azurermNetworkManagerAdminRule
Manages a Network Manager Admin Rule.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const dataAzurermSubscriptionCurrent =
new azurerm.dataAzurermSubscription.DataAzurermSubscription(
this,
"current",
{}
);
const azurermNetworkManagerExample = new azurerm.networkManager.NetworkManager(
this,
"example_2",
{
description: "example network manager",
location: azurermResourceGroupExample.location,
name: "example-network-manager",
resource_group_name: azurermResourceGroupExample.name,
scope: [
{
subscription_ids: [dataAzurermSubscriptionCurrent.id],
},
],
scope_accesses: ["Connectivity", "SecurityAdmin"],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkManagerExample.overrideLogicalId("example");
const azurermNetworkManagerNetworkGroupExample =
new azurerm.networkManagerNetworkGroup.NetworkManagerNetworkGroup(
this,
"example_3",
{
name: "example-network-group",
network_manager_id: azurermNetworkManagerExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkManagerNetworkGroupExample.overrideLogicalId("example");
const azurermNetworkManagerSecurityAdminConfigurationExample =
new azurerm.networkManagerSecurityAdminConfiguration.NetworkManagerSecurityAdminConfiguration(
this,
"example_4",
{
name: "example-admin-conf",
network_manager_id: azurermNetworkManagerExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkManagerSecurityAdminConfigurationExample.overrideLogicalId(
"example"
);
const azurermNetworkManagerAdminRuleCollectionExample =
new azurerm.networkManagerAdminRuleCollection.NetworkManagerAdminRuleCollection(
this,
"example_5",
{
name: "example-admin-rule-collection",
network_group_ids: [azurermNetworkManagerNetworkGroupExample.id],
security_admin_configuration_id:
azurermNetworkManagerSecurityAdminConfigurationExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkManagerAdminRuleCollectionExample.overrideLogicalId("example");
const azurermNetworkManagerAdminRuleExample =
new azurerm.networkManagerAdminRule.NetworkManagerAdminRule(
this,
"example_6",
{
action: "Deny",
admin_rule_collection_id:
azurermNetworkManagerAdminRuleCollectionExample.id,
description: "example admin rule",
destination: [
{
address_prefix: "10.1.0.1",
address_prefix_type: "IPPrefix",
},
{
address_prefix: "10.0.0.0/24",
address_prefix_type: "IPPrefix",
},
],
destination_port_ranges: ["80"],
direction: "Outbound",
name: "example-admin-rule",
priority: 1,
protocol: "Tcp",
source: [
{
address_prefix: "Internet",
address_prefix_type: "ServiceTag",
},
],
source_port_ranges: ["80", "1024-65535"],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkManagerAdminRuleExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
name
- (Required) Specifies the name which should be used for this Network Manager Admin Rule. Changing this forces a new Network Manager Admin Rule to be created. -
adminRuleCollectionId
- (Required) Specifies the ID of the Network Manager Admin Rule Collection. Changing this forces a new Network Manager Admin Rule to be created. -
action
- (Required) Specifies the action allowed for this Network Manager Admin Rule. Possible values areallow
,alwaysAllow
, anddeny
. -
direction
- (Required) Indicates if the traffic matched against the rule in inbound or outbound. Possible values areinbound
andoutbound
. -
priority
- (Required) The priority of the rule. Possible values are integers between1
and4096
. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. -
protocol
- (Required) Specifies which network protocol this Network Manager Admin Rule applies to. Possible values areah
,any
,esp
,icmp
,tcp
, andudp
. -
description
- (Optional) A description of the Network Manager Admin Rule. -
destinationPortRanges
- (Optional) A list of string specifies the destination port ranges. Specify one or more single port number or port ranges such as102465535
. Use*
to specify any port. -
destination
- (Optional) One or moredestination
blocks as defined below. -
sourcePortRanges
- (Optional) A list of string specifies the source port ranges. Specify one or more single port number or port ranges such as102465535
. Use*
to specify any port. -
source
- (Optional) One or moresource
blocks as defined below.
A destination
block supports the following:
-
addressPrefix
(Required) Specifies the address prefix. -
addressPrefixType
(Required) Specifies the address prefix type. Possible values areipPrefix
andserviceTag
. For more information, please see this document.
A source
block supports the following:
-
addressPrefix
(Required) Specifies the address prefix. -
addressPrefixType
(Required) Specifies the address prefix type. Possible values areipPrefix
andserviceTag
. For more information, please see this document.
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Network Manager Admin Rule.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Network Manager Admin Rule.read
- (Defaults to 5 minutes) Used when retrieving the Network Manager Admin Rule.update
- (Defaults to 30 minutes) Used when updating the Network Manager Admin Rule.delete
- (Defaults to 30 minutes) Used when deleting the Network Manager Admin Rule.
Import
Network Manager Admin Rule can be imported using the resourceId
, e.g.