Alibaba Cloud v3.62.1, Sep 16 24

Alibaba Cloud v3.62.1 published on Monday, Sep 16, 2024 by Pulumi

alicloud.ecs.SecurityGroupRule

Explore with Pulumi AI

Alibaba Cloud v3.62.1 published on Monday, Sep 16, 2024 by Pulumi

pulumi/pulumi-alicloud

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const _default = new alicloud.ecs.SecurityGroup("default", {name: "default"});
const allowAllTcp = new alicloud.ecs.SecurityGroupRule("allow_all_tcp", {
    type: "ingress",
    ipProtocol: "tcp",
    nicType: "internet",
    policy: "accept",
    portRange: "1/65535",
    priority: 1,
    securityGroupId: _default.id,
    cidrIp: "0.0.0.0/0",
});

import pulumi
import pulumi_alicloud as alicloud

default = alicloud.ecs.SecurityGroup("default", name="default")
allow_all_tcp = alicloud.ecs.SecurityGroupRule("allow_all_tcp",
    type="ingress",
    ip_protocol="tcp",
    nic_type="internet",
    policy="accept",
    port_range="1/65535",
    priority=1,
    security_group_id=default.id,
    cidr_ip="0.0.0.0/0")

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ecs"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ecs.NewSecurityGroup(ctx, "default", &ecs.SecurityGroupArgs{
			Name: pulumi.String("default"),
		})
		if err != nil {
			return err
		}
		_, err = ecs.NewSecurityGroupRule(ctx, "allow_all_tcp", &ecs.SecurityGroupRuleArgs{
			Type:            pulumi.String("ingress"),
			IpProtocol:      pulumi.String("tcp"),
			NicType:         pulumi.String("internet"),
			Policy:          pulumi.String("accept"),
			PortRange:       pulumi.String("1/65535"),
			Priority:        pulumi.Int(1),
			SecurityGroupId: _default.ID(),
			CidrIp:          pulumi.String("0.0.0.0/0"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var @default = new AliCloud.Ecs.SecurityGroup("default", new()
    {
        Name = "default",
    });

    var allowAllTcp = new AliCloud.Ecs.SecurityGroupRule("allow_all_tcp", new()
    {
        Type = "ingress",
        IpProtocol = "tcp",
        NicType = "internet",
        Policy = "accept",
        PortRange = "1/65535",
        Priority = 1,
        SecurityGroupId = @default.Id,
        CidrIp = "0.0.0.0/0",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ecs.SecurityGroup;
import com.pulumi.alicloud.ecs.SecurityGroupArgs;
import com.pulumi.alicloud.ecs.SecurityGroupRule;
import com.pulumi.alicloud.ecs.SecurityGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new SecurityGroup("default", SecurityGroupArgs.builder()
            .name("default")
            .build());

        var allowAllTcp = new SecurityGroupRule("allowAllTcp", SecurityGroupRuleArgs.builder()
            .type("ingress")
            .ipProtocol("tcp")
            .nicType("internet")
            .policy("accept")
            .portRange("1/65535")
            .priority(1)
            .securityGroupId(default_.id())
            .cidrIp("0.0.0.0/0")
            .build());

    }
}

resources:
  default:
    type: alicloud:ecs:SecurityGroup
    properties:
      name: default
  allowAllTcp:
    type: alicloud:ecs:SecurityGroupRule
    name: allow_all_tcp
    properties:
      type: ingress
      ipProtocol: tcp
      nicType: internet
      policy: accept
      portRange: 1/65535
      priority: 1
      securityGroupId: ${default.id}
      cidrIp: 0.0.0.0/0

Module Support

You can use the existing security-group module to create a security group and add several rules one-click.

Create SecurityGroupRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecurityGroupRule(name: string, args: SecurityGroupRuleArgs, opts?: CustomResourceOptions);

@overload
def SecurityGroupRule(resource_name: str,
                      args: SecurityGroupRuleArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def SecurityGroupRule(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      security_group_id: Optional[str] = None,
                      type: Optional[str] = None,
                      ip_protocol: Optional[str] = None,
                      ipv6_cidr_ip: Optional[str] = None,
                      nic_type: Optional[str] = None,
                      policy: Optional[str] = None,
                      port_range: Optional[str] = None,
                      prefix_list_id: Optional[str] = None,
                      priority: Optional[int] = None,
                      cidr_ip: Optional[str] = None,
                      source_group_owner_account: Optional[str] = None,
                      source_security_group_id: Optional[str] = None,
                      description: Optional[str] = None)

func NewSecurityGroupRule(ctx *Context, name string, args SecurityGroupRuleArgs, opts ...ResourceOption) (*SecurityGroupRule, error)

public SecurityGroupRule(string name, SecurityGroupRuleArgs args, CustomResourceOptions? opts = null)

