This topic describes how to create an access control policy for the Internet firewall by using Terraform.
Prerequisites
An Alibaba Cloud account and an AccessKey pair are created. For more information, see Create an AccessKey pair.
Terraform is installed and configured. For more information, see Use Terraform in Cloud Shell and Install and configure Terraform on your computer.
Usage notes
Terraform runtime environment: Alibaba Cloud Shell
Terraform version: 0.12
alicloud version: 1.203.0
Resource definition: alicloud_cloud_firewall_control_policy
Procedure
In the execution directory of Terraform, configure the
terraform.tf
file.The following code provides an example:
provider "alicloud" { version = "~> 1.203.0" } resource "alicloud_cloud_firewall_control_policy" "example" { application_name = "ANY" acl_action = "accept" description = "Created_by_terraform" destination_type = "net" destination = "100.1.XX.XX/24" direction = "out" proto = "ANY" source = "1.2.XX.XX/24" source_type = "net" }
Run the
terraform init
command to initialize the environment.The following code provides an example:
Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "alicloud" (hashicorp/alicloud) 1.203.0... Warning: registry.terraform.io: For users on Terraform 0.13 or greater, this provider has moved to aliyun/alicloud. Please update your source in required_providers. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
Run the
terraform apply
command. After the following information appears, confirm the information and enter yes to create the access control policy.The following code provides an example. After the code is run, an outbound access control policy whose ID is 1b5f9953-0a00-46d6-8282-0cf08ff5**** is created.
An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_cloud_firewall_control_policy.example will be created + resource "alicloud_cloud_firewall_control_policy" "example" { + acl_action = "accept" + acl_uuid = (known after apply) + application_name = "ANY" + description = "Created_by_terraform" + dest_port = (known after apply) + dest_port_group = (known after apply) + dest_port_type = (known after apply) + destination = "100.1.1.0/24" + destination_type = "net" + direction = "out" + id = (known after apply) + proto = "ANY" + release = (known after apply) + source = "1.2.3.0/24" + source_ip = (known after apply) + source_type = "net" } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_cloud_firewall_control_policy.example: Creating... alicloud_cloud_firewall_control_policy.example: Creation complete after 0s [id=1b5f9953-0a00-46d6-8282-0cf08ff5****:out]
View the results.
Run the
terraform show
command to view the details of the access control policy.# alicloud_cloud_firewall_control_policy.example: resource "alicloud_cloud_firewall_control_policy" "example" { acl_action = "accept" acl_uuid = "1b5f9953-0a00-46d6-8282-0cf08ff5****" application_name = "ANY" description = "Created_by_terraform" dest_port = "0/0" dest_port_type = "port" destination = "100.1.XX.XX/24" destination_type = "net" direction = "out" id = "1b5f9953-0a00-46d6-8282-0cf08ff5****:out" proto = "ANY" release = "true" source = "1.2.XX.XX/24" source_type = "net" }
Log on to the Cloud Firewall console to search for the access control policy by using the policy ID and view the details of the access control policy.