1. Packages
  2. Nsxt Provider
  3. API Docs
  4. VpcSecurityPolicy
nsxt 3.8.0 published on Monday, Apr 14, 2025 by vmware

nsxt.VpcSecurityPolicy

Explore with Pulumi AI

Create VpcSecurityPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new VpcSecurityPolicy(name: string, args: VpcSecurityPolicyArgs, opts?: CustomResourceOptions);
@overload
def VpcSecurityPolicy(resource_name: str,
                      args: VpcSecurityPolicyArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def VpcSecurityPolicy(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      display_name: Optional[str] = None,
                      context: Optional[VpcSecurityPolicyContextArgs] = None,
                      rules: Optional[Sequence[VpcSecurityPolicyRuleArgs]] = None,
                      description: Optional[str] = None,
                      locked: Optional[bool] = None,
                      nsx_id: Optional[str] = None,
                      comments: Optional[str] = None,
                      scopes: Optional[Sequence[str]] = None,
                      sequence_number: Optional[float] = None,
                      stateful: Optional[bool] = None,
                      tags: Optional[Sequence[VpcSecurityPolicyTagArgs]] = None,
                      tcp_strict: Optional[bool] = None,
                      vpc_security_policy_id: Optional[str] = None)
func NewVpcSecurityPolicy(ctx *Context, name string, args VpcSecurityPolicyArgs, opts ...ResourceOption) (*VpcSecurityPolicy, error)
public VpcSecurityPolicy(string name, VpcSecurityPolicyArgs args, CustomResourceOptions? opts = null)
public VpcSecurityPolicy(String name, VpcSecurityPolicyArgs args)
public VpcSecurityPolicy(String name, VpcSecurityPolicyArgs args, CustomResourceOptions options)
type: nsxt:VpcSecurityPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. VpcSecurityPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. VpcSecurityPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. VpcSecurityPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. VpcSecurityPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. VpcSecurityPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var vpcSecurityPolicyResource = new Nsxt.VpcSecurityPolicy("vpcSecurityPolicyResource", new()
{
    DisplayName = "string",
    Context = new Nsxt.Inputs.VpcSecurityPolicyContextArgs
    {
        ProjectId = "string",
        VpcId = "string",
    },
    Rules = new[]
    {
        new Nsxt.Inputs.VpcSecurityPolicyRuleArgs
        {
            DisplayName = "string",
            Notes = "string",
            Path = "string",
            DestinationsExcluded = false,
            Direction = "string",
            Disabled = false,
            Description = "string",
            IpVersion = "string",
            LogLabel = "string",
            Logged = false,
            Action = "string",
            DestinationGroups = new[]
            {
                "string",
            },
            Profiles = new[]
            {
                "string",
            },
            NsxId = "string",
            Revision = 0,
            RuleId = 0,
            Scopes = new[]
            {
                "string",
            },
            SequenceNumber = 0,
            Services = new[]
            {
                "string",
            },
            SourceGroups = new[]
            {
                "string",
            },
            SourcesExcluded = false,
            Tags = new[]
            {
                new Nsxt.Inputs.VpcSecurityPolicyRuleTagArgs
                {
                    Scope = "string",