public SecurityGroupRule(String name, SecurityGroupRuleArgs args)
public SecurityGroupRule(String name, SecurityGroupRuleArgs args, CustomResourceOptions options)

type: alicloud:ecs:SecurityGroupRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecurityGroupRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecurityGroupRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecurityGroupRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecurityGroupRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecurityGroupRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var securityGroupRuleResource = new AliCloud.Ecs.SecurityGroupRule("securityGroupRuleResource", new()
{
    SecurityGroupId = "string",
    Type = "string",
    IpProtocol = "string",
    Ipv6CidrIp = "string",
    NicType = "string",
    Policy = "string",
    PortRange = "string",
    PrefixListId = "string",
    Priority = 0,
    CidrIp = "string",
    SourceGroupOwnerAccount = "string",
    SourceSecurityGroupId = "string",
    Description = "string",
});

example, err := ecs.NewSecurityGroupRule(ctx, "securityGroupRuleResource", &ecs.SecurityGroupRuleArgs{
	SecurityGroupId:         pulumi.String("string"),
	Type:                    pulumi.String("string"),
	IpProtocol:              pulumi.String("string"),
	Ipv6CidrIp:              pulumi.String("string"),
	NicType:                 pulumi.String("string"),
	Policy:                  pulumi.String("string"),
	PortRange:               pulumi.String("string"),
	PrefixListId:            pulumi.String("string"),
	Priority:                pulumi.Int(0),
	CidrIp:                  pulumi.String("string"),
	SourceGroupOwnerAccount: pulumi.String("string"),
	SourceSecurityGroupId:   pulumi.String("string"),
	Description:             pulumi.String("string"),
})

var securityGroupRuleResource = new SecurityGroupRule("securityGroupRuleResource", SecurityGroupRuleArgs.builder()
    .securityGroupId("string")
    .type("string")
    .ipProtocol("string")
    .ipv6CidrIp("string")
    .nicType("string")
    .policy("string")
    .portRange("string")
    .prefixListId("string")
    .priority(0)
    .cidrIp("string")
    .sourceGroupOwnerAccount("string")
    .sourceSecurityGroupId("string")
    .description("string")
    .build());

security_group_rule_resource = alicloud.ecs.SecurityGroupRule("securityGroupRuleResource",
    security_group_id="string",
    type="string",
    ip_protocol="string",
    ipv6_cidr_ip="string",
    nic_type="string",
    policy="string",
    port_range="string",
    prefix_list_id="string",
    priority=0,
    cidr_ip="string",
    source_group_owner_account="string",
    source_security_group_id="string",
    description="string")

const securityGroupRuleResource = new alicloud.ecs.SecurityGroupRule("securityGroupRuleResource", {
    securityGroupId: "string",
    type: "string",
    ipProtocol: "string",
    ipv6CidrIp: "string",
    nicType: "string",
    policy: "string",
    portRange: "string",
    prefixListId: "string",
    priority: 0,
    cidrIp: "string",
    sourceGroupOwnerAccount: "string",
    sourceSecurityGroupId: "string",
    description: "string",
});

type: alicloud:ecs:SecurityGroupRule
properties:
    cidrIp: string
    description: string
    ipProtocol: string
    ipv6CidrIp: string
    nicType: string
    policy: string
    portRange: string
    prefixListId: string
    priority: 0
    securityGroupId: string
    sourceGroupOwnerAccount: string
    sourceSecurityGroupId: string
    type: string

SecurityGroupRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SecurityGroupRule resource accepts the following input properties:

IpProtocol string: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
SecurityGroupId string: The ID of the Security Group.
Type string: The type of the Security Group Rule. Valid values:
CidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
Description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
Ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NicType string: Network type, can be either internet or intranet, the default value is internet.
Policy string: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
PortRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
PrefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
Priority int: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
SourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
SourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

IpProtocol string: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
SecurityGroupId string: The ID of the Security Group.
Type string: The type of the Security Group Rule. Valid values:
CidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
Description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
Ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NicType string: Network type, can be either internet or intranet, the default value is internet.
Policy string: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
PortRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
PrefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
Priority int: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
SourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
SourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

ipProtocol String: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
securityGroupId String: The ID of the Security Group.
type String: The type of the Security Group Rule. Valid values:
cidrIp String: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description String: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
ipv6CidrIp String: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
nicType String: Network type, can be either internet or intranet, the default value is internet.
policy String: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
portRange String: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId String: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority Integer: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
sourceGroupOwnerAccount String: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId String: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

ipProtocol string: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
securityGroupId string: The ID of the Security Group.
type string: The type of the Security Group Rule. Valid values:
cidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
nicType string: Network type, can be either internet or intranet, the default value is internet.
policy string: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
portRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority number: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
sourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

