Configure network lists

Reduce harmful security attacks by allowing only trusted IP/CIDRs and locations access your services and content.

What you'll do

Create and activate a network list to use with other Akamai services.

1. Create a network list

Network lists allow or deny access to your site and content by address or location. To create a network list, choose a list type and add entries of that type using the list argument in the akamai_networklist_network_list resource.

TypeDescriptionEntry limit
IPIPv4 and/or IPv6 addresses or CIDRs.50,000
GEORequest's country of origin.275
resource "akamai_networklist_network_list" "my_network_list" {
 name        = "My network list"
 type        = "IP"
 description = "My new IP network list"
 list        = ["123.45.678.901", "234.56.789.012", "345.67.890.123"]
 mode        = "APPEND"

There's no standard output for this resource, but returned in the last line of the apply log is the network list's ID. You can, however, add an output block and request your network list's details.

akamai_networklist_network_list.my_network_list: Creation complete after 3s [id=123456_MYNETWORKLIST]
my_network_lists = {
  "contract_id"     = "C-0N7RAC7"
  "description"     = "My new IP network list"
  "group_id"        = 12345
  "id"              = "123456_MYNETWORKLIST"
  "list"            = ["123.45.678.901", "234.56.789.012", "345.67.890.123"]
  "mode"            = "APPEND"
  "name"            = "My network list"
  "network_list_id" = "123456_MYNETWORKLIST"
  "sync_point"      = 0
  "type"            = "IP"
  "uniqueid"        = "123456_MYNETWORKLIST"

2. Activate your network list

Use your network list ID to activate your network list on either the staging or production network.

resource "akamai_networklist_activations" "activation" {
 network_list_id     = "123456_MYNETWORKLIST"
 network             = "staging"
 notes               = "Push to staging for testing"
 notification_emails = [""]

Other actions

Update a network list

To update a network list, use an argument's corresponding resource.

name, type, list, descriptionakamai_networklist_network_listName: Updates name of your network. This change does not update the name in your network list's ID.

Type: Requires you also change the values in list.

List: Requires you to update the mode argument to match your change.

Description: Change your network list's description.

You can also use the akamai_networklist_description resource to update the description.
descriptionakamai_networklist_descriptionChange your network list's description.

You can also use the akamai_networklist_network_list resource to change the description.
notification_emailsakamai_networklist_subscriptionAdd or remove email addresses that receive a network list's change notifications.

The activation resource's notification_emails argument maps to the subscription resource's recipients argument.

Deactivate a network list

To deactivate a network list, remove all the IP/CIDR addresses or geographic codes from the list and change the mode to REPLACE.

resource "akamai_networklist_network_list" "network_list" {
 name        = "Documentation Network"
 type        = "IP"
 description = "Test network list updated description."
 list        = []
 mode        = "REPLACE"

Subscribe to a network list

To receive change notifications for network lists or manage notification recipients, provide a list of both in the subscription resource.

resource "akamai_networklist_subscription" "my_subscription" {
  network_list = ["123456_MYNETWORKLIST"]
  recipients   = [""]

Import a network list

To add a network list to your state, use the terraform import command with a configuration file that includes a description of the existing resource.

  1. Get your network lists. Use the network list's name downstream. Output value truncated to show ouput_text only.

    data "akamai_networklist_network_lists" "my_network_lists" {
    output "my_network_lists" {
      value = data.akamai_networklist_network_lists.my_network_lists
    Changes to Outputs:
    + my_network_lists = {
        + contract_id     = null
        + group_id        = null
        + id              = "12345_MYNETWORKLIST"
        + output_text     = <<-EOT
              | networkListsDS                                                                        |
              | NAME              | ID                   | TYPE | ELEMENTCOUNT | SYNCPOINT | READONLY |
              | My Network List   | 12345_MYNETWORKLIST  | IP   | 1200         | 12        | true     |
              | My Network List 2 | 23456_MYNETWORKLIST2 | IP   | 2100         | 34        | true     |
              | My Network List 3 | 34567_MYNETWORKLIST3 | GEO  | 18           | 5         | true     |
        + sync_point      = 1200
        + type            = null
  2. Create a network list resource for each list you want to add to your state.



    Do not run an activation or a terraform apply command until you run the terraform import command in the next step. Doing so will cause Terraform to attempt to create a new list.

    resource "akamai_networklist_network_list" "my_imported_network_list" {
      name        = "My Network List 2"
      type        = "IP"
      description = "My second network list"
      list        = ["123.45.678.901","234.56.789.012","345.67.890.123"]
      mode        = "APPEND"
  3. Use a variable to the resource along with the network list's ID in the terraform import command to add the network list to your state.

    $ terraform import akamai_networklist_network_list.my_imported_network_list 23456_MYNETWORKLIST2

When you're finished with all of your configuration settings, run terraform apply.