                    Tag = "string",
                },
            },
        },
    },
    Description = "string",
    Locked = false,
    NsxId = "string",
    Comments = "string",
    Scopes = new[]
    {
        "string",
    },
    SequenceNumber = 0,
    Stateful = false,
    Tags = new[]
    {
        new Nsxt.Inputs.VpcSecurityPolicyTagArgs
        {
            Scope = "string",
            Tag = "string",
        },
    },
    TcpStrict = false,
    VpcSecurityPolicyId = "string",
});
Copy
example, err := nsxt.NewVpcSecurityPolicy(ctx, "vpcSecurityPolicyResource", &nsxt.VpcSecurityPolicyArgs{
DisplayName: pulumi.String("string"),
Context: &.VpcSecurityPolicyContextArgs{
ProjectId: pulumi.String("string"),
VpcId: pulumi.String("string"),
},
Rules: .VpcSecurityPolicyRuleArray{
&.VpcSecurityPolicyRuleArgs{
DisplayName: pulumi.String("string"),
Notes: pulumi.String("string"),
Path: pulumi.String("string"),
DestinationsExcluded: pulumi.Bool(false),
Direction: pulumi.String("string"),
Disabled: pulumi.Bool(false),
Description: pulumi.String("string"),
IpVersion: pulumi.String("string"),
LogLabel: pulumi.String("string"),
Logged: pulumi.Bool(false),
Action: pulumi.String("string"),
DestinationGroups: pulumi.StringArray{
pulumi.String("string"),
},
Profiles: pulumi.StringArray{
pulumi.String("string"),
},
NsxId: pulumi.String("string"),
Revision: pulumi.Float64(0),
RuleId: pulumi.Float64(0),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
SequenceNumber: pulumi.Float64(0),
Services: pulumi.StringArray{
pulumi.String("string"),
},
SourceGroups: pulumi.StringArray{
pulumi.String("string"),
},
SourcesExcluded: pulumi.Bool(false),
Tags: .VpcSecurityPolicyRuleTagArray{
&.VpcSecurityPolicyRuleTagArgs{
Scope: pulumi.String("string"),
Tag: pulumi.String("string"),
},
},
},
},
Description: pulumi.String("string"),
Locked: pulumi.Bool(false),
NsxId: pulumi.String("string"),
Comments: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
SequenceNumber: pulumi.Float64(0),
Stateful: pulumi.Bool(false),
Tags: .VpcSecurityPolicyTagArray{
&.VpcSecurityPolicyTagArgs{
Scope: pulumi.String("string"),
Tag: pulumi.String("string"),
},
},
TcpStrict: pulumi.Bool(false),
VpcSecurityPolicyId: pulumi.String("string"),
})
Copy
var vpcSecurityPolicyResource = new VpcSecurityPolicy("vpcSecurityPolicyResource", VpcSecurityPolicyArgs.builder()
    .displayName("string")
    .context(VpcSecurityPolicyContextArgs.builder()
        .projectId("string")
        .vpcId("string")
        .build())
    .rules(VpcSecurityPolicyRuleArgs.builder()
        .displayName("string")
        .notes("string")
        .path("string")
        .destinationsExcluded(false)
        .direction("string")
        .disabled(false)
        .description("string")
        .ipVersion("string")
        .logLabel("string")
        .logged(false)
        .action("string")
        .destinationGroups("string")
        .profiles("string")
        .nsxId("string")
        .revision(0)
        .ruleId(0)
        .scopes("string")
        .sequenceNumber(0)
        .services("string")
        .sourceGroups("string")
        .sourcesExcluded(false)
        .tags(VpcSecurityPolicyRuleTagArgs.builder()
            .scope("string")
            .tag("string")
            .build())
        .build())
    .description("string")
    .locked(false)
    .nsxId("string")
    .comments("string")
    .scopes("string")
    .sequenceNumber(0)
    .stateful(false)
    .tags(VpcSecurityPolicyTagArgs.builder()
        .scope("string")
        .tag("string")
        .build())
    .tcpStrict(false)
