def firewall(stem, subnet_id, depends_on=[]):
fw_pip = network.PublicIp(
f'{stem}-fw-pip-',
resource_group_name=resource_group_name,
sku='Standard',
allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self),
)
fw = network.Firewall(
f'{stem}-fw-',
resource_group_name=resource_group_name,
ip_configurations=[{
'name': f'{stem}-fw-ipconf',
'subnet_id': subnet_id,
'publicIpAddressId': fw_pip.id,
}],
tags=tags,
opts=ResourceOptions(
parent=self,
depends_on=depends_on,
custom_timeouts=CustomTimeouts(
create='1h',
update='1h',
delete='1h',
),
),
)
return fw
def firewall(stem, fw_sn_id, fwm_sn_id, private_ranges, depends_on=None):
fw_pip = network.PublicIp(
f'{stem}{s}fw{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku='Standard',
allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
fwm_pip = network.PublicIp(
f'{stem}{s}fwm{s}pip{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
sku='Standard',
allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self, depends_on=depends_on),
)
fw = network.Firewall(
f'{stem}{s}fw{s}{suffix}',
resource_group_name=resource_group_name,
location=location,
# additional_properties = {
# "Network.SNAT.PrivateRanges": private_ranges,
# },
# sku = 'AZFW_VNet',
ip_configurations=[
network.FirewallIpConfigurationArgs(
name=f'{stem}{s}fw{s}ipc',
public_ip_address_id=fw_pip.id,
subnet_id=fw_sn_id,
)
],
management_ip_configuration=network.FirewallIpConfigurationArgs(
name=f'{stem}{s}fwm{s}ipc',
public_ip_address_id=fwm_pip.id,
subnet_id=fwm_sn_id,
),
tags=tags,
opts=ResourceOptions(
parent=self,
depends_on=depends_on,
custom_timeouts=CustomTimeouts(
create='1h',
update='1h',
delete='1h',
),
),
)
return fw
def firewall(stem, fw_sn_id, fwm_sn_id, depends_on=None):
fw_pip = network.PublicIp(
f'{stem}-fw-pip-',
resource_group_name=resource_group_name,
sku='Standard',
allocation_method='Static',
tags=tags,
opts=ResourceOptions(parent=self),
)
# fwm_pip = network.PublicIp( # requires api 2019-11-01 or later
# f'{stem}-fwm-pip-',
# resource_group_name = resource_group_name,
# sku = 'Standard',
# allocation_method = 'Static',
# tags = tags,
# opts = ResourceOptions(parent=self),
# )
fw = network.Firewall(
f'{stem}-fw-',
resource_group_name=resource_group_name,
# sku = 'AZFW_VNet', # not required but distinguishes from 'AZFW_Hub'
ip_configurations=[
network.FirewallIpConfigurationArgs(
name=f'{stem}-fw-ipconf',
public_ip_address_id=fw_pip.id,
subnet_id=fw_sn_id,
)
],
# management_ip_configuration = { # requires api 2019-11-01 or later
# 'name': f'{stem}-fwm-ipconf',
# 'publicIpAddressId': fwm_pip.id,
# 'subnet_id': fwm_sn_id,
# },
tags=tags,
opts=ResourceOptions(
parent=self,
depends_on=depends_on,
custom_timeouts=CustomTimeouts(
create='1h',
update='1h',
delete='1h',
),
),
)
return fw