Viewing docs for Fastly v11.4.1
published on Friday, Feb 27, 2026 by Pulumi
published on Friday, Feb 27, 2026 by Pulumi
Viewing docs for Fastly v11.4.1
published on Friday, Feb 27, 2026 by Pulumi
published on Friday, Feb 27, 2026 by Pulumi
Defines a set of Fastly ACL entries that can be used to populate a service ACL. This resource will populate an ACL with the entries and will track their state.
Note: By default the Terraform provider allows you to externally manage the entries via API or UI. If you wish to apply your changes in the HCL, then you should explicitly set the
manage_entriesattribute. An example of this configuration is provided below.
Example Usage
Terraform >= 0.12.6)
Basic usage:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const config = new pulumi.Config();
const myaclName = config.get("myaclName") || "My ACL";
const myservice = new fastly.ServiceVcl("myservice", {
name: "demofastly",
domains: [{
name: "demo.notexample.com",
comment: "demo",
}],
backends: [{
address: "http-me.fastly.dev",
name: "Glitch Test Site",
port: 80,
}],
acls: [{
name: myaclName,
}],
forceDestroy: true,
});
const entries: fastly.ServiceACLEntries[] = [];
myservice.acls.apply(acls => {
const entries: fastly.ServiceACLEntries[] = [];
pulumi.all(.filter(d => d.name == myaclName).reduce((__obj, d) => ({ ...__obj, [d.name]: d }))).apply(rangeBody => {
for (const range of Object.entries(rangeBody).map(([k, v]) => ({key: k, value: v}))) {
entries.push(new fastly.ServiceACLEntries(`entries-${range.key}`, {
serviceId: myservice.id,
aclId: range.value.aclId,
entries: [{
ip: "127.0.0.1",
subnet: "24",
negated: false,
comment: "ACL Entry 1",
}],
}));
}
});
});
import pulumi
import pulumi_fastly as fastly
config = pulumi.Config()
myacl_name = config.get("myaclName")
if myacl_name is None:
myacl_name = "My ACL"
myservice = fastly.ServiceVcl("myservice",
name="demofastly",
domains=[{
"name": "demo.notexample.com",
"comment": "demo",
}],
backends=[{
"address": "http-me.fastly.dev",
"name": "Glitch Test Site",
"port": 80,
}],
acls=[{
"name": myacl_name,
}],
force_destroy=True)
entries = []
def create_entries(range_body):
for range in [{"key": k, "value": v} for [k, v] in enumerate(range_body)]:
entries.append(fastly.ServiceACLEntries(f"entries-{range['key']}",
service_id=myservice.id,
acl_id=range["value"].acl_id,
entries=[{
"ip": "127.0.0.1",
"subnet": "24",
"negated": False,
"comment": "ACL Entry 1",
}]))
myservice.acls.apply(lambda resolved_outputs: create_entries({d.name: d for d in resolved_outputs['acls'] if d.name == myacl_name}))
Example coming soon!
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var myaclName = config.Get("myaclName") ?? "My ACL";
var myservice = new Fastly.ServiceVcl("myservice", new()
{
Name = "demofastly",
Domains = new[]
{
new Fastly.Inputs.ServiceVclDomainArgs
{
Name = "demo.notexample.com",
Comment = "demo",
},
},
Backends = new[]
{
new Fastly.Inputs.ServiceVclBackendArgs
{
Address = "http-me.fastly.dev",
Name = "Glitch Test Site",
Port = 80,
},
},
Acls = new[]
{
new Fastly.Inputs.ServiceVclAclArgs
{
Name = myaclName,
},
},
ForceDestroy = true,
});
var entries = new List<Fastly.ServiceACLEntries>();
foreach (var range in myservice.Acls.Apply(acls => ).Select(pair => new { pair.Key, pair.Value }))
{
entries.Add(new Fastly.ServiceACLEntries($"entries-{range.Key}", new()
{
ServiceId = myservice.Id,
AclId = range.Value.AclId,
Entries = new[]
{
new Fastly.Inputs.ServiceACLEntriesEntryArgs
{
Ip = "127.0.0.1",
Subnet = "24",
Negated = false,
Comment = "ACL Entry 1",
},
},
}));
}
});
Example coming soon!
configuration:
myaclName:
type: string
default: My ACL
resources:
myservice:
type: fastly:ServiceVcl
properties:
name: demofastly
domains:
- name: demo.notexample.com
comment: demo
backends:
- address: http-me.fastly.dev
name: Glitch Test Site
port: 80
acls:
- name: ${myaclName}
forceDestroy: true
entries:
type: fastly:ServiceACLEntries
properties:
serviceId: ${myservice.id}
aclId: ${range.value.aclId}
entries:
- ip: 127.0.0.1
subnet: '24'
negated: false
comment: ACL Entry 1
options: {}
Complex object usage:
The following example demonstrates the use of dynamic nested blocks to create ACL entries.
