Palo Alto Networks Cloud NGFW for AWS v0.1.1, Mar 15 25

Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi

cloudngfwaws.getSecurityRule

Explore with Pulumi AI

Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi

pulumi/pulumi-cloudngfwaws

Admin Permission Type

Rulestack (for scope="Local")
Global Rulestack (for scope="Global")

Coming soon!

Coming soon!

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudngfwaws.Rulestack;
import com.pulumi.cloudngfwaws.RulestackArgs;
import com.pulumi.cloudngfwaws.inputs.RulestackProfileConfigArgs;
import com.pulumi.cloudngfwaws.CloudngfwawsFunctions;
import com.pulumi.cloudngfwaws.inputs.GetSecurityRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var r = new Rulestack("r", RulestackArgs.builder()
            .name("my-rulestack")
            .scope("Local")
            .accountId("12345")
            .description("Made by Pulumi")
            .profileConfig(RulestackProfileConfigArgs.builder()
                .antiSpyware("BestPractice")
                .build())
            .build());

        final var example = CloudngfwawsFunctions.getSecurityRule(GetSecurityRuleArgs.builder()
            .rulestack(r.name())
            .name("foobar")
            .build());

    }
}

resources:
  r:
    type: cloudngfwaws:Rulestack
    properties:
      name: my-rulestack
      scope: Local
      accountId: '12345'
      description: Made by Pulumi
      profileConfig:
        antiSpyware: BestPractice
variables:
  example:
    fn::invoke:
      function: cloudngfwaws:getSecurityRule
      arguments:
        rulestack: ${r.name}
        name: foobar

Using getSecurityRule

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getSecurityRule(args: GetSecurityRuleArgs, opts?: InvokeOptions): Promise<GetSecurityRuleResult>
function getSecurityRuleOutput(args: GetSecurityRuleOutputArgs, opts?: InvokeOptions): Output<GetSecurityRuleResult>

def get_security_rule(config_type: Optional[str] = None,
                      priority: Optional[int] = None,
                      rule_list: Optional[str] = None,
                      rulestack: Optional[str] = None,
                      scope: Optional[str] = None,
                      opts: Optional[InvokeOptions] = None) -> GetSecurityRuleResult
def get_security_rule_output(config_type: Optional[pulumi.Input[str]] = None,
                      priority: Optional[pulumi.Input[int]] = None,
                      rule_list: Optional[pulumi.Input[str]] = None,
                      rulestack: Optional[pulumi.Input[str]] = None,
                      scope: Optional[pulumi.Input[str]] = None,
                      opts: Optional[InvokeOptions] = None) -> Output[GetSecurityRuleResult]

func LookupSecurityRule(ctx *Context, args *LookupSecurityRuleArgs, opts ...InvokeOption) (*LookupSecurityRuleResult, error)
func LookupSecurityRuleOutput(ctx *Context, args *LookupSecurityRuleOutputArgs, opts ...InvokeOption) LookupSecurityRuleResultOutput

> Note: This function is named LookupSecurityRule in the Go SDK.

public static class GetSecurityRule 
{
    public static Task<GetSecurityRuleResult> InvokeAsync(GetSecurityRuleArgs args, InvokeOptions? opts = null)
    public static Output<GetSecurityRuleResult> Invoke(GetSecurityRuleInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecurityRuleResult> getSecurityRule(GetSecurityRuleArgs args, InvokeOptions options)
public static Output<GetSecurityRuleResult> getSecurityRule(GetSecurityRuleArgs args, InvokeOptions options)

fn::invoke:
  function: cloudngfwaws:index/getSecurityRule:getSecurityRule
  arguments:
    # arguments dictionary

The following arguments are supported:

Priority int: The rule priority.
Rulestack string: The rulestack.
ConfigType string: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
RuleList string: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
Scope string: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

Priority int: The rule priority.
Rulestack string: The rulestack.
ConfigType string: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
RuleList string: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
Scope string: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

priority Integer: The rule priority.
rulestack String: The rulestack.
configType String: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
ruleList String: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
scope String: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

priority number: The rule priority.
rulestack string: The rulestack.
configType string: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
ruleList string: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
scope string: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

priority int: The rule priority.
rulestack str: The rulestack.
config_type str: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
rule_list str: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
scope str: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

priority Number: The rule priority.
rulestack String: The rulestack.
configType String: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
ruleList String: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
scope String: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

getSecurityRule Result

The following output properties are available:

