github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/networkfirewall/firewallPolicy.go

// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***

package networkfirewall

import (
	"context"
	"reflect"

	"errors"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

// Provides an AWS Network Firewall Firewall Policy Resource
//
// ## Example Usage
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := networkfirewall.NewFirewallPolicy(ctx, "example", &networkfirewall.FirewallPolicyArgs{
//				Name: pulumi.String("example"),
//				FirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{
//					StatelessDefaultActions: pulumi.StringArray{
//						pulumi.String("aws:pass"),
//					},
//					StatelessFragmentDefaultActions: pulumi.StringArray{
//						pulumi.String("aws:drop"),
//					},
//					StatelessRuleGroupReferences: networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArray{
//						&networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs{
//							Priority:    pulumi.Int(1),
//							ResourceArn: pulumi.Any(exampleAwsNetworkfirewallRuleGroup.Arn),
//						},
//					},
//					TlsInspectionConfigurationArn: pulumi.String("arn:aws:network-firewall:REGION:ACCT:tls-configuration/example"),
//				},
//				Tags: pulumi.StringMap{
//					"Tag1": pulumi.String("Value1"),
//					"Tag2": pulumi.String("Value2"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ## Policy with a HOME_NET Override
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := networkfirewall.NewFirewallPolicy(ctx, "example", &networkfirewall.FirewallPolicyArgs{
//				Name: pulumi.String("example"),
//				FirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{
//					PolicyVariables: &networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesArgs{
//						RuleVariables: networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArray{
//							&networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArgs{
//								Key: pulumi.String("HOME_NET"),
//								IpSet: &networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSetArgs{
//									Definitions: pulumi.StringArray{
//										pulumi.String("10.0.0.0/16"),
//										pulumi.String("10.1.0.0/24"),
//									},
//								},
//							},
//						},
//					},
//					StatelessDefaultActions: pulumi.StringArray{
//						pulumi.String("aws:pass"),
//					},
//					StatelessFragmentDefaultActions: pulumi.StringArray{
//						pulumi.String("aws:drop"),
//					},
//					StatelessRuleGroupReferences: networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArray{
//						&networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs{
//							Priority:    pulumi.Int(1),
//							ResourceArn: pulumi.Any(exampleAwsNetworkfirewallRuleGroup.Arn),
//						},
//					},
//				},
//				Tags: pulumi.StringMap{
//					"Tag1": pulumi.String("Value1"),
//					"Tag2": pulumi.String("Value2"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ## Policy with a Custom Action for Stateless Inspection
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := networkfirewall.NewFirewallPolicy(ctx, "test", &networkfirewall.FirewallPolicyArgs{
//				Name: pulumi.String("example"),
//				FirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{
//					StatelessDefaultActions: pulumi.StringArray{
//						pulumi.String("aws:pass"),
//						pulumi.String("ExampleCustomAction"),
//					},
//					StatelessFragmentDefaultActions: pulumi.StringArray{
//						pulumi.String("aws:drop"),
//					},
//					StatelessCustomActions: networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArray{
//						&networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArgs{
//							ActionDefinition: &networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs{
//								PublishMetricAction: &networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs{
//									Dimensions: networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArray{
//										&networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArgs{
//											Value: pulumi.String("1"),
//										},
//									},
//								},
//							},
//							ActionName: pulumi.String("ExampleCustomAction"),
//						},
//					},
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ## Import
//
// Using `pulumi import`, import Network Firewall Policies using their `arn`. For example:
//
// ```sh
// $ pulumi import aws:networkfirewall/firewallPolicy:FirewallPolicy example arn:aws:network-firewall:us-west-1:123456789012:firewall-policy/example
// ```
type FirewallPolicy struct {
	pulumi.CustomResourceState

	// The Amazon Resource Name (ARN) that identifies the firewall policy.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// A friendly description of the firewall policy.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// KMS encryption configuration settings. See Encryption Configuration below for details.
	EncryptionConfiguration FirewallPolicyEncryptionConfigurationPtrOutput `pulumi:"encryptionConfiguration"`
	// A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
	FirewallPolicy FirewallPolicyFirewallPolicyOutput `pulumi:"firewallPolicy"`
	// A friendly name of the firewall policy.
	Name pulumi.StringOutput `pulumi:"name"`
	// Map of resource tags to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
	// A string token used when updating a firewall policy.
	UpdateToken pulumi.StringOutput `pulumi:"updateToken"`
}

