Setting]
- enabled Boolean
- Enable egress NAT
- settings List<Property Map>
NgfwEgressNatSetting, NgfwEgressNatSettingArgs
- Ip
Pool stringType - Set ip pool type from the following options. Valid values are
AWSServiceorBYOIP. - Ipam
Pool stringId - The IP pool ID
- Ip
Pool stringType - Set ip pool type from the following options. Valid values are
AWSServiceorBYOIP. - Ipam
Pool stringId - The IP pool ID
- ip
Pool StringType - Set ip pool type from the following options. Valid values are
AWSServiceorBYOIP. - ipam
Pool StringId - The IP pool ID
- ip
Pool stringType - Set ip pool type from the following options. Valid values are
AWSServiceorBYOIP. - ipam
Pool stringId - The IP pool ID
- ip_
pool_ strtype - Set ip pool type from the following options. Valid values are
AWSServiceorBYOIP. - ipam_
pool_ strid - The IP pool ID
- ip
Pool StringType - Set ip pool type from the following options. Valid values are
AWSServiceorBYOIP. - ipam
Pool StringId - The IP pool ID
NgfwEndpoint, NgfwEndpointArgs
- Mode string
- The endpoint mode. Valid values are
ServiceManagedorCustomerManaged. - Account
Id string - The account id.
- Egress
Nat boolEnabled - Enable egress NAT
- Endpoint
Id string - Endpoint ID of the security zone
- Prefixes
List<Pulumi.
Cloud Ngfw Aws. Inputs. Ngfw Endpoint Prefix> - Rejected
Reason string - The rejected reason.
- Status string
- The attachment status.
- Subnet
Id string - The subnet id.
- Vpc
Id string - The vpc id.
- Zone
Id string - The AZ id.
- Mode string
- The endpoint mode. Valid values are
ServiceManagedorCustomerManaged. - Account
Id string - The account id.
- Egress
Nat boolEnabled - Enable egress NAT
- Endpoint
Id string - Endpoint ID of the security zone
- Prefixes
[]Ngfw
Endpoint Prefix - Rejected
Reason string - The rejected reason.
- Status string
- The attachment status.
- Subnet
Id string - The subnet id.
- Vpc
Id string - The vpc id.
- Zone
Id string - The AZ id.
- mode String
- The endpoint mode. Valid values are
ServiceManagedorCustomerManaged. - account
Id String - The account id.
- egress
Nat BooleanEnabled - Enable egress NAT
- endpoint
Id String - Endpoint ID of the security zone
- prefixes
List<Ngfw
Endpoint Prefix> - rejected
Reason String - The rejected reason.
- status String
- The attachment status.
- subnet
Id String - The subnet id.
- vpc
Id String - The vpc id.
- zone
Id String - The AZ id.
- mode string
- The endpoint mode. Valid values are
ServiceManagedorCustomerManaged. - account
Id string - The account id.
- egress
Nat booleanEnabled - Enable egress NAT
- endpoint
Id string - Endpoint ID of the security zone
- prefixes
Ngfw
Endpoint Prefix[] - rejected
Reason string - The rejected reason.
- status string
- The attachment status.
- subnet
Id string - The subnet id.
- vpc
Id string - The vpc id.
- zone
Id string - The AZ id.
- mode str
- The endpoint mode. Valid values are
ServiceManagedorCustomerManaged. - account_
id str - The account id.
- egress_
nat_ boolenabled - Enable egress NAT
- endpoint_
id str - Endpoint ID of the security zone
- prefixes
Sequence[Ngfw
Endpoint Prefix] - rejected_
reason str - The rejected reason.
- status str
- The attachment status.
- subnet_
id str - The subnet id.
- vpc_
id str - The vpc id.
- zone_
id str - The AZ id.
- mode String
- The endpoint mode. Valid values are
ServiceManagedorCustomerManaged. - account
Id String - The account id.
- egress
Nat BooleanEnabled - Enable egress NAT
- endpoint
Id String - Endpoint ID of the security zone
- prefixes List<Property Map>
- rejected
Reason String - The rejected reason.