Action string: The action to take. Valid values are Allow, DenySilent, DenyResetServer, or DenyResetBoth.
Applications List<string>: The list of applications.
AuditComment string: The audit comment.
Categories List<Pulumi.CloudNgfwAws.Outputs.GetSecurityRuleCategory>: The category spec.
DecryptionRuleType string: Decryption rule type. Valid values are ``orSSLOutboundInspection.
Description string: The description.
Destinations List<Pulumi.CloudNgfwAws.Outputs.GetSecurityRuleDestination>: The destination spec.
Enabled bool: Set to false to disable this rule.
Id string: The provider-assigned unique ID for this managed resource.
Logging bool: Enable logging at end.
Name string: The name.
NegateDestination bool: Negate the destination definition.
NegateSource bool: Negate the source definition.
Priority int: The rule priority.
ProtPortLists List<string>: Protocol port list.
Protocol string: The protocol.
Rulestack string: The rulestack.
Sources List<Pulumi.CloudNgfwAws.Outputs.GetSecurityRuleSource>: The source spec.
Tags Dictionary<string, string>: The tags.
UpdateToken string: The update token.
ConfigType string: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
RuleList string: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
Scope string: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

Action string: The action to take. Valid values are Allow, DenySilent, DenyResetServer, or DenyResetBoth.
Applications []string: The list of applications.
AuditComment string: The audit comment.
Categories []GetSecurityRuleCategory: The category spec.
DecryptionRuleType string: Decryption rule type. Valid values are ``orSSLOutboundInspection.
Description string: The description.
Destinations []GetSecurityRuleDestination: The destination spec.
Enabled bool: Set to false to disable this rule.
Id string: The provider-assigned unique ID for this managed resource.
Logging bool: Enable logging at end.
Name string: The name.
NegateDestination bool: Negate the destination definition.
NegateSource bool: Negate the source definition.
Priority int: The rule priority.
ProtPortLists []string: Protocol port list.
Protocol string: The protocol.
Rulestack string: The rulestack.
Sources []GetSecurityRuleSource: The source spec.
Tags map[string]string: The tags.
UpdateToken string: The update token.
ConfigType string: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
RuleList string: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
Scope string: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

action String: The action to take. Valid values are Allow, DenySilent, DenyResetServer, or DenyResetBoth.
applications List<String>: The list of applications.
auditComment String: The audit comment.
categories List<GetSecurityRuleCategory>: The category spec.
decryptionRuleType String: Decryption rule type. Valid values are ``orSSLOutboundInspection.
description String: The description.
destinations List<GetSecurityRuleDestination>: The destination spec.
enabled Boolean: Set to false to disable this rule.
id String: The provider-assigned unique ID for this managed resource.
logging Boolean: Enable logging at end.
name String: The name.
negateDestination Boolean: Negate the destination definition.
negateSource Boolean: Negate the source definition.
priority Integer: The rule priority.
protPortLists List<String>: Protocol port list.
protocol String: The protocol.
rulestack String: The rulestack.
sources List<GetSecurityRuleSource>: The source spec.
tags Map<String,String>: The tags.
updateToken String: The update token.
configType String: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
ruleList String: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
scope String: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

action string: The action to take. Valid values are Allow, DenySilent, DenyResetServer, or DenyResetBoth.
applications string[]: The list of applications.
auditComment string: The audit comment.
categories GetSecurityRuleCategory[]: The category spec.
decryptionRuleType string: Decryption rule type. Valid values are ``orSSLOutboundInspection.
description string: The description.
destinations GetSecurityRuleDestination[]: The destination spec.
enabled boolean: Set to false to disable this rule.
id string: The provider-assigned unique ID for this managed resource.
logging boolean: Enable logging at end.
name string: The name.
negateDestination boolean: Negate the destination definition.
negateSource boolean: Negate the source definition.
priority number: The rule priority.
protPortLists string[]: Protocol port list.
protocol string: The protocol.
rulestack string: The rulestack.
sources GetSecurityRuleSource[]: The source spec.
tags {[key: string]: string}: The tags.
updateToken string: The update token.
configType string: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
ruleList string: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
scope string: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

action str: The action to take. Valid values are Allow, DenySilent, DenyResetServer, or DenyResetBoth.
applications Sequence[str]: The list of applications.
audit_comment str: The audit comment.
categories Sequence[GetSecurityRuleCategory]: The category spec.
decryption_rule_type str: Decryption rule type. Valid values are ``orSSLOutboundInspection.
description str: The description.
destinations Sequence[GetSecurityRuleDestination]: The destination spec.
enabled bool: Set to false to disable this rule.
id str: The provider-assigned unique ID for this managed resource.
logging bool: Enable logging at end.
name str: The name.
negate_destination bool: Negate the destination definition.
negate_source bool: Negate the source definition.
priority int: The rule priority.
prot_port_lists Sequence[str]: Protocol port list.
protocol str: The protocol.
rulestack str: The rulestack.
sources Sequence[GetSecurityRuleSource]: The source spec.
tags Mapping[str, str]: The tags.
update_token str: The update token.
config_type str: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
rule_list str: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
scope str: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