ip_protocol str: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
security_group_id str: The ID of the Security Group.
type str: The type of the Security Group Rule. Valid values:
cidr_ip str: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description str: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
ipv6_cidr_ip str: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
nic_type str: Network type, can be either internet or intranet, the default value is internet.
policy str: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
port_range str: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefix_list_id str: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority int: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
source_group_owner_account str: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
source_security_group_id str: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

ipProtocol String: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
securityGroupId String: The ID of the Security Group.
type String: The type of the Security Group Rule. Valid values:
cidrIp String: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description String: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
ipv6CidrIp String: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
nicType String: Network type, can be either internet or intranet, the default value is internet.
policy String: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
portRange String: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId String: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority Number: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
sourceGroupOwnerAccount String: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId String: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityGroupRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SecurityGroupRule Resource

Get an existing SecurityGroupRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecurityGroupRuleState, opts?: CustomResourceOptions): SecurityGroupRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        cidr_ip: Optional[str] = None,
        description: Optional[str] = None,
        ip_protocol: Optional[str] = None,
        ipv6_cidr_ip: Optional[str] = None,
        nic_type: Optional[str] = None,
        policy: Optional[str] = None,
        port_range: Optional[str] = None,
        prefix_list_id: Optional[str] = None,
        priority: Optional[int] = None,
        security_group_id: Optional[str] = None,
        source_group_owner_account: Optional[str] = None,
        source_security_group_id: Optional[str] = None,
        type: Optional[str] = None) -> SecurityGroupRule

func GetSecurityGroupRule(ctx *Context, name string, id IDInput, state *SecurityGroupRuleState, opts ...ResourceOption) (*SecurityGroupRule, error)

public static SecurityGroupRule Get(string name, Input<string> id, SecurityGroupRuleState? state, CustomResourceOptions? opts = null)

public static SecurityGroupRule get(String name, Output<String> id, SecurityGroupRuleState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
Description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
IpProtocol string: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
Ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NicType string: Network type, can be either internet or intranet, the default value is internet.
Policy string: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
PortRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
PrefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
Priority int: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
SecurityGroupId string: The ID of the Security Group.
SourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
SourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
Type string: The type of the Security Group Rule. Valid values:

CidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
Description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
IpProtocol string: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
Ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NicType string: Network type, can be either internet or intranet, the default value is internet.
Policy string: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
PortRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
PrefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
Priority int: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
SecurityGroupId string: The ID of the Security Group.
SourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
SourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
Type string: The type of the Security Group Rule. Valid values:

cidrIp String: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description String: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
ipProtocol String: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
ipv6CidrIp String: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
nicType String: Network type, can be either internet or intranet, the default value is internet.
policy String: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
portRange String: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId String: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority Integer: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
securityGroupId String: The ID of the Security Group.
sourceGroupOwnerAccount String: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId String: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
type String: The type of the Security Group Rule. Valid values:

cidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
ipProtocol string: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
nicType string: Network type, can be either internet or intranet, the default value is internet.
policy string: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
portRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority number: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
securityGroupId string: The ID of the Security Group.
sourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
type string: The type of the Security Group Rule. Valid values:

cidr_ip str: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description str: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
ip_protocol str: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
ipv6_cidr_ip str: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
nic_type str: Network type, can be either internet or intranet, the default value is internet.
policy str: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
port_range str: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefix_list_id str: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority int: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
security_group_id str: The ID of the Security Group.
source_group_owner_account str: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
source_security_group_id str: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
type str: The type of the Security Group Rule. Valid values:

cidrIp String: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description String: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
ipProtocol String: The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
ipv6CidrIp String: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
nicType String: Network type, can be either internet or intranet, the default value is internet.
policy String: The action of the Security Group Rule that determines whether to allow inbound access. Default value: accept. Valid values: accept, drop.
portRange String: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId String: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority Number: The priority of the Security Group Rule. Default value: 1. Valid values: 1 to 100.
securityGroupId String: The ID of the Security Group.
sourceGroupOwnerAccount String: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId String: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
type String: The type of the Security Group Rule. Valid values:

Import

Security Group Rule can be imported using the id, e.g.

$ pulumi import alicloud:ecs/securityGroupRule:SecurityGroupRule example <id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.62.1 published on Monday, Sep 16, 2024 by Pulumi

pulumi/pulumi-alicloud

alicloud.ecs.SecurityGroupRule

On this page

On this page

Example Usage

Module Support

Create SecurityGroupRule Resource

Constructor syntax

Parameters

Constructor example

SecurityGroupRule Resource Properties

Inputs

Outputs

Look up Existing SecurityGroupRule Resource

Import

Package Details

On this page

On this page