azure-fs.fsproj

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>netcoreapp3.1</TargetFramework>
    <Nullable>enable</Nullable>
  </PropertyGroup>

  <ItemGroup>
    <Compile Include="Program.fs" />
  </ItemGroup>

  <ItemGroup>
    <PackageReference Include="Pulumi.Azure" Version="2.5.0-preview" />
    <PackageReference Include="Pulumi.FSharp" Version="1.14.1-preview" />
  </ItemGroup>

</Project>

Program.fs

module Program

open Pulumi.FSharp
open Pulumi.Azure.Core
open Pulumi.Azure.Network
open Pulumi.Azure.Network.Inputs
open Pulumi.Azure.Storage

let infra () =
    // Create an Azure Resource Group
    let resourceGroup = ResourceGroup "resourceGroup"

//    let c19_nsg_waf =
//        let name = "c19-nsg-waf"
//        NetworkSecurityGroup
//          (name,
//           NetworkSecurityGroupArgs
//             (Name = input name,
//              ResourceGroupName = io resourceGroup.Name,
//              SecurityRules =
//                ([ NetworkSecurityGroupSecurityRulesArgs
//                     (Name = input "c19-nsgrule-in-valid-internet",
//                      Description = input "Allow inbound traffic from the Internet",
//                      Access = input "Allow", Direction = input "Inbound",
//                      SourceAddressPrefix = input "*", SourcePortRanges = inputList [input "80"],
//                      DestinationAddressPrefix = input "127.0.0.1",
//                      DestinationPortRanges = inputList [input "80"], Priority = input 100,
//                      Protocol = input "Tcp");
//                   NetworkSecurityGroupSecurityRulesArgs
//                     (Name = input "c19-nsgrule-in-invalid",
//                      Description = input "Deny outbound traffic to the Internet",
//                      Access = input "Deny", Direction = input "Outbound",
//                      SourceAddressPrefix = input "VirtualNetwork",  SourcePortRange = input "*",
//                      DestinationAddressPrefix = input "Internet",
//                      DestinationPortRange = input "*", Priority = input 101,
//                      Protocol = input "*") ]
//                 |> List.map input
//                 |> inputList)))

    let c19_nsg_waf =
        let name = "c19-nsg-waf-2"
        NetworkSecurityGroup
            (name,
             NetworkSecurityGroupArgs(Name = input name, ResourceGroupName = io resourceGroup.Name))

    let c19_nsgrule_in_valid_internet =
        let name = "c19-nsgrule-in-valid-internet"
        NetworkSecurityRule
            (name,
             NetworkSecurityRuleArgs
               (Name = input name,
                Description = input "Allow inbound traffic from the Internet",
                Access = input "Allow", Direction = input "Inbound",
                SourceAddressPrefix = input "*", SourcePortRange = input "*",
                DestinationAddressPrefix = input "Internet",
                DestinationPortRange = input "*",
                NetworkSecurityGroupName = io c19_nsg_waf.Name, Priority = input 100,
                Protocol = input "Tcp", ResourceGroupName = io resourceGroup.Name))
            
    let c19_nsgrule_out_all =
        let name = "c19-nsgrule-in-invalid"
        NetworkSecurityRule
            (name,
             NetworkSecurityRuleArgs
                (Name = input name,
                 Description = input "Deny outbound traffic to the Internet",
                 Access = input "Deny", Direction = input "Outbound",
                 SourceAddressPrefix = input "VirtualNetwork",
                 SourcePortRange = input "*",
                 DestinationAddressPrefix = input "Internet",
                 DestinationPortRange = input "*",
                 NetworkSecurityGroupName = io c19_nsg_waf.Name, Priority = input 101,
                 Protocol = input "*", ResourceGroupName = io resourceGroup.Name))
    
    dict []

[<EntryPoint>]
let main _ =
  Deployment.run infra