    .vpcSecurityPolicyId("string")
    .build());
Copy
vpc_security_policy_resource = nsxt.VpcSecurityPolicy("vpcSecurityPolicyResource",
    display_name="string",
    context={
        "project_id": "string",
        "vpc_id": "string",
    },
    rules=[{
        "display_name": "string",
        "notes": "string",
        "path": "string",
        "destinations_excluded": False,
        "direction": "string",
        "disabled": False,
        "description": "string",
        "ip_version": "string",
        "log_label": "string",
        "logged": False,
        "action": "string",
        "destination_groups": ["string"],
        "profiles": ["string"],
        "nsx_id": "string",
        "revision": 0,
        "rule_id": 0,
        "scopes": ["string"],
        "sequence_number": 0,
        "services": ["string"],
        "source_groups": ["string"],
        "sources_excluded": False,
        "tags": [{
            "scope": "string",
            "tag": "string",
        }],
    }],
    description="string",
    locked=False,
    nsx_id="string",
    comments="string",
    scopes=["string"],
    sequence_number=0,
    stateful=False,
    tags=[{
        "scope": "string",
        "tag": "string",
    }],
    tcp_strict=False,
    vpc_security_policy_id="string")
Copy
const vpcSecurityPolicyResource = new nsxt.VpcSecurityPolicy("vpcSecurityPolicyResource", {
    displayName: "string",
    context: {
        projectId: "string",
        vpcId: "string",
    },
    rules: [{
        displayName: "string",
        notes: "string",
        path: "string",
        destinationsExcluded: false,
        direction: "string",
        disabled: false,
        description: "string",
        ipVersion: "string",
        logLabel: "string",
        logged: false,
        action: "string",
        destinationGroups: ["string"],
        profiles: ["string"],
        nsxId: "string",
        revision: 0,
        ruleId: 0,
        scopes: ["string"],
        sequenceNumber: 0,
        services: ["string"],
        sourceGroups: ["string"],
        sourcesExcluded: false,
        tags: [{
            scope: "string",
            tag: "string",
        }],
    }],
    description: "string",
    locked: false,
    nsxId: "string",
    comments: "string",
    scopes: ["string"],
    sequenceNumber: 0,
    stateful: false,
    tags: [{
        scope: "string",
        tag: "string",
    }],
    tcpStrict: false,
    vpcSecurityPolicyId: "string",
});
Copy
type: nsxt:VpcSecurityPolicy
properties:
    comments: string
    context:
        projectId: string
        vpcId: string
    description: string
    displayName: string
    locked: false
    nsxId: string
    rules:
        - action: string
          description: string
          destinationGroups:
            - string
          destinationsExcluded: false
          direction: string
          disabled: false
          displayName: string
          ipVersion: string
          logLabel: string
          logged: false
          notes: string
          nsxId: string
          path: string
          profiles:
            - string
          revision: 0
          ruleId: 0
          scopes:
            - string
          sequenceNumber: 0
          services:
            - string
          sourceGroups:
            - string
          sourcesExcluded: false
          tags:
            - scope: string
              tag: string
    scopes:
        - string
    sequenceNumber: 0
    stateful: false
    tags:
        - scope: string
          tag: string
    tcpStrict: false
    vpcSecurityPolicyId: string
Copy

VpcSecurityPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The VpcSecurityPolicy resource accepts the following input properties:

Context This property is required. VpcSecurityPolicyContext
The context which the object belongs to
DisplayName This property is required. string
Display name of the resource.
Comments string
Comments for security policy lock/unlock.
Description string
Description of the resource.
Locked bool
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
NsxId string
The NSX ID of this resource. If set, this ID will be used to create the resource.
Rules List<VpcSecurityPolicyRule>
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
Scopes List<string>
The list of policy object paths where the rules in this policy will get applied.
SequenceNumber double
This field is used to resolve conflicts between security policies.
Stateful bool
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
Tags List<VpcSecurityPolicyTag>
A list of scope + tag pairs to associate with this policy.
TcpStrict bool
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
VpcSecurityPolicyId string
ID of the Security Policy.
Context This property is required. VpcSecurityPolicyContextArgs
The context which the object belongs to
DisplayName This property is required. string
Display name of the resource.
Comments string
Comments for security policy lock/unlock.
Description string
Description of the resource.
Locked bool
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
NsxId string
The NSX ID of this resource. If set, this ID will be used to create the resource.
Rules []VpcSecurityPolicyRuleArgs
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
Scopes []string
The list of policy object paths where the rules in this policy will get applied.
SequenceNumber float64
This field is used to resolve conflicts between security policies.
Stateful bool
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
Tags []VpcSecurityPolicyTagArgs
A list of scope + tag pairs to associate with this policy.
TcpStrict bool
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
VpcSecurityPolicyId string
ID of the Security Policy.
context This property is required. VpcSecurityPolicyContext
The context which the object belongs to
displayName This property is required. String
Display name of the resource.
comments String
Comments for security policy lock/unlock.
description String
Description of the resource.
locked Boolean
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
nsxId String
The NSX ID of this resource. If set, this ID will be used to create the resource.
rules List<VpcSecurityPolicyRule>
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
scopes List<String>
The list of policy object paths where the rules in this policy will get applied.
sequenceNumber Double
This field is used to resolve conflicts between security policies.
stateful Boolean
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
tags List<VpcSecurityPolicyTag>
A list of scope + tag pairs to associate with this policy.
tcpStrict Boolean
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
vpcSecurityPolicyId String
ID of the Security Policy.
context This property is required. VpcSecurityPolicyContext
The context which the object belongs to
displayName This property is required. string
Display name of the resource.
comments string
Comments for security policy lock/unlock.
description string
Description of the resource.
locked boolean
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
nsxId string
The NSX ID of this resource. If set, this ID will be used to create the resource.
rules VpcSecurityPolicyRule[]
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
scopes string[]
The list of policy object paths where the rules in this policy will get applied.
sequenceNumber number
This field is used to resolve conflicts between security policies.
stateful boolean
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
tags VpcSecurityPolicyTag[]
A list of scope + tag pairs to associate with this policy.
tcpStrict boolean
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
vpcSecurityPolicyId string
ID of the Security Policy.
context This property is required. VpcSecurityPolicyContextArgs
The context which the object belongs to
display_name This property is required. str
Display name of the resource.
comments str
Comments for security policy lock/unlock.
description str
Description of the resource.
locked bool
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
nsx_id str
The NSX ID of this resource. If set, this ID will be used to create the resource.
rules Sequence[VpcSecurityPolicyRuleArgs]
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
scopes Sequence[str]
The list of policy object paths where the rules in this policy will get applied.
sequence_number float
This field is used to resolve conflicts between security policies.
stateful bool
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
tags Sequence[VpcSecurityPolicyTagArgs]
A list of scope + tag pairs to associate with this policy.
tcp_strict bool
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
vpc_security_policy_id str
ID of the Security Policy.
context This property is required. Property Map
The context which the object belongs to
displayName This property is required. String
Display name of the resource.
comments String
Comments for security policy lock/unlock.
description String
Description of the resource.
locked Boolean
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
nsxId String
The NSX ID of this resource. If set, this ID will be used to create the resource.
rules List<Property Map>
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
scopes List<String>
The list of policy object paths where the rules in this policy will get applied.
sequenceNumber Number
This field is used to resolve conflicts between security policies.
stateful Boolean
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
tags List<Property Map>
A list of scope + tag pairs to associate with this policy.
tcpStrict Boolean
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
vpcSecurityPolicyId String
ID of the Security Policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the VpcSecurityPolicy resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Path string
The NSX path of the policy resource.
Revision double
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
Id string
The provider-assigned unique ID for this managed resource.
Path string
The NSX path of the policy resource.
Revision float64
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
id String
The provider-assigned unique ID for this managed resource.
path String
The NSX path of the policy resource.
revision Double
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
id string
The provider-assigned unique ID for this managed resource.
path string
The NSX path of the policy resource.
revision number
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
id str
The provider-assigned unique ID for this managed resource.
path str
The NSX path of the policy resource.
revision float
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
id String
The provider-assigned unique ID for this managed resource.
path String
The NSX path of the policy resource.
revision Number
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.

Look up Existing VpcSecurityPolicy Resource

Get an existing VpcSecurityPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VpcSecurityPolicyState, opts?: CustomResourceOptions): VpcSecurityPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        comments: Optional[str] = None,
        context: Optional[VpcSecurityPolicyContextArgs] = None,
        description: Optional[str] = None,
        display_name: Optional[str] = None,
        locked: Optional[bool] = None,
        nsx_id: Optional[str] = None,
        path: Optional[str] = None,
        revision: Optional[float] = None,
        rules: Optional[Sequence[VpcSecurityPolicyRuleArgs]] = None,
        scopes: Optional[Sequence[str]] = None,
        sequence_number: Optional[float] = None,
        stateful: Optional[bool] = None,
        tags: Optional[Sequence[VpcSecurityPolicyTagArgs]] = None,
        tcp_strict: Optional[bool] = None,
        vpc_security_policy_id: Optional[str] = None) -> VpcSecurityPolicy
func GetVpcSecurityPolicy(ctx *Context, name string, id IDInput, state *VpcSecurityPolicyState, opts ...ResourceOption) (*VpcSecurityPolicy, error)
public static VpcSecurityPolicy Get(string name, Input<string> id, VpcSecurityPolicyState? state, CustomResourceOptions? opts = null)
public static VpcSecurityPolicy get(String name, Output<String> id, VpcSecurityPolicyState state, CustomResourceOptions options)
resources:  _:    type: nsxt:VpcSecurityPolicy    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Comments string
Comments for security policy lock/unlock.
Context VpcSecurityPolicyContext
The context which the object belongs to
Description string
Description of the resource.
DisplayName string
Display name of the resource.
Locked bool
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
NsxId string
The NSX ID of this resource. If set, this ID will be used to create the resource.
Path string
The NSX path of the policy resource.
Revision double
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
Rules List<VpcSecurityPolicyRule>
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
Scopes List<string>
The list of policy object paths where the rules in this policy will get applied.
SequenceNumber double
This field is used to resolve conflicts between security policies.
Stateful bool
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
Tags List<VpcSecurityPolicyTag>
A list of scope + tag pairs to associate with this policy.
TcpStrict bool
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
VpcSecurityPolicyId string
ID of the Security Policy.
Comments string
Comments for security policy lock/unlock.
Context VpcSecurityPolicyContextArgs
The context which the object belongs to
Description string
Description of the resource.
DisplayName string
Display name of the resource.
Locked bool
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
NsxId string
The NSX ID of this resource. If set, this ID will be used to create the resource.
Path string
The NSX path of the policy resource.
Revision float64
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
Rules []VpcSecurityPolicyRuleArgs
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
Scopes []string
The list of policy object paths where the rules in this policy will get applied.
SequenceNumber float64
This field is used to resolve conflicts between security policies.
Stateful bool
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
Tags []VpcSecurityPolicyTagArgs
A list of scope + tag pairs to associate with this policy.
TcpStrict bool
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
VpcSecurityPolicyId string
ID of the Security Policy.
comments String
Comments for security policy lock/unlock.
context VpcSecurityPolicyContext
The context which the object belongs to
description String
Description of the resource.
displayName String
Display name of the resource.
locked Boolean
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
nsxId String
The NSX ID of this resource. If set, this ID will be used to create the resource.
path String
The NSX path of the policy resource.
revision Double
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules List<VpcSecurityPolicyRule>
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
scopes List<String>
The list of policy object paths where the rules in this policy will get applied.
sequenceNumber Double
This field is used to resolve conflicts between security policies.
stateful Boolean
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
tags List<VpcSecurityPolicyTag>
A list of scope + tag pairs to associate with this policy.
tcpStrict Boolean
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
vpcSecurityPolicyId String
ID of the Security Policy.
comments string
Comments for security policy lock/unlock.
context VpcSecurityPolicyContext
The context which the object belongs to
description string
Description of the resource.
displayName string
Display name of the resource.
locked boolean
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
nsxId string
The NSX ID of this resource. If set, this ID will be used to create the resource.
path string
The NSX path of the policy resource.
revision number
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules VpcSecurityPolicyRule[]
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
scopes string[]
The list of policy object paths where the rules in this policy will get applied.
sequenceNumber number
This field is used to resolve conflicts between security policies.
stateful boolean
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
tags VpcSecurityPolicyTag[]
A list of scope + tag pairs to associate with this policy.
tcpStrict boolean
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
vpcSecurityPolicyId string
ID of the Security Policy.
comments str
Comments for security policy lock/unlock.
context VpcSecurityPolicyContextArgs
The context which the object belongs to
description str
Description of the resource.
display_name str
Display name of the resource.
locked bool
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
nsx_id str
The NSX ID of this resource. If set, this ID will be used to create the resource.
path str
The NSX path of the policy resource.
revision float
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules Sequence[VpcSecurityPolicyRuleArgs]
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
scopes Sequence[str]
The list of policy object paths where the rules in this policy will get applied.
sequence_number float
This field is used to resolve conflicts between security policies.
stateful bool
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
tags Sequence[VpcSecurityPolicyTagArgs]
A list of scope + tag pairs to associate with this policy.
tcp_strict bool
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
vpc_security_policy_id str
ID of the Security Policy.
comments String
Comments for security policy lock/unlock.
context Property Map
The context which the object belongs to
description String
Description of the resource.
displayName String
Display name of the resource.
locked Boolean
Indicates whether a security policy should be locked. If locked by a user, no other user would be able to modify this policy.
nsxId String
The NSX ID of this resource. If set, this ID will be used to create the resource.
path String
The NSX path of the policy resource.
revision Number
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rules List<Property Map>
A repeatable block to specify rules for the Security Policy. Each rule includes the following fields:
scopes List<String>
The list of policy object paths where the rules in this policy will get applied.
sequenceNumber Number
This field is used to resolve conflicts between security policies.
stateful Boolean
If true, state of the network connects are tracked and a stateful packet inspection is performed. Default is true.
tags List<Property Map>
A list of scope + tag pairs to associate with this policy.
tcpStrict Boolean
Ensures that a 3 way TCP handshake is done before the data packets are sent. Default is false.
vpcSecurityPolicyId String
ID of the Security Policy.

