alicloud.ecs.getSecurityGroupRules
Explore with Pulumi AI
The alicloud.ecs.getSecurityGroupRules
data source provides a collection of security permissions of a specific security group.
Each collection item represents a single ingress
or egress
permission rule.
The ID of the security group can be provided via a variable or the result from the other data source alicloud.ecs.getSecurityGroups
.
Example Usage
The following example shows how to obtain details about a security group rule and how to pass its data to an instance at launch time.
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const securityGroupId = config.requireObject("securityGroupId");
// Or get it from the alicloud_security_groups data source.
// Please note that the data source arguments must be enough to filter results to one security group.
const groupsDs = alicloud.ecs.getSecurityGroups({
nameRegex: "api",
});
// Filter the security group rule by group
const ingressRulesDs = groupsDs.then(groupsDs => alicloud.ecs.getSecurityGroupRules({
groupId: groupsDs.groups?.[0]?.id,
nicType: "internet",
direction: "ingress",
ipProtocol: "tcp",
}));
// Pass port_range to the backend service
const backend = new alicloud.ecs.Instance("backend", {userData: ingressRulesDs.then(ingressRulesDs => `config_service.sh --portrange=${ingressRulesDs.rules?.[0]?.portRange}`)});
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
security_group_id = config.require_object("securityGroupId")
# Or get it from the alicloud_security_groups data source.
# Please note that the data source arguments must be enough to filter results to one security group.
groups_ds = alicloud.ecs.get_security_groups(name_regex="api")
# Filter the security group rule by group
ingress_rules_ds = alicloud.ecs.get_security_group_rules(group_id=groups_ds.groups[0].id,
nic_type="internet",
direction="ingress",
ip_protocol="tcp")
# Pass port_range to the backend service
backend = alicloud.ecs.Instance("backend", user_data=f"config_service.sh --portrange={ingress_rules_ds.rules[0].port_range}")
package main
import (
"fmt"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ecs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
securityGroupId := cfg.RequireObject("securityGroupId")
// Or get it from the alicloud_security_groups data source.
// Please note that the data source arguments must be enough to filter results to one security group.
groupsDs, err := ecs.GetSecurityGroups(ctx, &ecs.GetSecurityGroupsArgs{
NameRegex: pulumi.StringRef("api"),
}, nil)
if err != nil {
return err
}
// Filter the security group rule by group
ingressRulesDs, err := ecs.GetSecurityGroupRules(ctx, &ecs.GetSecurityGroupRulesArgs{
GroupId: groupsDs.Groups[0].Id,
NicType: pulumi.StringRef("internet"),
Direction: pulumi.StringRef("ingress"),
IpProtocol: pulumi.StringRef("tcp"),
}, nil)
if err != nil {
return err
}
// Pass port_range to the backend service
_, err = ecs.NewInstance(ctx, "backend", &ecs.InstanceArgs{
UserData: pulumi.Sprintf("config_service.sh --portrange=%v", ingressRulesDs.Rules[0].PortRange),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var securityGroupId = config.RequireObject<dynamic>("securityGroupId");
// Or get it from the alicloud_security_groups data source.
// Please note that the data source arguments must be enough to filter results to one security group.
var groupsDs = AliCloud.Ecs.GetSecurityGroups.Invoke(new()
{
NameRegex = "api",
});
// Filter the security group rule by group
var ingressRulesDs = AliCloud.Ecs.GetSecurityGroupRules.Invoke(new()
{
GroupId = groupsDs.Apply(getSecurityGroupsResult => getSecurityGroupsResult.Groups[0]?.Id),
NicType = "internet",
Direction = "ingress",
IpProtocol = "tcp",
});
// Pass port_range to the backend service
var backend = new AliCloud.Ecs.Instance("backend", new()
{
UserData = $"config_service.sh --portrange={ingressRulesDs.Apply(getSecurityGroupRulesResult => getSecurityGroupRulesResult.Rules[0]?.PortRange)}",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ecs.EcsFunctions;
import com.pulumi.alicloud.ecs.inputs.GetSecurityGroupsArgs;
import com.pulumi.alicloud.ecs.inputs.GetSecurityGroupRulesArgs;
import com.pulumi.alicloud.ecs.Instance;
import com.pulumi.alicloud.ecs.InstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var securityGroupId = config.get("securityGroupId");
// Or get it from the alicloud_security_groups data source.
