Skip to content

azurermNetworkManagerAdminRule

Manages a Network Manager Admin Rule.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const dataAzurermSubscriptionCurrent =
  new azurerm.dataAzurermSubscription.DataAzurermSubscription(
    this,
    "current",
    {}
  );
const azurermNetworkManagerExample = new azurerm.networkManager.NetworkManager(
  this,
  "example_2",
  {
    description: "example network manager",
    location: azurermResourceGroupExample.location,
    name: "example-network-manager",
    resource_group_name: azurermResourceGroupExample.name,
    scope: [
      {
        subscription_ids: [dataAzurermSubscriptionCurrent.id],
      },
    ],
    scope_accesses: ["Connectivity", "SecurityAdmin"],
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkManagerExample.overrideLogicalId("example");
const azurermNetworkManagerNetworkGroupExample =
  new azurerm.networkManagerNetworkGroup.NetworkManagerNetworkGroup(
    this,
    "example_3",
    {
      name: "example-network-group",
      network_manager_id: azurermNetworkManagerExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkManagerNetworkGroupExample.overrideLogicalId("example");
const azurermNetworkManagerSecurityAdminConfigurationExample =
  new azurerm.networkManagerSecurityAdminConfiguration.NetworkManagerSecurityAdminConfiguration(
    this,
    "example_4",
    {
      name: "example-admin-conf",
      network_manager_id: azurermNetworkManagerExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkManagerSecurityAdminConfigurationExample.overrideLogicalId(
  "example"
);
const azurermNetworkManagerAdminRuleCollectionExample =
  new azurerm.networkManagerAdminRuleCollection.NetworkManagerAdminRuleCollection(
    this,
    "example_5",
    {
      name: "example-admin-rule-collection",
      network_group_ids: [azurermNetworkManagerNetworkGroupExample.id],
      security_admin_configuration_id:
        azurermNetworkManagerSecurityAdminConfigurationExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkManagerAdminRuleCollectionExample.overrideLogicalId("example");
const azurermNetworkManagerAdminRuleExample =
  new azurerm.networkManagerAdminRule.NetworkManagerAdminRule(
    this,
    "example_6",
    {
      action: "Deny",
      admin_rule_collection_id:
        azurermNetworkManagerAdminRuleCollectionExample.id,
      description: "example admin rule",
      destination: [
        {
          address_prefix: "10.1.0.1",
          address_prefix_type: "IPPrefix",
        },
        {
          address_prefix: "10.0.0.0/24",
          address_prefix_type: "IPPrefix",
        },
      ],
      destination_port_ranges: ["80"],
      direction: "Outbound",
      name: "example-admin-rule",
      priority: 1,
      protocol: "Tcp",
      source: [
        {
          address_prefix: "Internet",
          address_prefix_type: "ServiceTag",
        },
      ],
      source_port_ranges: ["80", "1024-65535"],
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermNetworkManagerAdminRuleExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • name - (Required) Specifies the name which should be used for this Network Manager Admin Rule. Changing this forces a new Network Manager Admin Rule to be created.

  • adminRuleCollectionId - (Required) Specifies the ID of the Network Manager Admin Rule Collection. Changing this forces a new Network Manager Admin Rule to be created.

  • action - (Required) Specifies the action allowed for this Network Manager Admin Rule. Possible values are allow, alwaysAllow, and deny.

  • direction - (Required) Indicates if the traffic matched against the rule in inbound or outbound. Possible values are inbound and outbound.

  • priority - (Required) The priority of the rule. Possible values are integers between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.

  • protocol - (Required) Specifies which network protocol this Network Manager Admin Rule applies to. Possible values are ah, any, esp, icmp, tcp, and udp.

  • description - (Optional) A description of the Network Manager Admin Rule.

  • destinationPortRanges - (Optional) A list of string specifies the destination port ranges. Specify one or more single port number or port ranges such as 102465535. Use * to specify any port.

  • destination - (Optional) One or more destination blocks as defined below.

  • sourcePortRanges - (Optional) A list of string specifies the source port ranges. Specify one or more single port number or port ranges such as 102465535. Use * to specify any port.

  • source - (Optional) One or more source blocks as defined below.

A destination block supports the following:

  • addressPrefix (Required) Specifies the address prefix.

  • addressPrefixType (Required) Specifies the address prefix type. Possible values are ipPrefix and serviceTag. For more information, please see this document.

A source block supports the following:

  • addressPrefix (Required) Specifies the address prefix.

  • addressPrefixType (Required) Specifies the address prefix type. Possible values are ipPrefix and serviceTag. For more information, please see this document.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Network Manager Admin Rule.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Network Manager Admin Rule.
  • read - (Defaults to 5 minutes) Used when retrieving the Network Manager Admin Rule.
  • update - (Defaults to 30 minutes) Used when updating the Network Manager Admin Rule.
  • delete - (Defaults to 30 minutes) Used when deleting the Network Manager Admin Rule.

Import

Network Manager Admin Rule can be imported using the resourceId, e.g.

terraform import azurerm_network_manager_admin_rule.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/networkManagers/networkManager1/securityAdminConfigurations/configuration1/ruleCollections/ruleCollection1/rules/rule1