Palo Alto Networks Cloud NGFW for AWS v1.0.0 published on Wednesday, Oct 8, 2025 by Pulumi
cloudngfwaws.getSecurityRule
Start a Neo task
Explain and create a cloudngfwaws.getSecurityRule resource
Palo Alto Networks Cloud NGFW for AWS v1.0.0 published on Wednesday, Oct 8, 2025 by Pulumi
Data source for retrieving security rule information.
Admin Permission Type
Rulestack(forscope="Local")Global Rulestack(forscope="Global")
Example Usage
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
resources:
r:
type: cloudngfwaws:Rulestack
properties:
name: my-rulestack
scope: Local
accountId: '12345'
description: Made by Pulumi
profileConfig:
antiSpyware: BestPractice
variables:
example:
fn::invoke:
function: cloudngfwaws:getSecurityRule
arguments:
rulestack: ${r.name}
name: foobar
Using getSecurityRule
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecurityRule(args: GetSecurityRuleArgs, opts?: InvokeOptions): Promise<GetSecurityRuleResult>
function getSecurityRuleOutput(args: GetSecurityRuleOutputArgs, opts?: InvokeOptions): Output<GetSecurityRuleResult>def get_security_rule(config_type: Optional[str] = None,
priority: Optional[int] = None,
rule_list: Optional[str] = None,
rulestack: Optional[str] = None,
scope: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSecurityRuleResult
def get_security_rule_output(config_type: Optional[pulumi.Input[str]] = None,
priority: Optional[pulumi.Input[int]] = None,
rule_list: Optional[pulumi.Input[str]] = None,
rulestack: Optional[pulumi.Input[str]] = None,
scope: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecurityRuleResult]func LookupSecurityRule(ctx *Context, args *LookupSecurityRuleArgs, opts ...InvokeOption) (*LookupSecurityRuleResult, error)
func LookupSecurityRuleOutput(ctx *Context, args *LookupSecurityRuleOutputArgs, opts ...InvokeOption) LookupSecurityRuleResultOutput> Note: This function is named LookupSecurityRule in the Go SDK.
public static class GetSecurityRule
{
public static Task<GetSecurityRuleResult> InvokeAsync(GetSecurityRuleArgs args, InvokeOptions? opts = null)
public static Output<GetSecurityRuleResult> Invoke(GetSecurityRuleInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSecurityRuleResult> getSecurityRule(GetSecurityRuleArgs args, InvokeOptions options)
public static Output<GetSecurityRuleResult> getSecurityRule(GetSecurityRuleArgs args, InvokeOptions options)
fn::invoke:
function: cloudngfwaws:index/getSecurityRule:getSecurityRule
arguments:
# arguments dictionaryThe following arguments are supported:
- Priority int
- The rule priority.
- Rulestack string
- The rulestack.
- Config
Type string - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - Rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - Scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
- Priority int
- The rule priority.
- Rulestack string
- The rulestack.
- Config
Type string - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - Rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - Scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
- priority Integer
- The rule priority.
- rulestack String
- The rulestack.
- config
Type String - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - rule
List String - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope String
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
- priority number
- The rule priority.
- rulestack string
- The rulestack.
- config
Type string - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
- priority int
- The rule priority.
- rulestack str
- The rulestack.
- config_
type str - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - rule_
list str - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope str
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
- priority Number
- The rule priority.
- rulestack String
- The rulestack.
- config
Type String - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - rule
List String - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope String
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
getSecurityRule Result
The following output properties are available:
- Action string
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - Applications List<string>
- The list of applications.
- Audit
Comment string - The audit comment.
- Categories
List<Pulumi.
Cloud Ngfw Aws. Outputs. Get Security Rule Category> - The category spec.
- Decryption
Rule stringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - Description string
- The description.
- Destinations
List<Pulumi.
Cloud Ngfw Aws. Outputs. Get Security Rule Destination> - The destination spec.
- Enabled bool
- Set to false to disable this rule.
- Id string
- The provider-assigned unique ID for this managed resource.
- Logging bool
- Enable logging at end.
- Name string
- The name.
- Negate
Destination bool - Negate the destination definition.
- Negate
Source bool - Negate the source definition.
- Priority int
- The rule priority.
- Prot
Port List<string>Lists - Protocol port list.
- Protocol string
- The protocol.
- Rulestack string
- The rulestack.
- Sources
List<Pulumi.