// NewFirewallPolicy registers a new resource with the given unique name, arguments, and options.
func NewFirewallPolicy(ctx *pulumi.Context,
	name string, args *FirewallPolicyArgs, opts ...pulumi.ResourceOption) (*FirewallPolicy, error) {
	if args == nil {
		return nil, errors.New("missing one or more required arguments")
	}

	if args.FirewallPolicy == nil {
		return nil, errors.New("invalid value for required argument 'FirewallPolicy'")
	}
	opts = internal.PkgResourceDefaultOpts(opts)
	var resource FirewallPolicy
	err := ctx.RegisterResource("aws:networkfirewall/firewallPolicy:FirewallPolicy", name, args, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// GetFirewallPolicy gets an existing FirewallPolicy resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetFirewallPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *FirewallPolicyState, opts ...pulumi.ResourceOption) (*FirewallPolicy, error) {
	var resource FirewallPolicy
	err := ctx.ReadResource("aws:networkfirewall/firewallPolicy:FirewallPolicy", name, id, state, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// Input properties used for looking up and filtering FirewallPolicy resources.
type firewallPolicyState struct {
	// The Amazon Resource Name (ARN) that identifies the firewall policy.
	Arn *string `pulumi:"arn"`
	// A friendly description of the firewall policy.
	Description *string `pulumi:"description"`
	// KMS encryption configuration settings. See Encryption Configuration below for details.
	EncryptionConfiguration *FirewallPolicyEncryptionConfiguration `pulumi:"encryptionConfiguration"`
	// A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
	FirewallPolicy *FirewallPolicyFirewallPolicy `pulumi:"firewallPolicy"`
	// A friendly name of the firewall policy.
	Name *string `pulumi:"name"`
	// Map of resource tags to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags map[string]string `pulumi:"tags"`
	// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll map[string]string `pulumi:"tagsAll"`
	// A string token used when updating a firewall policy.
	UpdateToken *string `pulumi:"updateToken"`
}

type FirewallPolicyState struct {
	// The Amazon Resource Name (ARN) that identifies the firewall policy.
	Arn pulumi.StringPtrInput
	// A friendly description of the firewall policy.
	Description pulumi.StringPtrInput
	// KMS encryption configuration settings. See Encryption Configuration below for details.
	EncryptionConfiguration FirewallPolicyEncryptionConfigurationPtrInput
	// A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
	FirewallPolicy FirewallPolicyFirewallPolicyPtrInput
	// A friendly name of the firewall policy.
	Name pulumi.StringPtrInput
	// Map of resource tags to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapInput
	// A string token used when updating a firewall policy.
	UpdateToken pulumi.StringPtrInput
}

func (FirewallPolicyState) ElementType() reflect.Type {
	return reflect.TypeOf((*firewallPolicyState)(nil)).Elem()
}

type firewallPolicyArgs struct {
	// A friendly description of the firewall policy.
	Description *string `pulumi:"description"`
	// KMS encryption configuration settings. See Encryption Configuration below for details.
	EncryptionConfiguration *FirewallPolicyEncryptionConfiguration `pulumi:"encryptionConfiguration"`
	// A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
	FirewallPolicy FirewallPolicyFirewallPolicy `pulumi:"firewallPolicy"`
	// A friendly name of the firewall policy.
	Name *string `pulumi:"name"`
	// Map of resource tags to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags map[string]string `pulumi:"tags"`
}