Supporting Types

VpcSecurityPolicyContext
, VpcSecurityPolicyContextArgs

ProjectId This property is required. string
The ID of the project which the object belongs to
VpcId This property is required. string
The ID of the VPC which the object belongs to
ProjectId This property is required. string
The ID of the project which the object belongs to
VpcId This property is required. string
The ID of the VPC which the object belongs to
projectId This property is required. String
The ID of the project which the object belongs to
vpcId This property is required. String
The ID of the VPC which the object belongs to
projectId This property is required. string
The ID of the project which the object belongs to
vpcId This property is required. string
The ID of the VPC which the object belongs to
project_id This property is required. str
The ID of the project which the object belongs to
vpc_id This property is required. str
The ID of the VPC which the object belongs to
projectId This property is required. String
The ID of the project which the object belongs to
vpcId This property is required. String
The ID of the VPC which the object belongs to

VpcSecurityPolicyRule
, VpcSecurityPolicyRuleArgs

DisplayName This property is required. string
Display name of the resource.
Action string
Rule action, one of ALLOW, DROP and REJECT. Default is ALLOW..
Description string
Description of the resource.
DestinationGroups List<string>
Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
DestinationsExcluded bool
A boolean value indicating negation of destination groups.
Direction string
Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
Disabled bool
Flag to disable this rule. Default is false.
IpVersion string
Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6.
LogLabel string
Additional information (string) which will be propagated to the rule syslog.
Logged bool
Flag to enable packet logging. Default is false.
Notes string
Additional notes on changes.
NsxId string
The NSX ID of this resource. If set, this ID will be used to create the resource.
Path string
The NSX path of the policy resource.
Profiles List<string>
Set of profile paths relevant for this rule.
Revision double
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
RuleId double
Unique positive number that is assigned by the system and is useful for debugging.
Scopes List<string>
Set of policy object paths where the rule is applied.
SequenceNumber double
It is recommended not to specify sequence number for rules, and rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1 and not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
Services List<string>
Set of service paths to match.
SourceGroups List<string>
Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
SourcesExcluded bool
A boolean value indicating negation of source groups.
Tags List<VpcSecurityPolicyRuleTag>
A list of scope + tag pairs to associate with this Rule.
DisplayName This property is required. string
Display name of the resource.
Action string
Rule action, one of ALLOW, DROP and REJECT. Default is ALLOW..
Description string
Description of the resource.
DestinationGroups []string
Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
DestinationsExcluded bool
A boolean value indicating negation of destination groups.
Direction string
Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
Disabled bool
Flag to disable this rule. Default is false.
IpVersion string
Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6.
LogLabel string
Additional information (string) which will be propagated to the rule syslog.
Logged bool
Flag to enable packet logging. Default is false.
Notes string
Additional notes on changes.
NsxId string
The NSX ID of this resource. If set, this ID will be used to create the resource.
Path string
The NSX path of the policy resource.
Profiles []string
Set of profile paths relevant for this rule.
Revision float64
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
RuleId float64
Unique positive number that is assigned by the system and is useful for debugging.
Scopes []string
Set of policy object paths where the rule is applied.
SequenceNumber float64
It is recommended not to specify sequence number for rules, and rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1 and not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
Services []string
Set of service paths to match.
SourceGroups []string
Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
SourcesExcluded bool
A boolean value indicating negation of source groups.
Tags []VpcSecurityPolicyRuleTag
A list of scope + tag pairs to associate with this Rule.
displayName This property is required. String
Display name of the resource.
action String
Rule action, one of ALLOW, DROP and REJECT. Default is ALLOW..
description String
Description of the resource.
destinationGroups List<String>
Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded Boolean
A boolean value indicating negation of destination groups.
direction String
Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled Boolean
Flag to disable this rule. Default is false.
ipVersion String
Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6.
logLabel String
Additional information (string) which will be propagated to the rule syslog.
logged Boolean
Flag to enable packet logging. Default is false.
notes String
Additional notes on changes.
nsxId String
The NSX ID of this resource. If set, this ID will be used to create the resource.
path String
The NSX path of the policy resource.
profiles List<String>
Set of profile paths relevant for this rule.
revision Double
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId Double
Unique positive number that is assigned by the system and is useful for debugging.
scopes List<String>
Set of policy object paths where the rule is applied.
sequenceNumber Double