Cloud Ngfw Aws. Outputs. Get Security Rule Source> - The source spec.
- Dictionary<string, string>
- The tags.
- Update
Token string - The update token.
- Config
Type string - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - Rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - Scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
- Action string
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - Applications []string
- The list of applications.
- Audit
Comment string - The audit comment.
- Categories
[]Get
Security Rule Category - The category spec.
- Decryption
Rule stringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - Description string
- The description.
- Destinations
[]Get
Security Rule Destination - The destination spec.
- Enabled bool
- Set to false to disable this rule.
- Id string
- The provider-assigned unique ID for this managed resource.
- Logging bool
- Enable logging at end.
- Name string
- The name.
- Negate
Destination bool - Negate the destination definition.
- Negate
Source bool - Negate the source definition.
- Priority int
- The rule priority.
- Prot
Port []stringLists - Protocol port list.
- Protocol string
- The protocol.
- Rulestack string
- The rulestack.
- Sources
[]Get
Security Rule Source - The source spec.
- map[string]string
- The tags.
- Update
Token string - The update token.
- Config
Type string - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - Rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - Scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
- action String
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications List<String>
- The list of applications.
- audit
Comment String - The audit comment.
- categories
List<Get
Security Rule Category> - The category spec.
- decryption
Rule StringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description String
- The description.
- destinations
List<Get
Security Rule Destination> - The destination spec.
- enabled Boolean
- Set to false to disable this rule.
- id String
- The provider-assigned unique ID for this managed resource.
- logging Boolean
- Enable logging at end.
- name String
- The name.
- negate
Destination Boolean - Negate the destination definition.
- negate
Source Boolean - Negate the source definition.
- priority Integer
- The rule priority.
- prot
Port List<String>Lists - Protocol port list.
- protocol String
- The protocol.
- rulestack String
- The rulestack.
- sources
List<Get
Security Rule Source> - The source spec.
- Map<String,String>
- The tags.
- update
Token String - The update token.
- config
Type String - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - rule
List String - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope String
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
- action string
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications string[]
- The list of applications.
- audit
Comment string - The audit comment.
- categories
Get
Security Rule Category[] - The category spec.
- decryption
Rule stringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description string
- The description.
- destinations
Get
Security Rule Destination[] - The destination spec.
- enabled boolean
- Set to false to disable this rule.
- id string
- The provider-assigned unique ID for this managed resource.
- logging boolean
- Enable logging at end.
- name string
- The name.
- negate
Destination boolean - Negate the destination definition.
- negate
Source boolean - Negate the source definition.
- priority number
- The rule priority.
- prot
Port string[]Lists - Protocol port list.
- protocol string
- The protocol.
- rulestack string
- The rulestack.
- sources
Get
Security Rule Source[] - The source spec.
- {[key: string]: string}
- The tags.
- update
Token string - The update token.
- config
Type string - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - rule
List string - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope string
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
- action str
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications Sequence[str]
- The list of applications.
- audit_
comment str - The audit comment.
- categories
Sequence[Get
Security Rule Category] - The category spec.
- decryption_
rule_ strtype - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description str
- The description.
- destinations
Sequence[Get
Security Rule Destination] - The destination spec.
- enabled bool
- Set to false to disable this rule.
- id str
- The provider-assigned unique ID for this managed resource.
- logging bool
- Enable logging at end.
- name str
- The name.
- negate_
destination bool - Negate the destination definition.
- negate_
source bool - Negate the source definition.
- priority int
- The rule priority.
- prot_
port_ Sequence[str]lists - Protocol port list.
- protocol str
- The protocol.
- rulestack str
- The rulestack.
- sources
Sequence[Get
Security Rule Source] - The source spec.
- Mapping[str, str]
- The tags.
- update_
token str - The update token.
- config_
type str - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - rule_
list str - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope str
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
- action String
- The action to take. Valid values are
Allow,DenySilent,DenyResetServer, orDenyResetBoth. - applications List<String>
- The list of applications.
- audit
Comment String - The audit comment.
- categories List<Property Map>
- The category spec.
- decryption
Rule StringType - Decryption rule type. Valid values are ``or
SSLOutboundInspection. - description String
- The description.
- destinations List<Property Map>
- The destination spec.
- enabled Boolean
- Set to false to disable this rule.
- id String
- The provider-assigned unique ID for this managed resource.
- logging Boolean
- Enable logging at end.
- name String
- The name.
