import * as pulumi from "@pulumi/pulumi"; /** * Manages a Network Security Rule. * * > **NOTE on Network Security Groups and Network Security Rules:** This provider currently * provides both a standalone Network Security Rule resource, and allows for Network Security Rules to be defined in-line within the Network Security Group resource. * At this time you cannot use a Network Security Group with in-line Network Security Rules in conjunction with any Network Security Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("example", { * name: "acceptanceTestSecurityGroup1", * location: example.location, * resourceGroupName: example.name, * }); * const exampleNetworkSecurityRule = new azure.network.NetworkSecurityRule("example", { * name: "test123", * priority: 100, * direction: "Outbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "*", * sourceAddressPrefix: "*", * destinationAddressPrefix: "*", * resourceGroupName: example.name, * networkSecurityGroupName: exampleNetworkSecurityGroup.name, * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.Network` - 2025-01-01 * * ## Import * * Network Security Rules can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:network/networkSecurityRule:NetworkSecurityRule rule1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/networkSecurityGroups/mySecurityGroup/securityRules/rule1 * ``` */ export declare class NetworkSecurityRule extends pulumi.CustomResource { /** * Get an existing NetworkSecurityRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: NetworkSecurityRuleState, opts?: pulumi.CustomResourceOptions): NetworkSecurityRule; /** * Returns true if the given object is an instance of NetworkSecurityRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is NetworkSecurityRule; /** * Specifies whether network traffic is allowed or denied. Possible values are `Allow` and `Deny`. */ readonly access: pulumi.Output; /** * A description for this rule. Restricted to 140 characters. */ readonly description: pulumi.Output; /** * CIDR or destination IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. Besides, it also supports all available Service Tags like ‘Sql.WestEurope‘, ‘Storage.EastUS‘, etc. You can list the available service tags with the CLI: ```shell az network list-service-tags --location westcentralus```. For further information please see [Azure CLI - az network list-service-tags](https://docs.microsoft.com/cli/azure/network?view=azure-cli-latest#az-network-list-service-tags). */ readonly destinationAddressPrefix: pulumi.Output; /** * List of destination address prefixes. Tags may not be used. */ readonly destinationAddressPrefixes: pulumi.Output; /** * A List of destination Application Security Group IDs * * > **Note:** One of `destinationAddressPrefix`, `destinationAddressPrefixes` or `destinationApplicationSecurityGroupIds` must be specified. */ readonly destinationApplicationSecurityGroupIds: pulumi.Output; /** * Destination Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `destinationPortRanges` is not specified. */ readonly destinationPortRange: pulumi.Output; /** * List of destination ports or port ranges. This is required if `destinationPortRange` is not specified. */ readonly destinationPortRanges: pulumi.Output; /** * The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are `Inbound` and `Outbound`. */ readonly direction: pulumi.Output; /** * The name of the security rule. This needs to be unique across all Rules in the Network Security Group. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * The name of the Network Security Group that we want to attach the rule to. Changing this forces a new resource to be created. */ readonly networkSecurityGroupName: pulumi.Output; /** * Specifies the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. */ readonly priority: pulumi.Output; /** * Network protocol this rule applies to. Possible values include `Tcp`, `Udp`, `Icmp`, `Esp`, `Ah` or `*` (which matches all). */ readonly protocol: pulumi.Output; /** * The name of the resource group in which to create the Network Security Rule. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * CIDR or source IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. */ readonly sourceAddressPrefix: pulumi.Output; /** * List of source address prefixes. Tags may not be used. */ readonly sourceAddressPrefixes: pulumi.Output; /** * A List of source Application Security Group IDs * * > **Note:** One of `sourceAddressPrefix`, `sourceAddressPrefixes` or `sourceApplicationSecurityGroupIds` must be specified. */ readonly sourceApplicationSecurityGroupIds: pulumi.Output; /** * Source Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `sourcePortRanges` is not specified. */ readonly sourcePortRange: pulumi.Output; /** * List of source ports or port ranges. This is required if `sourcePortRange` is not specified. */ readonly sourcePortRanges: pulumi.Output; /** * Create a NetworkSecurityRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: NetworkSecurityRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering NetworkSecurityRule resources. */ export interface NetworkSecurityRuleState { /** * Specifies whether network traffic is allowed or denied. Possible values are `Allow` and `Deny`. */ access?: pulumi.Input; /** * A description for this rule. Restricted to 140 characters. */ description?: pulumi.Input; /** * CIDR or destination IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. Besides, it also supports all available Service Tags like ‘Sql.WestEurope‘, ‘Storage.EastUS‘, etc. You can list the available service tags with the CLI: ```shell az network list-service-tags --location westcentralus```. For further information