f5xc_nfv_service Resource - terraform-provider-f5xc

f5xc_nfv_service (Resource)

Manages new NFV service with configured parameters. in F5 Distributed Cloud.

~> Note For more information about this resource, please refer to the F5 XC API Documentation.

Example Usage

# Nfv Service Resource Example
# Manages new NFV service with configured parameters. in F5 Distributed Cloud.

terraform {
  required_version = ">= 1.0"

  required_providers {
    f5xc = {
      source  = "f5xc-salesdemos/f5xc"
      version = ">= 0.1.0"
    }
  }
}

# Basic Nfv Service configuration
resource "f5xc_nfv_service" "example" {
  name      = "example-nfv-service"
  namespace = "staging"

  labels = {
    environment = "production"
    managed_by  = "terraform"
  }

  annotations = {
    "owner" = "platform-team"
  }

  # Resource-specific configuration
  # [OneOf: disable_https_management, https_management; Defau...
  disable_https_management {
    # Configure disable_https_management settings
  }
  # [OneOf: disable_ssh_access, enabled_ssh_access; Default: ...
  disable_ssh_access {
    # Configure disable_ssh_access settings
  }
  # Configuration parameter for enabled ssh access.
  enabled_ssh_access {
    # Configure enabled_ssh_access settings
  }
}

Argument Reference

🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.

Metadata Argument Reference

• name - Required String
Name of the Nfv Service. Must be unique within the namespace

• namespace - Required String
Namespace where the Nfv Service will be created

• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

• description - Optional String
Human readable description for the object

• disable - Optional Bool
A value of true will administratively disable the object

• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering

Spec Argument Reference

-> One of the following: • disable_https_management - Optional Block
Configuration parameter for disable HTTPS management

-> One of the following: • disable_ssh_access - Optional Block
Configuration parameter for disable SSH access

• enabled_ssh_access - Optional Block
Configuration parameter for enabled SSH access
See Enabled SSH Access below for details.

-> One of the following: • f5_big_ip_aws_service - Optional Block
Virtual BIG-IP AWS. Virtual BIG-IP specification for AWS
See F5 Big IP AWS Service below for details.

• palo_alto_fw_service - Optional Block
Palo Alto Networks VM-Series next-generation firewall configuration

• https_management - Optional Block
Configuration parameter for HTTPS management
See HTTPS Management below for details.

• timeouts - Optional Block

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - Optional String
Unique identifier for the resource

Enabled SSH Access

An enabled_ssh_access block supports the following:

• advertise_on_sli - Optional Block
Configuration parameter for advertise on SLI

• advertise_on_slo - Optional Block
Configuration parameter for advertise on slo

• advertise_on_slo_sli - Optional Block
Configuration parameter for advertise on slo SLI

• domain_suffix - Optional String
Domain suffix will be used along with node name to form the hostname for SSH node management

• node_ssh_ports - Optional Block
Enter TCP port and node name per node
See Node SSH Ports below.

Enabled SSH Access Node SSH Ports

A node_ssh_ports block (within enabled_ssh_access) supports the following:

• node_name - Optional String
Node name will be used to match a particular node with the desired TCP port

• ssh_port - Optional Number
SSH Port. Enter TCP port per node

F5 Big IP AWS Service

A f5_big_ip_aws_service block supports the following:

• admin_password - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Admin Password below.

• admin_username - Optional String
Admin Username for BIG-IP

• aws_tgw_site_params - Optional Block
BIG-IP AWS TGW Site. BIG-IP AWS TGW site specification
See AWS TGW Site Params below.

• endpoint_service - Optional Block
Endpoint Service is a type of NFV service where the packets are destined to NFV and service modifies the destination with a new destination address
See Endpoint Service below.

• market_place_image - Optional Block
BIG-IP AWS Pay as You Go Image Selection
See Market Place Image below.

• nodes - Optional Block
Specify how and where the service nodes are spawned
See Nodes below.