// Please note that the data source arguments must be enough to filter results to one security group.
final var groupsDs = EcsFunctions.getSecurityGroups(GetSecurityGroupsArgs.builder()
.nameRegex("api")
.build());
// Filter the security group rule by group
final var ingressRulesDs = EcsFunctions.getSecurityGroupRules(GetSecurityGroupRulesArgs.builder()
.groupId(groupsDs.applyValue(getSecurityGroupsResult -> getSecurityGroupsResult.groups()[0].id()))
.nicType("internet")
.direction("ingress")
.ipProtocol("tcp")
.build());
// Pass port_range to the backend service
var backend = new Instance("backend", InstanceArgs.builder()
.userData(String.format("config_service.sh --portrange=%s", ingressRulesDs.applyValue(getSecurityGroupRulesResult -> getSecurityGroupRulesResult.rules()[0].portRange())))
.build());
}
}
configuration:
# Get the security group id from a variable
securityGroupId:
type: dynamic
resources:
# Pass port_range to the backend service
backend:
type: alicloud:ecs:Instance
properties:
userData: config_service.sh --portrange=${ingressRulesDs.rules[0].portRange}
variables:
# Or get it from the alicloud_security_groups data source.
# Please note that the data source arguments must be enough to filter results to one security group.
groupsDs:
fn::invoke:
Function: alicloud:ecs:getSecurityGroups
Arguments:
nameRegex: api
# Filter the security group rule by group
ingressRulesDs:
fn::invoke:
Function: alicloud:ecs:getSecurityGroupRules
Arguments:
groupId: ${groupsDs.groups[0].id}
nicType: internet
direction: ingress
ipProtocol: tcp
Using getSecurityGroupRules
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSecurityGroupRules(args: GetSecurityGroupRulesArgs, opts?: InvokeOptions): Promise<GetSecurityGroupRulesResult>
function getSecurityGroupRulesOutput(args: GetSecurityGroupRulesOutputArgs, opts?: InvokeOptions): Output<GetSecurityGroupRulesResult>
def get_security_group_rules(direction: Optional[str] = None,
group_id: Optional[str] = None,
ip_protocol: Optional[str] = None,
nic_type: Optional[str] = None,
output_file: Optional[str] = None,
policy: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSecurityGroupRulesResult
def get_security_group_rules_output(direction: Optional[pulumi.Input[str]] = None,
group_id: Optional[pulumi.Input[str]] = None,
ip_protocol: Optional[pulumi.Input[str]] = None,
nic_type: Optional[pulumi.Input[str]] = None,
output_file: Optional[pulumi.Input[str]] = None,
policy: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSecurityGroupRulesResult]
func GetSecurityGroupRules(ctx *Context, args *GetSecurityGroupRulesArgs, opts ...InvokeOption) (*GetSecurityGroupRulesResult, error)
func GetSecurityGroupRulesOutput(ctx *Context, args *GetSecurityGroupRulesOutputArgs, opts ...InvokeOption) GetSecurityGroupRulesResultOutput
> Note: This function is named GetSecurityGroupRules
in the Go SDK.
public static class GetSecurityGroupRules
{
public static Task<GetSecurityGroupRulesResult> InvokeAsync(GetSecurityGroupRulesArgs args, InvokeOptions? opts = null)
public static Output<GetSecurityGroupRulesResult> Invoke(GetSecurityGroupRulesInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetSecurityGroupRulesResult> getSecurityGroupRules(GetSecurityGroupRulesArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: alicloud:ecs/getSecurityGroupRules:getSecurityGroupRules
arguments:
# arguments dictionary
The following arguments are supported:
- Group
Id string - The ID of the security group that owns the rules.
- Direction string
- Authorization direction. Valid values are:
ingress
oregress
. - Ip
Protocol string - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - Nic
Type string - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - Output
File string - File name where to save data source results (after running
pulumi preview
). - Policy string
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
.
- Group
Id string - The ID of the security group that owns the rules.
- Direction string
- Authorization direction. Valid values are:
ingress
oregress
. - Ip
Protocol string - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - Nic
Type string - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - Output
File string - File name where to save data source results (after running
pulumi preview
). - Policy string
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
.
- group
Id String - The ID of the security group that owns the rules.
