IP Geo

akamai_appsec_ip_geo

Create, update, or delete the IP/Geo settings for your network and client lists. To delete your settings, run terraform destroy.

resource "akamai_appsec_ip_geo" "my_ip_geo_settings" {
  config_id                  = 12345
  security_policy_id         = "abc1_234567"
  mode                       = "block"
  asn_controls {
		action       			= "deny"
 		asn_network_lists = ["78901_ASNLIST1", "76543_ASNLIST2"]
  }
  geo_controls {
    action            = "deny"
    geo_network_lists = ["12345_EMEAALLOW1", "23456_EMEAALLOW2"]
  }
  ip_controls {
    action           = "deny"
    ip_network_lists = ["98765_IPALLOWLIST1", "87654_IPALLOWLIST1"]
  }
}

my_ip_geo_settings = {
  asn_controls               = [
    {
      action            = "deny"
      asn_network_lists = ["78901_ASNLIST1", "76543_ASNLIST2"]
    },
  ]
  block_action               = null
  config_id                  = 12345
  exception_ip_network_lists = []
  geo_controls               = [
    {
      action            = "deny"
      geo_network_lists = ["12345_EMEAALLOW1", "23456_EMEAALLOW2"]
    },
  ]
  id                         = "12345"
  ip_controls                = [
    {
      action           = ""
      ip_network_lists = ["98765_IPALLOWLIST1", "87654_IPALLOWLIST1"]
    },
  ]
  mode                       = "block"
  security_policy_id         = "abcd_123456"
  ukraine_geo_control_action = "alert"
}

Arguments

Pass your config and security policy IDs along with the firewall action mode to create or update your IP/GEO settings.

Attribute	Required	Description
`config_id`	✔️	Your security configuration's ID.
`security_policy_id`	✔️	Your security policy ID.
`mode`	✔️	The IP/Geo firewall actions. Possible values are: `block`. Prevents networks on the IP and geographic network lists from passing through the firewall. `allow`. Allows networks on the IP and geographic network to pass through the firewall.
`asn_controls`		An object that details the action and which lists to apply the action to. `asn_network_lists`. A list of your ASN network or client lists. `action`. The action to take against the given lists. Possible values are: `deny`. Default. Blocked traffic gets a 403 response. `deny_custom_{custom_deny_id}`. Blocked traffic gets a customized deny response.
`geo_controls`		An object that details the action and which lists to apply the action to. `geo_network_lists`. A list of your Geo network or client lists. `action`. The action to take against the given lists.Possible values are: `deny`. Default. Blocked traffic gets a 403 response. `deny_custom_{custom_deny_id}`. Blocked traffic gets a customized deny response.
`ip_controls`		An object that details the action and which lists to apply the action to. `ip_network_lists`. A list of your IP network or client lists. `action`. The action to take against the given lists.Possible values are: `deny`. Default. Blocked traffic gets a 403 response. `deny_custom_{custom_deny_id}`. Blocked traffic gets a customized deny response.
`ukraine_geo_control_action`		The action settings for Ukraine Geo control. Possible values are: `alert` `deny` `none`
`exception_ip_network_lists`		A list of network or client lists allowed through the firewall regardless of the values assigned to `mode`, `geo_network_lists`, and `ip_network_lists`.
`block_action`		Prevents or allows requests by IP and geographic location. Possible values are: `block_specific_ip_geo`. Blocks traffic based on the values in your allowed, blocked, and Ukraine control network lists. `block_all_traffic_except_allowed_ips`. Blocks all traffic except the values in your allowed network lists.

Attributes

There is no standard output for this resource as changes that mirror your request are reflected in your state file.

Note: There is an id attribute returned. It is an ID for the run of the resource and is not needed downstream anywhere.

Updated 13 days ago