• ssh_key - Optional String
Public SSH key for accessing the Big IP nodes

• tags - Optional Block
AWS Tags is a label consisting of a user-defined key and value. It helps to manage, identify, organize, search for, and filter resources in AWS console

F5 Big IP AWS Service Admin Password

An admin_password block (within f5_big_ip_aws_service) supports the following:

• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.

• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.

F5 Big IP AWS Service Admin Password Blindfold Secret Info

Deeply nested Info block collapsed for readability.

F5 Big IP AWS Service Admin Password Clear Secret Info

Deeply nested Info block collapsed for readability.

F5 Big IP AWS Service AWS TGW Site Params

Deeply nested Params block collapsed for readability.

F5 Big IP AWS Service AWS TGW Site Params AWS TGW Site

Deeply nested Site block collapsed for readability.

F5 Big IP AWS Service Endpoint Service

An endpoint_service block (within f5_big_ip_aws_service) supports the following:

• advertise_on_slo_ip - Optional Block
Enable this option

• advertise_on_slo_ip_external - Optional Block
Enable this option

• automatic_vip - Optional Block
Enable this option

• configured_vip - Optional String
Enter IP address for the default VIP

• custom_tcp_ports - Optional Block
Port Range List. List of port ranges
See Custom TCP Ports below.

• custom_udp_ports - Optional Block
Port Range List. List of port ranges
See Custom UDP Ports below.

• default_tcp_ports - Optional Block
Enable this option

• disable_advertise_on_slo_ip - Optional Block
Enable this option

• http_port - Optional Block
Enable this option

• https_port - Optional Block
Enable this option

• no_tcp_ports - Optional Block
Enable this option

• no_udp_ports - Optional Block
Enable this option

F5 Big IP AWS Service Endpoint Service Custom TCP Ports

Deeply nested Ports block collapsed for readability.

F5 Big IP AWS Service Endpoint Service Custom UDP Ports

Deeply nested Ports block collapsed for readability.

F5 Big IP AWS Service Market Place Image

Deeply nested Image block collapsed for readability.

F5 Big IP AWS Service Nodes

A nodes block (within f5_big_ip_aws_service) supports the following:

• automatic_prefix - Optional Block
Configuration parameter for automatic prefix

• aws_az_name - Optional String
The AWS Availability Zone must be consistent with the AWS Region chosen. Please select an AZ in the same Region as your TGW Site

• mgmt_subnet - Optional Block
Configuration parameter for mgmt subnet
See Mgmt Subnet below.

• node_name - Optional String
Node Name will be used to assign as hostname to the service

• reserved_mgmt_subnet - Optional Block
Configuration parameter for reserved mgmt subnet

• tunnel_prefix - Optional String
Enter IP prefix for the tunnel, it has to be /30

F5 Big IP AWS Service Nodes Mgmt Subnet

Deeply nested Subnet block collapsed for readability.

F5 Big IP AWS Service Nodes Mgmt Subnet Subnet Param

Deeply nested Param block collapsed for readability.

HTTPS Management

A https_management block supports the following:

• advertise_on_internet - Optional Block
Defines a way to advertise a load balancer on public. If optional public_ip is provided, it will only be advertised on RE sites where that public_ip is available
See Advertise On internet below.

• advertise_on_internet_default_vip - Optional Block
Enable this option

• advertise_on_sli_vip - Optional Block
Inline TLS Parameters. Inline TLS parameters
See Advertise On SLI VIP below.

• advertise_on_slo_internet_vip - Optional Block
Inline TLS Parameters. Inline TLS parameters
See Advertise On Slo internet VIP below.

• advertise_on_slo_sli - Optional Block
Configuration parameter for advertise on slo SLI
See Advertise On Slo SLI below.

• advertise_on_slo_vip - Optional Block
Inline TLS Parameters. Inline TLS parameters
See Advertise On Slo VIP below.