- direction String
- Authorization direction. Valid values are:
ingress
oregress
. - ip
Protocol String - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - nic
Type String - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - output
File String - File name where to save data source results (after running
pulumi preview
). - policy String
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
.
- group
Id string - The ID of the security group that owns the rules.
- direction string
- Authorization direction. Valid values are:
ingress
oregress
. - ip
Protocol string - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - nic
Type string - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - output
File string - File name where to save data source results (after running
pulumi preview
). - policy string
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
.
- group_
id str - The ID of the security group that owns the rules.
- direction str
- Authorization direction. Valid values are:
ingress
oregress
. - ip_
protocol str - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - nic_
type str - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - output_
file str - File name where to save data source results (after running
pulumi preview
). - policy str
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
.
- group
Id String - The ID of the security group that owns the rules.
- direction String
- Authorization direction. Valid values are:
ingress
oregress
. - ip
Protocol String - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - nic
Type String - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - output
File String - File name where to save data source results (after running
pulumi preview
). - policy String
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
.
getSecurityGroupRules Result
The following output properties are available:
- Group
Desc string - The description of the security group that owns the rules.
- Group
Id string - Group
Name string - The name of the security group that owns the rules.
- Id string
- The provider-assigned unique ID for this managed resource.
- Rules
List<Pulumi.
Ali Cloud. Ecs. Outputs. Get Security Group Rules Rule> - A list of security group rules. Each element contains the following attributes:
- Direction string
- Authorization direction,
ingress
oregress
. - Ip
Protocol string - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - Nic
Type string - Network type,
internet
orintranet
. - Output
File string - Policy string
- Authorization policy. Can be either
accept
ordrop
.
- Group
Desc string - The description of the security group that owns the rules.
- Group
Id string - Group
Name string - The name of the security group that owns the rules.
- Id string
- The provider-assigned unique ID for this managed resource.
- Rules
[]Get
Security Group Rules Rule - A list of security group rules. Each element contains the following attributes:
- Direction string
- Authorization direction,
ingress
oregress
. - Ip
Protocol string - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - Nic
Type string - Network type,
internet
orintranet
. - Output
File string - Policy string
- Authorization policy. Can be either
accept
ordrop
.
- group
Desc String - The description of the security group that owns the rules.
- group
Id String - group
Name String - The name of the security group that owns the rules.
- id String
- The provider-assigned unique ID for this managed resource.
- rules
List<Get
Security Group Rules Rule> - A list of security group rules. Each element contains the following attributes:
- direction String
- Authorization direction,
ingress
oregress
. - ip
Protocol String - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - nic
Type String - Network type,
internet
orintranet
. - output
File String - policy String
- Authorization policy. Can be either
accept
ordrop
.
- group
Desc string - The description of the security group that owns the rules.
- group
Id string - group
Name string - The name of the security group that owns the rules.
- id string
- The provider-assigned unique ID for this managed resource.
- rules
Get
Security Group Rules Rule[] - A list of security group rules. Each element contains the following attributes:
- direction string
- Authorization direction,
ingress
oregress
. - ip
Protocol string - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - nic
Type string - Network type,
internet
orintranet
. - output
File string - policy string
- Authorization policy. Can be either
accept
ordrop
.
- group_
desc str - The description of the security group that owns the rules.
- group_
id str - group_
name str - The name of the security group that owns the rules.
- id str
- The provider-assigned unique ID for this managed resource.
- rules
Sequence[Get
Security Group Rules Rule] - A list of security group rules. Each element contains the following attributes:
- direction str
- Authorization direction,
ingress
oregress
. - ip_
protocol str - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - nic_
type str - Network type,
internet
orintranet
. - output_
file str - policy str
- Authorization policy. Can be either
accept
ordrop
.
- group
Desc String - The description of the security group that owns the rules.
- group
Id String - group
Name String - The name of the security group that owns the rules.
- id String
- The provider-assigned unique ID for this managed resource.
- rules List<Property Map>
- A list of security group rules. Each element contains the following attributes:
- direction String
- Authorization direction,
ingress
oregress
. - ip
Protocol String - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - nic
Type String - Network type,
internet
orintranet
. - output
File String - policy String
- Authorization policy. Can be either
accept
ordrop
.
Supporting Types
GetSecurityGroupRulesRule
- Description string
- The description of the rule.