- negate
Destination Boolean - Negate the destination definition.
- negate
Source Boolean - Negate the source definition.
- priority Number
- The rule priority.
- prot
Port List<String>Lists - Protocol port list.
- protocol String
- The protocol.
- rulestack String
- The rulestack.
- sources List<Property Map>
- The source spec.
- Map<String>
- The tags.
- update
Token String - The update token.
- config
Type String - Retrieve either the candidate or running config. Valid values are
candidateorrunning. Defaults tocandidate. - rule
List String - The rulebase. Valid values are
PreRule,PostRule, orLocalRule. Defaults toPreRule. - scope String
- The rulestack's scope. A local rulestack will require that you've retrieved a LRA JWT. A global rulestack will require that you've retrieved a GRA JWT. Valid values are
LocalorGlobal. Defaults toLocal.
Supporting Types
GetSecurityRuleCategory
- Feeds List<string>
- List of feeds.
- Url
Category List<string>Names - List of URL category names.
- Feeds []string
- List of feeds.
- Url
Category []stringNames - List of URL category names.
- feeds List<String>
- List of feeds.
- url
Category List<String>Names - List of URL category names.
- feeds string[]
- List of feeds.
- url
Category string[]Names - List of URL category names.
- feeds Sequence[str]
- List of feeds.
- url_
category_ Sequence[str]names - List of URL category names.
- feeds List<String>
- List of feeds.
- url
Category List<String>Names - List of URL category names.
GetSecurityRuleDestination
- Cidrs List<string>
- List of CIDRs.
- Countries List<string>
- List of countries.
- Feeds List<string>
- List of feeds.
- Fqdn
Lists List<string> - List of FQDN lists.
- Prefix
Lists List<string> - List of prefix list.
- Cidrs []string
- List of CIDRs.
- Countries []string
- List of countries.
- Feeds []string
- List of feeds.
- Fqdn
Lists []string - List of FQDN lists.
- Prefix
Lists []string - List of prefix list.
- cidrs List<String>
- List of CIDRs.
- countries List<String>
- List of countries.
- feeds List<String>
- List of feeds.
- fqdn
Lists List<String> - List of FQDN lists.
- prefix
Lists List<String> - List of prefix list.
- cidrs string[]
- List of CIDRs.
- countries string[]
- List of countries.
- feeds string[]
- List of feeds.
- fqdn
Lists string[] - List of FQDN lists.
- prefix
Lists string[] - List of prefix list.
- cidrs Sequence[str]
- List of CIDRs.
- countries Sequence[str]
- List of countries.
- feeds Sequence[str]
- List of feeds.
- fqdn_
lists Sequence[str] - List of FQDN lists.
- prefix_
lists Sequence[str] - List of prefix list.
- cidrs List<String>
- List of CIDRs.
- countries List<String>
- List of countries.
- feeds List<String>
- List of feeds.
- fqdn
Lists List<String> - List of FQDN lists.
- prefix
Lists List<String> - List of prefix list.
GetSecurityRuleSource
- Cidrs List<string>
- List of CIDRs.
- Countries List<string>
- List of countries.
- Feeds List<string>
- List of feeds.
- Prefix
Lists List<string> - List of prefix list.
- Cidrs []string
- List of CIDRs.
- Countries []string
- List of countries.
- Feeds []string
- List of feeds.
- Prefix
Lists []string - List of prefix list.
- cidrs List<String>
- List of CIDRs.
- countries List<String>
- List of countries.
- feeds List<String>
- List of feeds.
- prefix
Lists List<String> - List of prefix list.
- cidrs string[]
- List of CIDRs.
- countries string[]
- List of countries.
- feeds string[]
- List of feeds.
- prefix
Lists string[] - List of prefix list.
- cidrs Sequence[str]
- List of CIDRs.
- countries Sequence[str]
- List of countries.
- feeds Sequence[str]
- List of feeds.
- prefix_
lists Sequence[str] - List of prefix list.
- cidrs List<String>
- List of CIDRs.
- countries List<String>
- List of countries.
- feeds List<String>
- List of feeds.
- prefix
Lists List<String> - List of prefix list.
Package Details
- Repository
- cloudngfwaws pulumi/pulumi-cloudngfwaws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudngfwawsTerraform Provider.
Palo Alto Networks Cloud NGFW for AWS v1.0.0 published on Wednesday, Oct 8, 2025 by Pulumi
