oci_network_firewall_network_firewall

This resource provides the Network Firewall resource in Oracle Cloud Infrastructure Network Firewall service. Api doc link for the resource: https://docs.oracle.com/iaas/api/#/en/network-firewall/latest/NetworkFirewall

Example terraform configs related to the resource : https://github.com/oracle/terraform-provider-oci/tree/master/examples/network_firewall

Creates a new NetworkFirewall.

Example Usage

resource "oci_network_firewall_network_firewall" "test_network_firewall" {
	#Required
	compartment_id = var.compartment_id
	network_firewall_policy_id = oci_network_firewall_network_firewall_policy.test_network_firewall_policy.id
	subnet_id = oci_core_subnet.test_subnet.id

	#Optional
	availability_domain = var.network_firewall_availability_domain
	defined_tags = {"Operations.CostCenter"= "42"}
	display_name = var.network_firewall_display_name
	freeform_tags = {"Department"= "Finance"}
	ipv4address = var.network_firewall_ipv4address
	ipv6address = var.network_firewall_ipv6address
	nat_configuration {
		#Required
		must_enable_private_nat = var.network_firewall_nat_configuration_must_enable_private_nat
	}
	network_security_group_ids = var.network_firewall_network_security_group_ids
	shape = var.network_firewall_shape
}

Argument Reference

The following arguments are supported:

• availability_domain - (Optional) Availability Domain where Network Firewall instance is created. To get a list of availability domains for a tenancy, use ListAvailabilityDomains operation. Example: kIdk:PHX-AD-1
• compartment_id - (Required) (Updatable) The OCID of the compartment containing the Network Firewall.
• defined_tags - (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
• display_name - (Optional) (Updatable) A user-friendly name for the Network Firewall. Does not have to be unique, and it’s changeable. Avoid entering confidential information.
• freeform_tags - (Optional) (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
• ipv4address - (Optional) IPv4 address for the Network Firewall.
• ipv6address - (Optional) IPv6 address for the Network Firewall.
• nat_configuration - (Optional) (Updatable) Request to configure Network Address Translation (NAT) on a firewall. To perform NAT on traffic passing the private NAT IPs to the firewall, the attached network firewall policy must also have NAT rules and NAT configuration must be enabled. If NAT configuration is enabled and the attached firewall policy does not contain NAT rule then NAT IPs will get allocated but NAT will not be performed on any traffic.
  • must_enable_private_nat - (Required) (Updatable) The value of this field must be set to true if the network firewall policy being applied contains NAT rules. The value of this field can be set to false if the network firewall policy being applied or the currently attached firewall policy doesn’t contain NAT rules.
• network_firewall_policy_id - (Required) (Updatable) The OCID of the Network Firewall Policy.
• network_security_group_ids - (Optional) (Updatable) An array of network security groups OCID associated with the Network Firewall.
• shape - (Optional) (Updatable) The shape of a firewall to determine the bandwidth that the firewall allows.
• subnet_id - (Required) The OCID of the subnet associated with the Network Firewall.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Attributes Reference

The following attributes are exported:

• availability_domain - Availability Domain where Network Firewall instance is created. To get a list of availability domains for a tenancy, use the ListAvailabilityDomains operation. Example: kIdk:PHX-AD-1
• compartment_id - The OCID of the compartment containing the Network Firewall.
• defined_tags - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
• display_name - A user-friendly name for the Network Firewall. Does not have to be unique, and it’s changeable. Avoid entering confidential information.
• freeform_tags - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
• id - The OCID of the Network Firewall resource.
• ipv4address - IPv4 address for the Network Firewall.
• ipv6address - IPv6 address for the Network Firewall.
• lifecycle_details - A message describing the current state in more detail. For example, it can be used to provide actionable information for a resource in ‘FAILED’ state.
• nat_configuration - Response to a request to configure Network Address Translation (NAT) on a firewall. To perform NAT on traffic passing the private NAT IPs to the firewall, the attached network firewall policy must also have NAT rules and NAT configuration must be enabled. If NAT configuration is enabled and the attached firewall policy does not contain NAT rule then NAT IPs will get allocated but NAT will not be performed on any traffic.
  • must_enable_private_nat - True indicates that NAT configuration is enabled. False indicates NAT configuration is disabled.
  • nat_ip_address_list - An array of Private NAT IP addresses that are associated with the Network Firewall. These IP addresses are reserved for NAT and shouldn’t be used for any other purpose in the subnet. This list contains IP addresses when NAT configuration is enabled. This list is empty or null IP when NAT configuration is disabled.
• network_firewall_policy_id - The OCID of the Network Firewall Policy.
• network_security_group_ids - An array of network security groups OCID associated with the Network Firewall.
• shape - The shape of a firewall to determine the bandwidth that the firewall allows.
• state - The current state of the Network Firewall.
• subnet_id - The OCID of the subnet associated with the Network Firewall.
• system_tags - Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud.free-tier-retained": "true"}
• time_created - The time at which the Network Firewall was created in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
• time_updated - The time at which the Network Firewall was updated in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z

Timeouts

The timeouts block allows you to specify timeouts for certain operations: * create - (Defaults to 20 minutes), when creating the Network Firewall * update - (Defaults to 20 minutes), when updating the Network Firewall * delete - (Defaults to 20 minutes), when destroying the Network Firewall

Import

NetworkFirewalls can be imported using the id, e.g.

$ terraform import oci_network_firewall_network_firewall.test_network_firewall "id"