- Dest
Cidr stringIp - Target IP address segment for egress authorization.
- Dest
Group stringId - Target security group id for ingress authorization.
- Dest
Group stringOwner Account - Alibaba Cloud account of the target security group.
- Direction string
- Authorization direction. Valid values are:
ingress
oregress
. - Ip
Protocol string - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - Nic
Type string - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - Policy string
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
. - Port
Range string - The range of port numbers.
- Priority int
- Rule priority.
- Source
Cidr stringIp - Source IP address segment for ingress authorization.
- Source
Group stringId - Source security group ID for ingress authorization.
- Source
Group stringOwner Account - Alibaba Cloud account of the source security group.
- Description string
- The description of the rule.
- Dest
Cidr stringIp - Target IP address segment for egress authorization.
- Dest
Group stringId - Target security group id for ingress authorization.
- Dest
Group stringOwner Account - Alibaba Cloud account of the target security group.
- Direction string
- Authorization direction. Valid values are:
ingress
oregress
. - Ip
Protocol string - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - Nic
Type string - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - Policy string
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
. - Port
Range string - The range of port numbers.
- Priority int
- Rule priority.
- Source
Cidr stringIp - Source IP address segment for ingress authorization.
- Source
Group stringId - Source security group ID for ingress authorization.
- Source
Group stringOwner Account - Alibaba Cloud account of the source security group.
- description String
- The description of the rule.
- dest
Cidr StringIp - Target IP address segment for egress authorization.
- dest
Group StringId - Target security group id for ingress authorization.
- dest
Group StringOwner Account - Alibaba Cloud account of the target security group.
- direction String
- Authorization direction. Valid values are:
ingress
oregress
. - ip
Protocol String - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - nic
Type String - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - policy String
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
. - port
Range String - The range of port numbers.
- priority Integer
- Rule priority.
- source
Cidr StringIp - Source IP address segment for ingress authorization.
- source
Group StringId - Source security group ID for ingress authorization.
- source
Group StringOwner Account - Alibaba Cloud account of the source security group.
- description string
- The description of the rule.
- dest
Cidr stringIp - Target IP address segment for egress authorization.
- dest
Group stringId - Target security group id for ingress authorization.
- dest
Group stringOwner Account - Alibaba Cloud account of the target security group.
- direction string
- Authorization direction. Valid values are:
ingress
oregress
. - ip
Protocol string - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - nic
Type string - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - policy string
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
. - port
Range string - The range of port numbers.
- priority number
- Rule priority.
- source
Cidr stringIp - Source IP address segment for ingress authorization.
- source
Group stringId - Source security group ID for ingress authorization.
- source
Group stringOwner Account - Alibaba Cloud account of the source security group.
- description str
- The description of the rule.
- dest_
cidr_ strip - Target IP address segment for egress authorization.
- dest_
group_ strid - Target security group id for ingress authorization.
- dest_
group_ strowner_ account - Alibaba Cloud account of the target security group.
- direction str
- Authorization direction. Valid values are:
ingress
oregress
. - ip_
protocol str - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - nic_
type str - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - policy str
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
. - port_
range str - The range of port numbers.
- priority int
- Rule priority.
- source_
cidr_ strip - Source IP address segment for ingress authorization.
- source_
group_ strid - Source security group ID for ingress authorization.
- source_
group_ strowner_ account - Alibaba Cloud account of the source security group.
- description String
- The description of the rule.
- dest
Cidr StringIp - Target IP address segment for egress authorization.
- dest
Group StringId - Target security group id for ingress authorization.
- dest
Group StringOwner Account - Alibaba Cloud account of the target security group.
- direction String
- Authorization direction. Valid values are:
ingress
oregress
. - ip
Protocol String - The IP protocol. Valid values are:
tcp
,udp
,icmp
,gre
andall
. - nic
Type String - Refers to the network type. Can be either
internet
orintranet
. The default value isinternet
. - policy String
- Authorization policy. Can be either
accept
ordrop
. The default value isaccept
. - port
Range String - The range of port numbers.
- priority Number
- Rule priority.
- source
Cidr StringIp - Source IP address segment for ingress authorization.
- source
Group StringId - Source security group ID for ingress authorization.
- source
Group StringOwner Account - Alibaba Cloud account of the source security group.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloud
Terraform Provider.