azure_rm_azurefirewall – Manage Azure Firewall instance¶
New in version 2.9.
The below requirements are needed on the host that executes this module.
- python >= 2.7
- azure >= 2.0.0
- For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
- Authentication is also possible using a service principal or Active Directory user.
- To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
- To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
- Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
- name: Create Azure Firewall azure_rm_azurefirewall: resource_group: myResourceGroup name: myAzureFirewall tags: key1: value1 application_rule_collections: - priority: 110 action: type: deny rules: - name: rule1 description: Deny inbound rule source_addresses: - 18.104.22.168 - 10.0.0.0/24 protocols: - type: https port: '443' target_fqdns: - www.test.com name: apprulecoll nat_rule_collections: - priority: 112 action: type: dnat rules: - name: DNAT-HTTPS-traffic description: D-NAT all outbound web traffic for inspection source_addresses: - '*' destination_addresses: - 22.214.171.124 destination_ports: - '443' protocols: - tcp translated_address: 126.96.36.199 translated_port: '8443' name: natrulecoll network_rule_collections: - priority: 112 action: type: deny rules: - name: L4-traffic description: Block traffic based on source IPs and ports protocols: - tcp source_addresses: - 192.168.1.1-192.168.1.12 - 10.1.4.12-10.1.4.255 destination_addresses: - '*' destination_ports: - 443-444 - '8443' name: netrulecoll ip_configurations: - subnet: >- /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup /providers/Microsoft.Network/virtualNetworks/myVirtualNetwork /subnets/AzureFirewallSubnet public_ip_address: >- /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup /providers/Microsoft.Network/publicIPAddresses/ myPublicIpAddress name: azureFirewallIpConfiguration - name: Delete Azure Firewall azure_rm_azurefirewall: resource_group: myResourceGroup name: myAzureFirewall state: absent
Common return values are documented here, the following are the fields unique to this module: