azurermIotSecurityDeviceGroup
Manages a Iot Security Device Group.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermIothubExample = new azurerm.iothub.Iothub(this, "example_1", {
location: azurermResourceGroupExample.location,
name: "example-IoTHub",
resource_group_name: azurermResourceGroupExample.name,
sku: [
{
capacity: "1",
name: "S1",
},
],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermIothubExample.overrideLogicalId("example");
const azurermIotSecuritySolutionExample =
new azurerm.iotSecuritySolution.IotSecuritySolution(this, "example_2", {
display_name: "Iot Security Solution",
iothub_ids: [azurermIothubExample.id],
location: azurermResourceGroupExample.location,
name: "example-Iot-Security-Solution",
resource_group_name: azurermResourceGroupExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermIotSecuritySolutionExample.overrideLogicalId("example");
const azurermIotSecurityDeviceGroupExample =
new azurerm.iotSecurityDeviceGroup.IotSecurityDeviceGroup(this, "example_3", {
allow_rule: [
{
connection_to_ips_not_allowed: ["10.0.0.0/24"],
},
],
depends_on: [`\${${azurermIotSecuritySolutionExample.fqn}}`],
iothub_id: azurermIothubExample.id,
name: "example-device-security-group",
range_rule: [
{
duration: "PT5M",
max: 30,
min: 0,
type: "ActiveConnectionsNotInAllowedRange",
},
],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermIotSecurityDeviceGroupExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
name
- (Required) Specifies the name of the Device Security Group. Changing this forces a new resource to be created. -
iothubId
- (Required) The ID of the IoT Hub which to link the Security Device Group to. Changing this forces a new resource to be created. -
allowRule
- (Optional) anallowRule
blocks as defined below. -
rangeRule
- (Optional) One or morerangeRule
blocks as defined below.
An allowRule
block supports the following:
-
connectionFromIpsNotAllowed
- (Optional) Specifies which IP is not allowed to be connected to in current device group for inbound connection. -
connectionToIpsNotAllowed
- (Optional) Specifies which IP is not allowed to be connected to in current device group for outbound connection. -
localUsersNotAllowed
- (Optional) Specifies which local user is not allowed to login in current device group. -
processesNotAllowed
- (Optional) Specifies which process is not allowed to be executed in current device group.
An rangeRule
block supports the following:
-
duration
- (Required) Specifies the time range. represented in ISO 8601 duration format. -
max
- (Required) The maximum threshold in the given time window. -
min
- (Required) The minimum threshold in the given time window. -
type
- (Required) The type of supported rule type. Possible Values areactiveConnectionsNotInAllowedRange
,amqpC2DMessagesNotInAllowedRange
,mqttC2DMessagesNotInAllowedRange
,httpC2DMessagesNotInAllowedRange
,amqpC2DRejectedMessagesNotInAllowedRange
,mqttC2DRejectedMessagesNotInAllowedRange
,httpC2DRejectedMessagesNotInAllowedRange
,amqpD2CMessagesNotInAllowedRange
,mqttD2CMessagesNotInAllowedRange
,httpD2CMessagesNotInAllowedRange
,directMethodInvokesNotInAllowedRange
,failedLocalLoginsNotInAllowedRange
,fileUploadsNotInAllowedRange
,queuePurgesNotInAllowedRange
,twinUpdatesNotInAllowedRange
andunauthorizedOperationsNotInAllowedRange
.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The ID of the Iot Security Device Group resource.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Iot Security Device Group.update
- (Defaults to 30 minutes) Used when updating the Iot Security Device Group.read
- (Defaults to 5 minutes) Used when retrieving the Iot Security Device Group.delete
- (Defaults to 30 minutes) Used when deleting the Iot Security Device Group.
Import
Iot Security Device Group can be imported using the resourceId
, e.g.