• default_https_port - Optional Block
Enable this option

• domain_suffix - Optional String
Domain suffix will be used along with node name to form URL to access node management

• https_port - Optional Number
Enter TCP port number

HTTPS Management Advertise On internet

An advertise_on_internet block (within https_management) supports the following:

• public_ip - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Public IP below.

HTTPS Management Advertise On internet Public IP

A public_ip block (within https_management.advertise_on_internet) supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

HTTPS Management Advertise On SLI VIP

An advertise_on_sli_vip block (within https_management) supports the following:

• no_mtls - Optional Block
Enable this option

• tls_certificates - Optional Block
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
See TLS Certificates below.

• tls_config - Optional Block
Defines various OPTIONS to configure TLS configuration parameters
See TLS Config below.

• use_mtls - Optional Block
Validation context for downstream client TLS connections
See Use mTLS below.

HTTPS Management Advertise On SLI VIP TLS Certificates

Deeply nested Certificates block collapsed for readability.

HTTPS Management Advertise On SLI VIP TLS Certificates Custom Hash Algorithms

Deeply nested Algorithms block collapsed for readability.

HTTPS Management Advertise On SLI VIP TLS Certificates Private Key

Deeply nested Key block collapsed for readability.

HTTPS Management Advertise On SLI VIP TLS Certificates Private Key Blindfold Secret Info

Deeply nested Info block collapsed for readability.

HTTPS Management Advertise On SLI VIP TLS Certificates Private Key Clear Secret Info

Deeply nested Info block collapsed for readability.

HTTPS Management Advertise On SLI VIP TLS Config

Deeply nested Config block collapsed for readability.

HTTPS Management Advertise On SLI VIP TLS Config Custom Security

Deeply nested Security block collapsed for readability.

HTTPS Management Advertise On SLI VIP Use mTLS

Deeply nested mTLS block collapsed for readability.

HTTPS Management Advertise On SLI VIP Use mTLS CRL

Deeply nested CRL block collapsed for readability.

HTTPS Management Advertise On SLI VIP Use mTLS Trusted CA

Deeply nested CA block collapsed for readability.

HTTPS Management Advertise On SLI VIP Use mTLS Xfcc Options

Deeply nested Options block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP

An advertise_on_slo_internet_vip block (within https_management) supports the following:

• no_mtls - Optional Block
Enable this option

• tls_config - Optional Block
Defines various OPTIONS to configure TLS configuration parameters
See TLS Config below.

• use_mtls - Optional Block
Validation context for downstream client TLS connections
See Use mTLS below.

HTTPS Management Advertise On Slo internet VIP TLS Certificates

Deeply nested Certificates block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP TLS Certificates Custom Hash Algorithms

Deeply nested Algorithms block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP TLS Certificates Private Key

Deeply nested Key block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP TLS Certificates Private Key Blindfold Secret Info

Deeply nested Info block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP TLS Certificates Private Key Clear Secret Info

Deeply nested Info block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP TLS Config

Deeply nested Config block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP TLS Config Custom Security

Deeply nested Security block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP Use mTLS

Deeply nested mTLS block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP Use mTLS CRL

Deeply nested CRL block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP Use mTLS Trusted CA

Deeply nested CA block collapsed for readability.

HTTPS Management Advertise On Slo internet VIP Use mTLS Xfcc Options

Deeply nested Options block collapsed for readability.

HTTPS Management Advertise On Slo SLI

An advertise_on_slo_sli block (within https_management) supports the following:

• no_mtls - Optional Block
Enable this option

• tls_config - Optional Block
Defines various OPTIONS to configure TLS configuration parameters
See TLS Config below.

• use_mtls - Optional Block
Validation context for downstream client TLS connections
See Use mTLS below.

HTTPS Management Advertise On Slo SLI TLS Certificates

Deeply nested Certificates block collapsed for readability.

HTTPS Management Advertise On Slo SLI TLS Certificates Custom Hash Algorithms

Deeply nested Algorithms block collapsed for readability.