action String: The action to take. Valid values are Allow, DenySilent, DenyResetServer, or DenyResetBoth.
applications List<String>: The list of applications.
auditComment String: The audit comment.
categories List<Property Map>: The category spec.
decryptionRuleType String: Decryption rule type. Valid values are ``orSSLOutboundInspection.
description String: The description.
destinations List<Property Map>: The destination spec.
enabled Boolean: Set to false to disable this rule.
id String: The provider-assigned unique ID for this managed resource.
logging Boolean: Enable logging at end.
name String: The name.
negateDestination Boolean: Negate the destination definition.
negateSource Boolean: Negate the source definition.
priority Number: The rule priority.
protPortLists List<String>: Protocol port list.
protocol String: The protocol.
rulestack String: The rulestack.
sources List<Property Map>: The source spec.
tags Map<String>: The tags.
updateToken String: The update token.
configType String: Retrieve either the candidate or running config. Valid values are candidate or running. Defaults to candidate.
ruleList String: The rulebase. Valid values are PreRule, PostRule, or LocalRule. Defaults to PreRule.
scope String: The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are Local or Global. Defaults to Local.

Supporting Types

GetSecurityRuleCategory

Feeds List<string>: List of feeds.
UrlCategoryNames List<string>: List of URL category names.

Feeds []string: List of feeds.
UrlCategoryNames []string: List of URL category names.

feeds List<String>: List of feeds.
urlCategoryNames List<String>: List of URL category names.

feeds string[]: List of feeds.
urlCategoryNames string[]: List of URL category names.

feeds Sequence[str]: List of feeds.
url_category_names Sequence[str]: List of URL category names.

feeds List<String>: List of feeds.
urlCategoryNames List<String>: List of URL category names.

GetSecurityRuleDestination

Cidrs List<string>: List of CIDRs.
Countries List<string>: List of countries.
Feeds List<string>: List of feeds.
FqdnLists List<string>: List of FQDN lists.
PrefixLists List<string>: List of prefix list.

Cidrs []string: List of CIDRs.
Countries []string: List of countries.
Feeds []string: List of feeds.
FqdnLists []string: List of FQDN lists.
PrefixLists []string: List of prefix list.

cidrs List<String>: List of CIDRs.
countries List<String>: List of countries.
feeds List<String>: List of feeds.
fqdnLists List<String>: List of FQDN lists.
prefixLists List<String>: List of prefix list.

cidrs string[]: List of CIDRs.
countries string[]: List of countries.
feeds string[]: List of feeds.
fqdnLists string[]: List of FQDN lists.
prefixLists string[]: List of prefix list.

cidrs Sequence[str]: List of CIDRs.
countries Sequence[str]: List of countries.
feeds Sequence[str]: List of feeds.
fqdn_lists Sequence[str]: List of FQDN lists.
prefix_lists Sequence[str]: List of prefix list.

cidrs List<String>: List of CIDRs.
countries List<String>: List of countries.
feeds List<String>: List of feeds.
fqdnLists List<String>: List of FQDN lists.
prefixLists List<String>: List of prefix list.

GetSecurityRuleSource

Cidrs List<string>: List of CIDRs.
Countries List<string>: List of countries.
Feeds List<string>: List of feeds.
PrefixLists List<string>: List of prefix list.

Cidrs []string: List of CIDRs.
Countries []string: List of countries.
Feeds []string: List of feeds.
PrefixLists []string: List of prefix list.

cidrs List<String>: List of CIDRs.
countries List<String>: List of countries.
feeds List<String>: List of feeds.
prefixLists List<String>: List of prefix list.

cidrs string[]: List of CIDRs.
countries string[]: List of countries.
feeds string[]: List of feeds.
prefixLists string[]: List of prefix list.

cidrs Sequence[str]: List of CIDRs.
countries Sequence[str]: List of countries.
feeds Sequence[str]: List of feeds.
prefix_lists Sequence[str]: List of prefix list.

cidrs List<String>: List of CIDRs.
countries List<String>: List of countries.
feeds List<String>: List of feeds.
prefixLists List<String>: List of prefix list.

Package Details

Repository: cloudngfwaws pulumi/pulumi-cloudngfwaws
License: Apache-2.0
Notes: This Pulumi package is based on the cloudngfwaws Terraform Provider.

Palo Alto Networks Cloud NGFW for AWS v0.1.1 published on Saturday, Mar 15, 2025 by Pulumi

pulumi/pulumi-cloudngfwaws

cloudngfwaws.getSecurityRule

On this page

On this page

Admin Permission Type

Example Usage

Using getSecurityRule

getSecurityRule Result

Supporting Types

GetSecurityRuleCategory

GetSecurityRuleDestination

GetSecurityRuleSource

Package Details

On this page

On this page