please see [Azure CLI - az network list-service-tags](https://docs.microsoft.com/cli/azure/network?view=azure-cli-latest#az-network-list-service-tags). */ destinationAddressPrefix?: pulumi.Input; /** * List of destination address prefixes. Tags may not be used. */ destinationAddressPrefixes?: pulumi.Input[]>; /** * A List of destination Application Security Group IDs * * > **Note:** One of `destinationAddressPrefix`, `destinationAddressPrefixes` or `destinationApplicationSecurityGroupIds` must be specified. */ destinationApplicationSecurityGroupIds?: pulumi.Input; /** * Destination Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `destinationPortRanges` is not specified. */ destinationPortRange?: pulumi.Input; /** * List of destination ports or port ranges. This is required if `destinationPortRange` is not specified. */ destinationPortRanges?: pulumi.Input[]>; /** * The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are `Inbound` and `Outbound`. */ direction?: pulumi.Input; /** * The name of the security rule. This needs to be unique across all Rules in the Network Security Group. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The name of the Network Security Group that we want to attach the rule to. Changing this forces a new resource to be created. */ networkSecurityGroupName?: pulumi.Input; /** * Specifies the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. */ priority?: pulumi.Input; /** * Network protocol this rule applies to. Possible values include `Tcp`, `Udp`, `Icmp`, `Esp`, `Ah` or `*` (which matches all). */ protocol?: pulumi.Input; /** * The name of the resource group in which to create the Network Security Rule. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * CIDR or source IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. */ sourceAddressPrefix?: pulumi.Input; /** * List of source address prefixes. Tags may not be used. */ sourceAddressPrefixes?: pulumi.Input[]>; /** * A List of source Application Security Group IDs * * > **Note:** One of `sourceAddressPrefix`, `sourceAddressPrefixes` or `sourceApplicationSecurityGroupIds` must be specified. */ sourceApplicationSecurityGroupIds?: pulumi.Input; /** * Source Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `sourcePortRanges` is not specified. */ sourcePortRange?: pulumi.Input; /** * List of source ports or port ranges. This is required if `sourcePortRange` is not specified. */ sourcePortRanges?: pulumi.Input[]>; } /** * The set of arguments for constructing a NetworkSecurityRule resource. */ export interface NetworkSecurityRuleArgs { /** * Specifies whether network traffic is allowed or denied. Possible values are `Allow` and `Deny`. */ access: pulumi.Input; /** * A description for this rule. Restricted to 140 characters. */ description?: pulumi.Input; /** * CIDR or destination IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. Besides, it also supports all available Service Tags like ‘Sql.WestEurope‘, ‘Storage.EastUS‘, etc. You can list the available service tags with the CLI: ```shell az network list-service-tags --location westcentralus```. For further information please see [Azure CLI - az network list-service-tags](https://docs.microsoft.com/cli/azure/network?view=azure-cli-latest#az-network-list-service-tags). */ destinationAddressPrefix?: pulumi.Input; /** * List of destination address prefixes. Tags may not be used. */ destinationAddressPrefixes?: pulumi.Input[]>; /** * A List of destination Application Security Group IDs * * > **Note:** One of `destinationAddressPrefix`, `destinationAddressPrefixes` or `destinationApplicationSecurityGroupIds` must be specified. */ destinationApplicationSecurityGroupIds?: pulumi.Input; /** * Destination Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `destinationPortRanges` is not specified. */ destinationPortRange?: pulumi.Input; /** * List of destination ports or port ranges. This is required if `destinationPortRange` is not specified. */ destinationPortRanges?: pulumi.Input[]>; /** * The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are `Inbound` and `Outbound`. */ direction: pulumi.Input; /** * The name of the security rule. This needs to be unique across all Rules in the Network Security Group. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The name of the Network Security Group that we want to attach the rule to. Changing this forces a new resource to be created. */ networkSecurityGroupName: pulumi.Input; /** * Specifies the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. */ priority: pulumi.Input; /** * Network protocol this rule applies to. Possible values include `Tcp`, `Udp`, `Icmp`, `Esp`, `Ah` or `*` (which matches all). */ protocol: pulumi.Input; /** * The name of the resource group in which to create the Network Security Rule. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * CIDR or source IP range or * to match any IP. Tags such as `VirtualNetwork`, `AzureLoadBalancer` and `Internet` can also be used. */ sourceAddressPrefix?: pulumi.Input; /** * List of source address prefixes. Tags may not be used. */ sourceAddressPrefixes?: pulumi.Input[]>; /** * A List of source Application Security Group IDs * * > **Note:** One of `sourceAddressPrefix`, `sourceAddressPrefixes` or `sourceApplicationSecurityGroupIds` must be specified. */ sourceApplicationSecurityGroupIds?: pulumi.Input; /** * Source Port or Range. Integer or range between `0` and `65535` or `*` to match any. This is required if `sourcePortRanges` is not specified. */ sourcePortRange?: pulumi.Input; /** * List of source ports or port ranges. This is required if `sourcePortRange` is not specified. */ sourcePortRanges?: pulumi.Input[]>; }