It is recommended not to specify sequence number for rules, and rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1 and not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services List<String>
Set of service paths to match.
sourceGroups List<String>
Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded Boolean
A boolean value indicating negation of source groups.
tags List<VpcSecurityPolicyRuleTag>
A list of scope + tag pairs to associate with this Rule.
displayName This property is required. string
Display name of the resource.
action string
Rule action, one of ALLOW, DROP and REJECT. Default is ALLOW..
description string
Description of the resource.
destinationGroups string[]
Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded boolean
A boolean value indicating negation of destination groups.
direction string
Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled boolean
Flag to disable this rule. Default is false.
ipVersion string
Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6.
logLabel string
Additional information (string) which will be propagated to the rule syslog.
logged boolean
Flag to enable packet logging. Default is false.
notes string
Additional notes on changes.
nsxId string
The NSX ID of this resource. If set, this ID will be used to create the resource.
path string
The NSX path of the policy resource.
profiles string[]
Set of profile paths relevant for this rule.
revision number
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId number
Unique positive number that is assigned by the system and is useful for debugging.
scopes string[]
Set of policy object paths where the rule is applied.
sequenceNumber number
It is recommended not to specify sequence number for rules, and rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1 and not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services string[]
Set of service paths to match.
sourceGroups string[]
Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded boolean
A boolean value indicating negation of source groups.
tags VpcSecurityPolicyRuleTag[]
A list of scope + tag pairs to associate with this Rule.
display_name This property is required. str
Display name of the resource.
action str
Rule action, one of ALLOW, DROP and REJECT. Default is ALLOW..
description str
Description of the resource.
destination_groups Sequence[str]
Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinations_excluded bool
A boolean value indicating negation of destination groups.
direction str
Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled bool
Flag to disable this rule. Default is false.
ip_version str
Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6.
log_label str
Additional information (string) which will be propagated to the rule syslog.
logged bool
Flag to enable packet logging. Default is false.
notes str
Additional notes on changes.
nsx_id str
The NSX ID of this resource. If set, this ID will be used to create the resource.
path str
The NSX path of the policy resource.
profiles Sequence[str]
Set of profile paths relevant for this rule.
revision float
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
rule_id float
Unique positive number that is assigned by the system and is useful for debugging.
scopes Sequence[str]
Set of policy object paths where the rule is applied.
sequence_number float
It is recommended not to specify sequence number for rules, and rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1 and not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services Sequence[str]
Set of service paths to match.
source_groups Sequence[str]
Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sources_excluded bool
A boolean value indicating negation of source groups.
tags Sequence[VpcSecurityPolicyRuleTag]
A list of scope + tag pairs to associate with this Rule.
displayName This property is required. String
Display name of the resource.
action String
Rule action, one of ALLOW, DROP and REJECT. Default is ALLOW..
description String
Description of the resource.
destinationGroups List<String>
Set of group paths that serve as the destination for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
destinationsExcluded Boolean
A boolean value indicating negation of destination groups.
direction String
Traffic direction, one of IN, OUT or IN_OUT. Default is IN_OUT.
disabled Boolean
Flag to disable this rule. Default is false.
ipVersion String
Version of IP protocol, one of NONE, IPV4, IPV6, IPV4_IPV6. Default is IPV4_IPV6.
logLabel String
Additional information (string) which will be propagated to the rule syslog.
logged Boolean
Flag to enable packet logging. Default is false.
notes String
Additional notes on changes.
nsxId String
The NSX ID of this resource. If set, this ID will be used to create the resource.
path String
The NSX path of the policy resource.
profiles List<String>
Set of profile paths relevant for this rule.
revision Number
Indicates current revision number of the object as seen by NSX-T API server. This attribute can be useful for debugging.
ruleId Number
Unique positive number that is assigned by the system and is useful for debugging.
scopes List<String>
Set of policy object paths where the rule is applied.
sequenceNumber Number
It is recommended not to specify sequence number for rules, and rely on provider to auto-assign them. If you choose to specify sequence numbers, you must make sure the numbers are consistent with order of the rules in configuration. Please note that sequence numbers should start with 1 and not 0. To avoid confusion, either specify sequence numbers in all rules, or none at all.
services List<String>
Set of service paths to match.
sourceGroups List<String>
Set of group paths that serve as the source for this rule. IPs, IP ranges, or CIDRs may also be used starting in NSX-T 3.0. An empty set can be used to specify "Any".
sourcesExcluded Boolean
A boolean value indicating negation of source groups.
tags List<Property Map>
A list of scope + tag pairs to associate with this Rule.