- status String
- The attachment status.
- subnet
Id String - The subnet id.
- vpc
Id String - The vpc id.
- zone
Id String - The AZ id.
NgfwEndpointPrefix, NgfwEndpointPrefixArgs
NgfwEndpointPrefixPrivatePrefix, NgfwEndpointPrefixPrivatePrefixArgs
- Cidrs List<string>
- Cidrs []string
- cidrs List<String>
- cidrs string[]
- cidrs Sequence[str]
- cidrs List<String>
NgfwPrivateAccess, NgfwPrivateAccessArgs
- Resource
Id string - AWS ResourceID
- Type string
- Type of Private Access
- Resource
Id string - AWS ResourceID
- Type string
- Type of Private Access
- resource
Id String - AWS ResourceID
- type String
- Type of Private Access
- resource
Id string - AWS ResourceID
- type string
- Type of Private Access
- resource_
id str - AWS ResourceID
- type str
- Type of Private Access
- resource
Id String - AWS ResourceID
- type String
- Type of Private Access
NgfwStatus, NgfwStatusArgs
- Device
Rulestack stringCommit Status - The device rulestack commit status.
- Failure
Reason string - The firewall failure reason.
- Firewall
Status string - The firewall status.
- Rulestack
Status string - The rulestack status.
- Device
Rulestack stringCommit Status - The device rulestack commit status.
- Failure
Reason string - The firewall failure reason.
- Firewall
Status string - The firewall status.
- Rulestack
Status string - The rulestack status.
- device
Rulestack StringCommit Status - The device rulestack commit status.
- failure
Reason String - The firewall failure reason.
- firewall
Status String - The firewall status.
- rulestack
Status String - The rulestack status.
- device
Rulestack stringCommit Status - The device rulestack commit status.
- failure
Reason string - The firewall failure reason.
- firewall
Status string - The firewall status.
- rulestack
Status string - The rulestack status.
- device_
rulestack_ strcommit_ status - The device rulestack commit status.
- failure_
reason str - The firewall failure reason.
- firewall_
status str - The firewall status.
- rulestack_
status str - The rulestack status.
- device
Rulestack StringCommit Status - The device rulestack commit status.
- failure
Reason String - The firewall failure reason.
- firewall
Status String - The firewall status.
- rulestack
Status String - The rulestack status.
NgfwSubnetMapping, NgfwSubnetMappingArgs
- Availability
Zone string - The availability zone, for when the endpoint mode is customer managed.
- Availability
Zone stringId - The availability zone ID, for when the endpoint mode is customer managed.
- Subnet
Id string - The subnet id, for when the endpoint mode is service managed.
- Availability
Zone string - The availability zone, for when the endpoint mode is customer managed.
- Availability
Zone stringId - The availability zone ID, for when the endpoint mode is customer managed.
- Subnet
Id string - The subnet id, for when the endpoint mode is service managed.
- availability
Zone String - The availability zone, for when the endpoint mode is customer managed.
- availability
Zone StringId - The availability zone ID, for when the endpoint mode is customer managed.
- subnet
Id String - The subnet id, for when the endpoint mode is service managed.
- availability
Zone string - The availability zone, for when the endpoint mode is customer managed.
- availability
Zone stringId - The availability zone ID, for when the endpoint mode is customer managed.
- subnet
Id string - The subnet id, for when the endpoint mode is service managed.
- availability_
zone str - The availability zone, for when the endpoint mode is customer managed.
- availability_
zone_ strid - The availability zone ID, for when the endpoint mode is customer managed.
- subnet_
id str - The subnet id, for when the endpoint mode is service managed.
- availability
Zone String - The availability zone, for when the endpoint mode is customer managed.
- availability
Zone StringId - The availability zone ID, for when the endpoint mode is customer managed.
- subnet
Id String - The subnet id, for when the endpoint mode is service managed.