// The set of arguments for constructing a FirewallPolicy resource.
type FirewallPolicyArgs struct {
	// A friendly description of the firewall policy.
	Description pulumi.StringPtrInput
	// KMS encryption configuration settings. See Encryption Configuration below for details.
	EncryptionConfiguration FirewallPolicyEncryptionConfigurationPtrInput
	// A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
	FirewallPolicy FirewallPolicyFirewallPolicyInput
	// A friendly name of the firewall policy.
	Name pulumi.StringPtrInput
	// Map of resource tags to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
}

func (FirewallPolicyArgs) ElementType() reflect.Type {
	return reflect.TypeOf((*firewallPolicyArgs)(nil)).Elem()
}

type FirewallPolicyInput interface {
	pulumi.Input

	ToFirewallPolicyOutput() FirewallPolicyOutput
	ToFirewallPolicyOutputWithContext(ctx context.Context) FirewallPolicyOutput
}

func (*FirewallPolicy) ElementType() reflect.Type {
	return reflect.TypeOf((**FirewallPolicy)(nil)).Elem()
}

func (i *FirewallPolicy) ToFirewallPolicyOutput() FirewallPolicyOutput {
	return i.ToFirewallPolicyOutputWithContext(context.Background())
}

func (i *FirewallPolicy) ToFirewallPolicyOutputWithContext(ctx context.Context) FirewallPolicyOutput {
	return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyOutput)
}

// FirewallPolicyArrayInput is an input type that accepts FirewallPolicyArray and FirewallPolicyArrayOutput values.
// You can construct a concrete instance of `FirewallPolicyArrayInput` via:
//
//	FirewallPolicyArray{ FirewallPolicyArgs{...} }
type FirewallPolicyArrayInput interface {
	pulumi.Input

	ToFirewallPolicyArrayOutput() FirewallPolicyArrayOutput
	ToFirewallPolicyArrayOutputWithContext(context.Context) FirewallPolicyArrayOutput
}

type FirewallPolicyArray []FirewallPolicyInput

func (FirewallPolicyArray) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*FirewallPolicy)(nil)).Elem()
}

func (i FirewallPolicyArray) ToFirewallPolicyArrayOutput() FirewallPolicyArrayOutput {
	return i.ToFirewallPolicyArrayOutputWithContext(context.Background())
}

func (i FirewallPolicyArray) ToFirewallPolicyArrayOutputWithContext(ctx context.Context) FirewallPolicyArrayOutput {
	return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyArrayOutput)
}

// FirewallPolicyMapInput is an input type that accepts FirewallPolicyMap and FirewallPolicyMapOutput values.
// You can construct a concrete instance of `FirewallPolicyMapInput` via:
//
//	FirewallPolicyMap{ "key": FirewallPolicyArgs{...} }
type FirewallPolicyMapInput interface {
	pulumi.Input

	ToFirewallPolicyMapOutput() FirewallPolicyMapOutput
	ToFirewallPolicyMapOutputWithContext(context.Context) FirewallPolicyMapOutput
}

type FirewallPolicyMap map[string]FirewallPolicyInput

func (FirewallPolicyMap) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*FirewallPolicy)(nil)).Elem()
}

func (i FirewallPolicyMap) ToFirewallPolicyMapOutput() FirewallPolicyMapOutput {
	return i.ToFirewallPolicyMapOutputWithContext(context.Background())
}

func (i FirewallPolicyMap) ToFirewallPolicyMapOutputWithContext(ctx context.Context) FirewallPolicyMapOutput {
	return pulumi.ToOutputWithContext(ctx, i).(FirewallPolicyMapOutput)
}

type FirewallPolicyOutput struct{ *pulumi.OutputState }

func (FirewallPolicyOutput) ElementType() reflect.Type {
	return reflect.TypeOf((**FirewallPolicy)(nil)).Elem()
}

func (o FirewallPolicyOutput) ToFirewallPolicyOutput() FirewallPolicyOutput {
	return o
}

func (o FirewallPolicyOutput) ToFirewallPolicyOutputWithContext(ctx context.Context) FirewallPolicyOutput {
	return o
}

// The Amazon Resource Name (ARN) that identifies the firewall policy.
func (o FirewallPolicyOutput) Arn() pulumi.StringOutput {
	return o.ApplyT(func(v *FirewallPolicy) pulumi.StringOutput { return v.Arn }).(pulumi.StringOutput)
}

// A friendly description of the firewall policy.
func (o FirewallPolicyOutput) Description() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *FirewallPolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput)
}