VpcSecurityPolicyRuleTag
, VpcSecurityPolicyRuleTagArgs

Scope string
The list of policy object paths where the rules in this policy will get applied.
Tag string
A list of scope + tag pairs to associate with this policy.
Scope string
The list of policy object paths where the rules in this policy will get applied.
Tag string
A list of scope + tag pairs to associate with this policy.
scope String
The list of policy object paths where the rules in this policy will get applied.
tag String
A list of scope + tag pairs to associate with this policy.
scope string
The list of policy object paths where the rules in this policy will get applied.
tag string
A list of scope + tag pairs to associate with this policy.
scope str
The list of policy object paths where the rules in this policy will get applied.
tag str
A list of scope + tag pairs to associate with this policy.
scope String
The list of policy object paths where the rules in this policy will get applied.
tag String
A list of scope + tag pairs to associate with this policy.

VpcSecurityPolicyTag
, VpcSecurityPolicyTagArgs

Scope string
The list of policy object paths where the rules in this policy will get applied.
Tag string
A list of scope + tag pairs to associate with this policy.
Scope string
The list of policy object paths where the rules in this policy will get applied.
Tag string
A list of scope + tag pairs to associate with this policy.
scope String
The list of policy object paths where the rules in this policy will get applied.
tag String
A list of scope + tag pairs to associate with this policy.
scope string
The list of policy object paths where the rules in this policy will get applied.
tag string
A list of scope + tag pairs to associate with this policy.
scope str
The list of policy object paths where the rules in this policy will get applied.
tag str
A list of scope + tag pairs to associate with this policy.
scope String
The list of policy object paths where the rules in this policy will get applied.
tag String
A list of scope + tag pairs to associate with this policy.

Package Details

Repository
nsxt vmware/terraform-provider-nsxt
License
Notes
This Pulumi package is based on the nsxt Terraform Provider.