GuideReference
TrainingSupportCommunity

IP geo

akamai_appsec_ip_geo

Returns information about the network lists used in the IP/Geo Firewall settings; also returns the firewall mode, which indicates whether devices on the geographic or IP address lists are allowed through the firewall or are blocked by the firewall.

Scopes: Security configuration; security policy

Example

terraform {
  required_providers {
    akamai = {
      source = "akamai/akamai"
    }
  }
}

provider "akamai" {
  edgerc = "~/.edgerc"
}

data "akamai_appsec_configuration" "configuration" {
  name = "Documentation"
}

// USE CASE: User wants to view IP/Geo firewall settings.

data "akamai_appsec_ip_geo" "ip_geo" {
  config_id          = data.akamai_appsec_configuration.configuration.config_id
  security_policy_id = "gms1_134637"
}

output "ip_geo_mode" {
  value = data.akamai_appsec_ip_geo.ip_geo.mode
}

output "geo_network_lists" {
  value = data.akamai_appsec_ip_geo.ip_geo.geo_network_lists
}

output "ip_network_lists" {
  value = data.akamai_appsec_ip_geo.ip_geo.ip_network_lists
}

output "exception_ip_network_lists" {
  value = data.akamai_appsec_ip_geo.ip_geo.exception_ip_network_lists
}

Argument reference

This data source supports the following arguments:

  • config_id. Required. Unique identifier of the security configuration associated with the IP/Geo lists.
  • security_policy_id. Required. Unique identifier of the security policy associated with the IP/Geo lists. If not included, information is returned for all your security policies.
  • ukraine_geo_control_action. Optional. Sets a block or allow for traffic coming from a specific IP, subnet, or geographic area. Values are alert, deny, or done.

Attributes

Returned are details about your available network lists by type.

  • mode. Specifies the action taken by the IP/Geo firewall.

    • block. Networks on the IP and geographic network lists are prevented from passing through the firewall.
    • allow. Networks on the IP and geographic network lists are allowed to pass through the firewall.
  • asn_network_lists. A list of available ASN network lists.

  • geo_network_lists. A list of available GEO network lists.

  • ip_network_lists. A list of available IP network lists.

  • exception_ip_network_lists. Network lists allowed through the firewall regardless of the values assigned to the mode, geo_network_lists, and ip_network_lists parameters.

  • ukraine_geo_control_action. The Ukraine specific block or allow settings for traffic coming from a specific IP, subnet, or geographic area.