// KMS encryption configuration settings. See Encryption Configuration below for details.
func (o FirewallPolicyOutput) EncryptionConfiguration() FirewallPolicyEncryptionConfigurationPtrOutput {
	return o.ApplyT(func(v *FirewallPolicy) FirewallPolicyEncryptionConfigurationPtrOutput {
		return v.EncryptionConfiguration
	}).(FirewallPolicyEncryptionConfigurationPtrOutput)
}

// A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
func (o FirewallPolicyOutput) FirewallPolicy() FirewallPolicyFirewallPolicyOutput {
	return o.ApplyT(func(v *FirewallPolicy) FirewallPolicyFirewallPolicyOutput { return v.FirewallPolicy }).(FirewallPolicyFirewallPolicyOutput)
}

// A friendly name of the firewall policy.
func (o FirewallPolicyOutput) Name() pulumi.StringOutput {
	return o.ApplyT(func(v *FirewallPolicy) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput)
}

// Map of resource tags to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
func (o FirewallPolicyOutput) Tags() pulumi.StringMapOutput {
	return o.ApplyT(func(v *FirewallPolicy) pulumi.StringMapOutput { return v.Tags }).(pulumi.StringMapOutput)
}

// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
//
// Deprecated: Please use `tags` instead.
func (o FirewallPolicyOutput) TagsAll() pulumi.StringMapOutput {
	return o.ApplyT(func(v *FirewallPolicy) pulumi.StringMapOutput { return v.TagsAll }).(pulumi.StringMapOutput)
}

// A string token used when updating a firewall policy.
func (o FirewallPolicyOutput) UpdateToken() pulumi.StringOutput {
	return o.ApplyT(func(v *FirewallPolicy) pulumi.StringOutput { return v.UpdateToken }).(pulumi.StringOutput)
}

type FirewallPolicyArrayOutput struct{ *pulumi.OutputState }

func (FirewallPolicyArrayOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*FirewallPolicy)(nil)).Elem()
}

func (o FirewallPolicyArrayOutput) ToFirewallPolicyArrayOutput() FirewallPolicyArrayOutput {
	return o
}

func (o FirewallPolicyArrayOutput) ToFirewallPolicyArrayOutputWithContext(ctx context.Context) FirewallPolicyArrayOutput {
	return o
}

func (o FirewallPolicyArrayOutput) Index(i pulumi.IntInput) FirewallPolicyOutput {
	return pulumi.All(o, i).ApplyT(func(vs []interface{}) *FirewallPolicy {
		return vs[0].([]*FirewallPolicy)[vs[1].(int)]
	}).(FirewallPolicyOutput)
}

type FirewallPolicyMapOutput struct{ *pulumi.OutputState }

func (FirewallPolicyMapOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*FirewallPolicy)(nil)).Elem()
}

func (o FirewallPolicyMapOutput) ToFirewallPolicyMapOutput() FirewallPolicyMapOutput {
	return o
}

func (o FirewallPolicyMapOutput) ToFirewallPolicyMapOutputWithContext(ctx context.Context) FirewallPolicyMapOutput {
	return o
}

func (o FirewallPolicyMapOutput) MapIndex(k pulumi.StringInput) FirewallPolicyOutput {
	return pulumi.All(o, k).ApplyT(func(vs []interface{}) *FirewallPolicy {
		return vs[0].(map[string]*FirewallPolicy)[vs[1].(string)]
	}).(FirewallPolicyOutput)
}

func init() {
	pulumi.RegisterInputType(reflect.TypeOf((*FirewallPolicyInput)(nil)).Elem(), &FirewallPolicy{})
	pulumi.RegisterInputType(reflect.TypeOf((*FirewallPolicyArrayInput)(nil)).Elem(), FirewallPolicyArray{})
	pulumi.RegisterInputType(reflect.TypeOf((*FirewallPolicyMapInput)(nil)).Elem(), FirewallPolicyMap{})
	pulumi.RegisterOutputType(FirewallPolicyOutput{})
	pulumi.RegisterOutputType(FirewallPolicyArrayOutput{})
	pulumi.RegisterOutputType(FirewallPolicyMapOutput{})
}