NgfwUserId, NgfwUserIdArgs
- Enabled bool
- Enable UserID Config
- Port int
- The Port
- Agent
Name string - Agent Name for UserID
- Collector
Name string - The Collector Name
- Custom
Include List<Pulumi.Exclude Networks Cloud Ngfw Aws. Inputs. Ngfw User Id Custom Include Exclude Network> - List of Custom Include Exclude Networks
- Secret
Key stringArn - AWS Secret Key ARN
- User
Id stringStatus - Status and State of UserID Configuration
- Enabled bool
- Enable UserID Config
- Port int
- The Port
- Agent
Name string - Agent Name for UserID
- Collector
Name string - The Collector Name
- Custom
Include []NgfwExclude Networks User Id Custom Include Exclude Network - List of Custom Include Exclude Networks
- Secret
Key stringArn - AWS Secret Key ARN
- User
Id stringStatus - Status and State of UserID Configuration
- enabled Boolean
- Enable UserID Config
- port Integer
- The Port
- agent
Name String - Agent Name for UserID
- collector
Name String - The Collector Name
- custom
Include List<NgfwExclude Networks User Id Custom Include Exclude Network> - List of Custom Include Exclude Networks
- secret
Key StringArn - AWS Secret Key ARN
- user
Id StringStatus - Status and State of UserID Configuration
- enabled boolean
- Enable UserID Config
- port number
- The Port
- agent
Name string - Agent Name for UserID
- collector
Name string - The Collector Name
- custom
Include NgfwExclude Networks User Id Custom Include Exclude Network[] - List of Custom Include Exclude Networks
- secret
Key stringArn - AWS Secret Key ARN
- user
Id stringStatus - Status and State of UserID Configuration
- enabled bool
- Enable UserID Config
- port int
- The Port
- agent_
name str - Agent Name for UserID
- collector_
name str - The Collector Name
- custom_
include_ Sequence[Ngfwexclude_ networks User Id Custom Include Exclude Network] - List of Custom Include Exclude Networks
- secret_
key_ strarn - AWS Secret Key ARN
- user_
id_ strstatus - Status and State of UserID Configuration
- enabled Boolean
- Enable UserID Config
- port Number
- The Port
- agent
Name String - Agent Name for UserID
- collector
Name String - The Collector Name
- custom
Include List<Property Map>Exclude Networks - List of Custom Include Exclude Networks
- secret
Key StringArn - AWS Secret Key ARN
- user
Id StringStatus - Status and State of UserID Configuration
NgfwUserIdCustomIncludeExcludeNetwork, NgfwUserIdCustomIncludeExcludeNetworkArgs
- Discovery
Include bool - Include or exclude this subnet from user-id configuration
- Enabled bool
- Enable this specific custom include/exclude network
- Name string
- Name of subnet filter
- Network
Address string - Network IP address of the subnet filter
- Discovery
Include bool - Include or exclude this subnet from user-id configuration
- Enabled bool
- Enable this specific custom include/exclude network
- Name string
- Name of subnet filter
- Network
Address string - Network IP address of the subnet filter
- discovery
Include Boolean - Include or exclude this subnet from user-id configuration
- enabled Boolean
- Enable this specific custom include/exclude network
- name String
- Name of subnet filter
- network
Address String - Network IP address of the subnet filter
- discovery
Include boolean - Include or exclude this subnet from user-id configuration
- enabled boolean
- Enable this specific custom include/exclude network
- name string
- Name of subnet filter
- network
Address string - Network IP address of the subnet filter
- discovery_
include bool - Include or exclude this subnet from user-id configuration
- enabled bool
- Enable this specific custom include/exclude network
- name str
- Name of subnet filter
- network_
address str - Network IP address of the subnet filter
- discovery
Include Boolean - Include or exclude this subnet from user-id configuration
- enabled Boolean
- Enable this specific custom include/exclude network
- name String
- Name of subnet filter
- network
Address String - Network IP address of the subnet filter
Import
import name is <account_id>:
$ pulumi import cloudngfwaws:index/ngfw:Ngfw example 12345678:example-instance
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- cloudngfwaws pulumi/pulumi-cloudngfwaws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudngfwawsTerraform Provider.
Palo Alto Networks Cloud NGFW for AWS v1.0.0 published on Wednesday, Oct 8, 2025 by Pulumi