HTTPS Management Advertise On Slo SLI TLS Certificates Private Key

Deeply nested Key block collapsed for readability.

HTTPS Management Advertise On Slo SLI TLS Certificates Private Key Blindfold Secret Info

Deeply nested Info block collapsed for readability.

HTTPS Management Advertise On Slo SLI TLS Certificates Private Key Clear Secret Info

Deeply nested Info block collapsed for readability.

HTTPS Management Advertise On Slo SLI TLS Config

Deeply nested Config block collapsed for readability.

HTTPS Management Advertise On Slo SLI TLS Config Custom Security

Deeply nested Security block collapsed for readability.

HTTPS Management Advertise On Slo SLI Use mTLS

Deeply nested mTLS block collapsed for readability.

HTTPS Management Advertise On Slo SLI Use mTLS CRL

Deeply nested CRL block collapsed for readability.

HTTPS Management Advertise On Slo SLI Use mTLS Trusted CA

Deeply nested CA block collapsed for readability.

HTTPS Management Advertise On Slo SLI Use mTLS Xfcc Options

Deeply nested Options block collapsed for readability.

HTTPS Management Advertise On Slo VIP

An advertise_on_slo_vip block (within https_management) supports the following:

• no_mtls - Optional Block
Enable this option

• tls_config - Optional Block
Defines various OPTIONS to configure TLS configuration parameters
See TLS Config below.

• use_mtls - Optional Block
Validation context for downstream client TLS connections
See Use mTLS below.

HTTPS Management Advertise On Slo VIP TLS Certificates

Deeply nested Certificates block collapsed for readability.

HTTPS Management Advertise On Slo VIP TLS Certificates Custom Hash Algorithms

Deeply nested Algorithms block collapsed for readability.

HTTPS Management Advertise On Slo VIP TLS Certificates Private Key

Deeply nested Key block collapsed for readability.

HTTPS Management Advertise On Slo VIP TLS Certificates Private Key Blindfold Secret Info

Deeply nested Info block collapsed for readability.

HTTPS Management Advertise On Slo VIP TLS Certificates Private Key Clear Secret Info

Deeply nested Info block collapsed for readability.

HTTPS Management Advertise On Slo VIP TLS Config

Deeply nested Config block collapsed for readability.

HTTPS Management Advertise On Slo VIP TLS Config Custom Security

Deeply nested Security block collapsed for readability.

HTTPS Management Advertise On Slo VIP Use mTLS

Deeply nested mTLS block collapsed for readability.

HTTPS Management Advertise On Slo VIP Use mTLS CRL

Deeply nested CRL block collapsed for readability.

HTTPS Management Advertise On Slo VIP Use mTLS Trusted CA

Deeply nested CA block collapsed for readability.

HTTPS Management Advertise On Slo VIP Use mTLS Xfcc Options

Deeply nested Options block collapsed for readability.

Palo Alto Fw Service

A palo_alto_fw_service block supports the following:

• auto_setup - Optional Block
For auto-setup, SSH public and pvt keys are needed. Using the given config user, SSH and API access will be configured
See Auto Setup below.

• aws_tgw_site - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See AWS TGW Site below.

• disable_panaroma - Optional Block
Configuration parameter for disable panaroma

• instance_type - Optional String Defaults to PALO_ALTO_FW_AWS_INSTANCE_TYPE_M4_XLARGE
Possible values are PALO_ALTO_FW_AWS_INSTANCE_TYPE_M4_XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M4_2XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M4_4XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_LARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_2XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_4XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_12XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5N_LARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5N_XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5N_2XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5N_4XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C4_LARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C4_XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C4_2XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C4_4XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C4_8XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_LARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_2XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_4XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_9XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_18XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_LARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_2XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_4XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_9XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_18XLARGE, PALO_ALTO_FW_AWS_INSTANCE_TYPE_R5_2XLARGE
[Enum: PALO_ALTO_FW_AWS_INSTANCE_TYPE_M4_XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M4_2XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M4_4XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_LARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_2XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_4XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_12XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5N_LARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5N_XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5N_2XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5N_4XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C4_LARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C4_XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C4_2XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C4_4XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C4_8XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_LARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_2XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_4XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_9XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5_18XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_LARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_2XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_4XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_9XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_C5N_18XLARGE|PALO_ALTO_FW_AWS_INSTANCE_TYPE_R5_2XLARGE]