Terraform >= 0.12.0 && < 0.12.6)
for_each attributes were not available in Terraform before 0.12.6, however, users can still use for expressions to achieve
similar behaviour as seen in the example below.
Warning: Terraform might not properly calculate implicit dependencies on computed attributes when using
forexpressions
For scenarios such as adding an ACL to a service and at the same time, creating the ACL entries (fastly.ServiceACLEntries)
resource, Terraform will not calculate implicit dependencies correctly on for expressions. This will result in index lookup
problems and the execution will fail.
For those scenarios, it’s recommended to split the changes into two distinct steps:
- Add the
aclblock to thefastly.ServiceVcland apply the changes - Add the
fastly.ServiceACLEntriesresource with theforexpressions to the HCL and apply the changes
Usage:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const config = new pulumi.Config();
const myaclName = config.get("myaclName") || "My ACL";
const myservice = new fastly.ServiceVcl("myservice", {
name: "demofastly",
domains: [{
name: "demo.notexample.com",
comment: "demo",
}],
acls: [{
name: myaclName,
}],
});
const entries = new fastly.ServiceACLEntries("entries", {
serviceId: myservice.id,
aclId: myservice.acls.apply(acls => .reduce((__obj, d) => ({ ...__obj, [d.name]: d.aclId }))[myaclName]),
entries: [{
ip: "127.0.0.1",
subnet: "24",
negated: false,
comment: "ACL Entry 1",
}],
});
import pulumi
import pulumi_fastly as fastly
config = pulumi.Config()
myacl_name = config.get("myaclName")
if myacl_name is None:
myacl_name = "My ACL"
myservice = fastly.ServiceVcl("myservice",
name="demofastly",
domains=[{
"name": "demo.notexample.com",
"comment": "demo",
}],
acls=[{
"name": myacl_name,
}])
entries = fastly.ServiceACLEntries("entries",
service_id=myservice.id,
acl_id=myservice.acls.apply(lambda acls: {d.name: d.acl_id for d in acls}[myacl_name]),
entries=[{
"ip": "127.0.0.1",
"subnet": "24",
"negated": False,
"comment": "ACL Entry 1",
}])
Example coming soon!
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var myaclName = config.Get("myaclName") ?? "My ACL";
var myservice = new Fastly.ServiceVcl("myservice", new()
{
Name = "demofastly",
Domains = new[]
{
new Fastly.Inputs.ServiceVclDomainArgs
{
Name = "demo.notexample.com",
Comment = "demo",
},
},
Acls = new[]
{
new Fastly.Inputs.ServiceVclAclArgs
{
Name = myaclName,
},
},
});
var entries = new Fastly.ServiceACLEntries("entries", new()
{
ServiceId = myservice.Id,
AclId = myservice.Acls.Apply(acls => .ToDictionary(item => {
var d = item.Value;
return d.Name;
}, item => {
var d = item.Value;
return d.AclId;
})[myaclName]),
Entries = new[]
{
new Fastly.Inputs.ServiceACLEntriesEntryArgs
{
Ip = "127.0.0.1",
Subnet = "24",
Negated = false,
Comment = "ACL Entry 1",
},
},
});
});
Example coming soon!
Example coming soon!
Reapplying original entries with manage_entries if the state of the entries drifts
By default the user is opted out from reapplying the original changes if the entries are managed externally.
The following example demonstrates how the manage_entries field can be used to reapply the changes defined in the HCL if the state of the entries drifts.
When the value is explicitly set to ’true’, Terraform will keep the original changes and discard any other changes made under this resource outside of Terraform.
Warning: You will lose externally managed entries if
manage_entries=true.
Note: The
ignore_changesbuilt-in meta-argument takes precedence overmanage_entriesregardless of its value.
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
//...
const entries: fastly.ServiceACLEntries[] = [];
for (const range of Object.entries(.filter(d => d.name == myaclName).reduce((__obj, d) => ({ ...__obj, [d.name]: d }))).map(([k, v]) => ({key: k, value: v}))) {
entries.push(new fastly.ServiceACLEntries(`entries-${range.key}`, {
serviceId: myservice.id,
aclId: range.value.aclId,
manageEntries: true,
entries: [{
ip: "127.0.0.1",
subnet: "24",
negated: false,
comment: "ACL Entry 1",
}],
}));
}
import pulumi
import pulumi_fastly as fastly
#...
entries = []
for range in [{"key": k, "value": v} for [k, v] in enumerate({d.name: d for d in myservice.acl if d.name == myacl_name})]:
entries.append(fastly.ServiceACLEntries(f"entries-{range['key']}",
service_id=myservice["id"],
acl_id=range["value"]["aclId"],
manage_entries=True,
entries=[{
"ip": "127.0.0.1",
"subnet": "24",
"negated": False,
"comment": "ACL Entry 1",
}]))
Example coming soon!
