azure_rm_azurefirewall – Manage Azure Firewall instance¶
New in version 2.9.
Synopsis¶
Create, update and delete instance of Azure Firewall.
Requirements¶
The below requirements are needed on the host that executes this module.
python >= 2.7
azure >= 2.0.0
Parameters¶
Notes¶
Note
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login
.Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also¶
See also
- Sign in with Azure CLI
How to authenticate using the
az login
command.
Examples¶
- name: Create Azure Firewall
azure_rm_azurefirewall:
resource_group: myResourceGroup
name: myAzureFirewall
tags:
key1: value1
application_rule_collections:
- priority: 110
action:
type: deny
rules:
- name: rule1
description: Deny inbound rule
source_addresses:
- 216.58.216.164
- 10.0.0.0/24
protocols:
- type: https
port: '443'
target_fqdns:
- www.test.com
name: apprulecoll
nat_rule_collections:
- priority: 112
action:
type: dnat
rules:
- name: DNAT-HTTPS-traffic
description: D-NAT all outbound web traffic for inspection
source_addresses:
- '*'
destination_addresses:
- 1.2.3.4
destination_ports:
- '443'
protocols:
- tcp
translated_address: 1.2.3.5
translated_port: '8443'
name: natrulecoll
network_rule_collections:
- priority: 112
action:
type: deny
rules:
- name: L4-traffic
description: Block traffic based on source IPs and ports
protocols:
- tcp
source_addresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
destination_addresses:
- '*'
destination_ports:
- 443-444
- '8443'
name: netrulecoll
ip_configurations:
- subnet: >-
/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup
/providers/Microsoft.Network/virtualNetworks/myVirtualNetwork
/subnets/AzureFirewallSubnet
public_ip_address: >-
/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup
/providers/Microsoft.Network/publicIPAddresses/
myPublicIpAddress
name: azureFirewallIpConfiguration
- name: Delete Azure Firewall
azure_rm_azurefirewall:
resource_group: myResourceGroup
name: myAzureFirewall
state: absent
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]