PALO_ALTO_FW_AWS_INSTANCE_TYPE_M4_XLARGE: m4.xlarge - PALO_ALTO_FW_AWS_INSTANCE_TYPE_M4_2XLARGE: m4.2xlarge - PALO_ALTO_FW_AWS_INSTANCE_TYPE_M4_4XLARGE: m4.4xlarge - PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_LARGE: m5.large - PALO_ALTO_FW_AWS_INSTANCE_TYPE_M5_XLARGE: m5.xlarge

• pan_ami_bundle1 - Optional Block
Configuration parameter for pan ami bundle1

• pan_ami_bundle2 - Optional Block
Configuration parameter for pan ami bundle2

• panorama_server - Optional Block
Configuration parameter for panorama server
See Panorama Server below.

• service_nodes - Optional Block
Configuration parameter for service nodes
See Service Nodes below.

• ssh_key - Optional String
Setup Authorized Public SSH key. User will be able to SSH to the vmseries nodes using its corresponding SSH private key

• tags - Optional Block
AWS Tags is a label consisting of a user-defined key and value. It helps to manage, identify, organize, search for, and filter resources in AWS console

• version - Optional String
PAN VM-Series version. PAN-OS version

Palo Alto Fw Service Auto Setup

An auto_setup block (within palo_alto_fw_service) supports the following:

• admin_password - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Admin Password below.

• admin_username - Optional String
Firewall Admin Username. Firewall Admin Username

• manual_ssh_keys - Optional Block
SSH Key includes both public and private key
See Manual SSH Keys below.

Palo Alto Fw Service Auto Setup Admin Password

Deeply nested Password block collapsed for readability.

Palo Alto Fw Service Auto Setup Admin Password Blindfold Secret Info

Deeply nested Info block collapsed for readability.

Palo Alto Fw Service Auto Setup Admin Password Clear Secret Info

Deeply nested Info block collapsed for readability.

Palo Alto Fw Service Auto Setup Manual SSH Keys

Deeply nested Keys block collapsed for readability.

Palo Alto Fw Service Auto Setup Manual SSH Keys Private Key

Deeply nested Key block collapsed for readability.

Palo Alto Fw Service Auto Setup Manual SSH Keys Private Key Blindfold Secret Info

Deeply nested Info block collapsed for readability.

Palo Alto Fw Service Auto Setup Manual SSH Keys Private Key Clear Secret Info

Deeply nested Info block collapsed for readability.

Palo Alto Fw Service AWS TGW Site

An aws_tgw_site block (within palo_alto_fw_service) supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

Palo Alto Fw Service Panorama Server

A panorama_server block (within palo_alto_fw_service) supports the following:

• authorization_key - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Authorization Key below.

• device_group_name - Optional String
Device Group Name. Device Group Name

• server - Optional String
Panorama Server Address to which the firewall should connect to

• template_stack_name - Optional String
Template stack name. Template Stack Name

Palo Alto Fw Service Panorama Server Authorization Key

Deeply nested Key block collapsed for readability.

Palo Alto Fw Service Panorama Server Authorization Key Blindfold Secret Info

Deeply nested Info block collapsed for readability.

Palo Alto Fw Service Panorama Server Authorization Key Clear Secret Info

Deeply nested Info block collapsed for readability.