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
//...
var entries = new List<Fastly.ServiceACLEntries>();
foreach (var range in .ToDictionary(item => {
var d = item.Value;
return d.Name;
}, item => {
var d = item.Value;
return d;
}).Select(pair => new { pair.Key, pair.Value }))
{
entries.Add(new Fastly.ServiceACLEntries($"entries-{range.Key}", new()
{
ServiceId = myservice.Id,
AclId = range.Value.AclId,
ManageEntries = true,
Entries = new[]
{
new Fastly.Inputs.ServiceACLEntriesEntryArgs
{
Ip = "127.0.0.1",
Subnet = "24",
Negated = false,
Comment = "ACL Entry 1",
},
},
}));
}
});
Example coming soon!
resources:
#...
entries:
type: fastly:ServiceACLEntries
properties:
serviceId: ${myservice.id}
aclId: ${range.value.aclId}
manageEntries: true
entries:
- ip: 127.0.0.1
subnet: '24'
negated: false
comment: ACL Entry 1
options: {}
Create ServiceACLEntries Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServiceACLEntries(name: string, args: ServiceACLEntriesArgs, opts?: CustomResourceOptions);@overload
def ServiceACLEntries(resource_name: str,
args: ServiceACLEntriesArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServiceACLEntries(resource_name: str,
opts: Optional[ResourceOptions] = None,
acl_id: Optional[str] = None,
service_id: Optional[str] = None,
entries: Optional[Sequence[ServiceACLEntriesEntryArgs]] = None,
manage_entries: Optional[bool] = None)func NewServiceACLEntries(ctx *Context, name string, args ServiceACLEntriesArgs, opts ...ResourceOption) (*ServiceACLEntries, error)public ServiceACLEntries(string name, ServiceACLEntriesArgs args, CustomResourceOptions? opts = null)
public ServiceACLEntries(String name, ServiceACLEntriesArgs args)
public ServiceACLEntries(String name, ServiceACLEntriesArgs args, CustomResourceOptions options)
type: fastly:ServiceACLEntries
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServiceACLEntriesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServiceACLEntriesArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServiceACLEntriesArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServiceACLEntriesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServiceACLEntriesArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var serviceACLEntriesResource = new Fastly.ServiceACLEntries("serviceACLEntriesResource", new()
{
AclId = "string",
ServiceId = "string",
Entries = new[]
{
new Fastly.Inputs.ServiceACLEntriesEntryArgs
{
Ip = "string",
Comment = "string",
Id = "string",
Negated = false,
Subnet = "string",
},
},
ManageEntries = false,
});
example, err := fastly.NewServiceACLEntries(ctx, "serviceACLEntriesResource", &fastly.ServiceACLEntriesArgs{
AclId: pulumi.String("string"),
ServiceId: pulumi.String("string"),
Entries: fastly.ServiceACLEntriesEntryArray{
&fastly.ServiceACLEntriesEntryArgs{
Ip: pulumi.String("string"),
Comment: pulumi.String("string"),
Id: pulumi.String("string"),
Negated: pulumi.Bool(false),
Subnet: pulumi.String("string"),
},
},
ManageEntries: pulumi.Bool(false),
})
var serviceACLEntriesResource = new ServiceACLEntries("serviceACLEntriesResource", ServiceACLEntriesArgs.builder()
.aclId("string")
.serviceId("string")
.entries(ServiceACLEntriesEntryArgs.builder()
.ip("string")
.comment("string")
.id("string")
.negated(false)
.subnet("string")
.build())
.manageEntries(false)
.build());
service_acl_entries_resource = fastly.ServiceACLEntries("serviceACLEntriesResource",
acl_id="string",
service_id="string",
entries=[{
"ip": "string",
"comment": "string",
"id": "string",
"negated": False,
"subnet": "string",
}],
manage_entries=False)
const serviceACLEntriesResource = new fastly.ServiceACLEntries("serviceACLEntriesResource", {
aclId: "string",
serviceId: "string",
entries: [{
ip: "string",
comment: "string",
id: "string",
negated: false,
subnet: "string",
}],
manageEntries: false,
});
type: fastly:ServiceACLEntries
properties:
aclId: string
entries:
- comment: string
id: string
ip: string
negated: false
subnet: string
manageEntries: false
serviceId: string
ServiceACLEntries Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ServiceACLEntries resource accepts the following input properties:
- Acl
Id string - The ID of the ACL that the items belong to
- Service
Id string - The ID of the Service that the ACL belongs to
- Entries
List<Service
ACLEntries Entry> - ACL Entries
- Manage
Entries bool - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- Acl
Id string - The ID of the ACL that the items belong to
- Service
Id string - The ID of the Service that the ACL belongs to
- Entries
[]Service
ACLEntries Entry Args - ACL Entries
- Manage
Entries bool - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- acl
Id String - The ID of the ACL that the items belong to
- service