Palo Alto Fw Service Service Nodes

A service_nodes block (within palo_alto_fw_service) supports the following:

• nodes - Optional Block
Palo Alto Networks AZ Nodes
See Nodes below.

Palo Alto Fw Service Service Nodes Nodes

A nodes block (within palo_alto_fw_service.service_nodes) supports the following:

• aws_az_name - Optional String
AWS availability zone, must be consistent with the selected AWS region. It is recommended that AZ is one of the AZ for sites

• mgmt_subnet - Optional Block
Configuration parameter for mgmt subnet
See Mgmt Subnet below.

• node_name - Optional String
Node Name will be used to assign as hostname to the service

• reserved_mgmt_subnet - Optional Block
Configuration parameter for reserved mgmt subnet

Palo Alto Fw Service Service Nodes Nodes Mgmt Subnet

Deeply nested Subnet block collapsed for readability.

Palo Alto Fw Service Service Nodes Nodes Mgmt Subnet Subnet Param

Deeply nested Param block collapsed for readability.

Timeouts

A timeouts block supports the following:

• create - Optional String (Defaults to 10 minutes)
Used when creating the resource

• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource

• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource

• update - Optional String (Defaults to 10 minutes)
Used when updating the resource

Common Types

The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.

Object Reference {#common-object-reference}

Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.

Field	Type	Description
`name`	String	Name of the referenced object
`namespace`	String	Namespace containing the referenced object
`tenant`	String	Tenant of the referenced object (system-managed)

Transformers {#common-transformers}

Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.

Value	Description
`LOWER_CASE`	Convert to lowercase
`UPPER_CASE`	Convert to uppercase
`BASE64_DECODE`	Decodebase64 content
`NORMALIZE_PATH`	Normalize URL path
`REMOVE_WHITESPACE`	Remove whitespace characters
`URL_DECODE`	Decode URL-encoded characters
`TRIM_LEFT`	Trim leading whitespace
`TRIM_RIGHT`	Trim trailing whitespace
`TRIM`	Trim both leading and trailing whitespace

HTTP Methods {#common-http-methods}

HTTP methods used for request matching.

Value	Description
`ANY`	Match any HTTP method
`GET`	HTTP GET request
`HEAD`	HTTP HEAD request
`POST`	HTTP POST request
`PUT`	HTTP PUT request
`DELETE`	HTTP DELETE request
`CONNECT`	HTTP CONNECT request
`OPTIONS`	HTTP OPTIONS request
`TRACE`	HTTP TRACE request
`PATCH`	HTTP PATCH request
`COPY`	HTTP COPY request (WebDAV)

TLS Fingerprints {#common-tls-fingerprints}

TLS fingerprint categories for malicious client detection.

Value	Description
`TLS_FINGERPRINT_NONE`	No fingerprint matching
`ANY_MALICIOUS_FINGERPRINT`	Match any known malicious fingerprint
`ADWARE`	Adware-associated fingerprints
`DRIDEX`	Dridex malware fingerprints
`GOOTKIT`	Gootkit malware fingerprints
`RANSOMWARE`	Ransomware-associated fingerprints
`TRICKBOT`	Trickbot malware fingerprints

IP Threat Categories {#common-ip-threat-categories}

IP address threat categories for security filtering.

Value	Description
`SPAM_SOURCES`	Known spam sources
`WINDOWS_EXPLOITS`	Windows exploit sources
`WEB_ATTACKS`	Web attack sources
`BOTNETS`	Known botnet IPs
`SCANNERS`	Network scanner IPs
`REPUTATION`	Poor reputation IPs
`PHISHING`	Phishing-related IPs
`PROXY`	Anonymous proxy IPs
`MOBILE_THREATS`	Mobile threat sources
`TOR_PROXY`	Tor exit nodes
`DENIAL_OF_SERVICE`	DoS attack sources
`NETWORK`	Known bad network ranges

Import

Import is supported using the following syntax:

# Import using namespace/name format
terraform import f5xc_nfv_service.example system/example