Id String - The ID of the Service that the ACL belongs to
- entries
List<Service
ACLEntries Entry> - ACL Entries
- manage
Entries Boolean - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- acl
Id string - The ID of the ACL that the items belong to
- service
Id string - The ID of the Service that the ACL belongs to
- entries
Service
ACLEntries Entry[] - ACL Entries
- manage
Entries boolean - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- acl_
id str - The ID of the ACL that the items belong to
- service_
id str - The ID of the Service that the ACL belongs to
- entries
Sequence[Service
ACLEntries Entry Args] - ACL Entries
- manage_
entries bool - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- acl
Id String - The ID of the ACL that the items belong to
- service
Id String - The ID of the Service that the ACL belongs to
- entries List<Property Map>
- ACL Entries
- manage
Entries Boolean - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
Outputs
All input properties are implicitly available as output properties. Additionally, the ServiceACLEntries resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ServiceACLEntries Resource
Get an existing ServiceACLEntries resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServiceACLEntriesState, opts?: CustomResourceOptions): ServiceACLEntries@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acl_id: Optional[str] = None,
entries: Optional[Sequence[ServiceACLEntriesEntryArgs]] = None,
manage_entries: Optional[bool] = None,
service_id: Optional[str] = None) -> ServiceACLEntriesfunc GetServiceACLEntries(ctx *Context, name string, id IDInput, state *ServiceACLEntriesState, opts ...ResourceOption) (*ServiceACLEntries, error)public static ServiceACLEntries Get(string name, Input<string> id, ServiceACLEntriesState? state, CustomResourceOptions? opts = null)public static ServiceACLEntries get(String name, Output<String> id, ServiceACLEntriesState state, CustomResourceOptions options)resources: _: type: fastly:ServiceACLEntries get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acl
Id string - The ID of the ACL that the items belong to
- Entries
List<Service
ACLEntries Entry> - ACL Entries
- Manage
Entries bool - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- Service
Id string - The ID of the Service that the ACL belongs to
- Acl
Id string - The ID of the ACL that the items belong to
- Entries
[]Service
ACLEntries Entry Args - ACL Entries
- Manage
Entries bool - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- Service
Id string - The ID of the Service that the ACL belongs to
- acl
Id String - The ID of the ACL that the items belong to
- entries
List<Service
ACLEntries Entry> - ACL Entries
- manage
Entries Boolean - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- service
Id String - The ID of the Service that the ACL belongs to
- acl
Id string - The ID of the ACL that the items belong to
- entries
Service
ACLEntries Entry[] - ACL Entries
- manage
Entries boolean - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- service
Id string - The ID of the Service that the ACL belongs to
- acl_
id str - The ID of the ACL that the items belong to
- entries
Sequence[Service
ACLEntries Entry Args] - ACL Entries
- manage_
entries bool - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- service_
id str - The ID of the Service that the ACL belongs to
- acl
Id String - The ID of the ACL that the items belong to
- entries List<Property Map>
- ACL Entries
- manage
Entries Boolean - Whether to reapply changes if the state of the entries drifts, i.e. if entries are managed externally
- service
Id String - The ID of the Service that the ACL belongs to
Supporting Types
ServiceACLEntriesEntry, ServiceACLEntriesEntryArgs
Import
This is an example of the import command being applied to the resource named fastly_service_acl_entries.entries
The resource ID is a combined value of the service_id and acl_id separated by a forward slash.
$ pulumi import fastly:index/serviceACLEntries:ServiceACLEntries entries xxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx
If Terraform is already managing remote acl entries against a resource being imported then the user will be asked to remove it from the existing Terraform state.
The following is an example of the Terraform state command to remove the resource named fastly_service_acl_entries.entries from the Terraform state file.
$ terraform state rm fastly_service_acl_entries.entries
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Fastly pulumi/pulumi-fastly
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fastlyTerraform Provider.
Viewing docs for Fastly v11.4.1
published on Friday, Feb 27, 2026 by Pulumi
published on Friday, Feb 27, 2026 by Pulumi
