alicloud.ecs.SecurityGroupRule
Explore with Pulumi AI
Provides a security group rule resource.
Represents a single ingress
or egress
group rule, which can be added to external Security Groups.
NOTE:
nic_type
should set tointranet
when security group type isvpc
or specifying thesource_security_group_id
. In this situation it does not distinguish between intranet and internet, the rule is effective on them both.
NOTE: Available since v0.1.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const _default = new alicloud.ecs.SecurityGroup("default", {name: "default"});
const allowAllTcp = new alicloud.ecs.SecurityGroupRule("allow_all_tcp", {
type: "ingress",
ipProtocol: "tcp",
nicType: "internet",
policy: "accept",
portRange: "1/65535",
priority: 1,
securityGroupId: _default.id,
cidrIp: "0.0.0.0/0",
});
import pulumi
import pulumi_alicloud as alicloud
default = alicloud.ecs.SecurityGroup("default", name="default")
allow_all_tcp = alicloud.ecs.SecurityGroupRule("allow_all_tcp",
type="ingress",
ip_protocol="tcp",
nic_type="internet",
policy="accept",
port_range="1/65535",
priority=1,
security_group_id=default.id,
cidr_ip="0.0.0.0/0")
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ecs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ecs.NewSecurityGroup(ctx, "default", &ecs.SecurityGroupArgs{
Name: pulumi.String("default"),
})
if err != nil {
return err
}
_, err = ecs.NewSecurityGroupRule(ctx, "allow_all_tcp", &ecs.SecurityGroupRuleArgs{
Type: pulumi.String("ingress"),
IpProtocol: pulumi.String("tcp"),
NicType: pulumi.String("internet"),
Policy: pulumi.String("accept"),
PortRange: pulumi.String("1/65535"),
Priority: pulumi.Int(1),
SecurityGroupId: _default.ID(),
CidrIp: pulumi.String("0.0.0.0/0"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var @default = new AliCloud.Ecs.SecurityGroup("default", new()
{
Name = "default",
});
var allowAllTcp = new AliCloud.Ecs.SecurityGroupRule("allow_all_tcp", new()
{
Type = "ingress",
IpProtocol = "tcp",
NicType = "internet",
Policy = "accept",
PortRange = "1/65535",
Priority = 1,
SecurityGroupId = @default.Id,
CidrIp = "0.0.0.0/0",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ecs.SecurityGroup;
import com.pulumi.alicloud.ecs.SecurityGroupArgs;
import com.pulumi.alicloud.ecs.SecurityGroupRule;
import com.pulumi.alicloud.ecs.SecurityGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new SecurityGroup("default", SecurityGroupArgs.builder()
.name("default")
.build());
var allowAllTcp = new SecurityGroupRule("allowAllTcp", SecurityGroupRuleArgs.builder()
.type("ingress")
.ipProtocol("tcp")
.nicType("internet")
.policy("accept")
.portRange("1/65535")
.priority(1)
.securityGroupId(default_.id())
.cidrIp("0.0.0.0/0")
.build());
}
}
resources:
default:
type: alicloud:ecs:SecurityGroup
properties:
name: default
allowAllTcp:
type: alicloud:ecs:SecurityGroupRule
name: allow_all_tcp
properties:
type: ingress
ipProtocol: tcp
nicType: internet
policy: accept
portRange: 1/65535
priority: 1
securityGroupId: ${default.id}
cidrIp: 0.0.0.0/0
Module Support
You can use the existing security-group module to create a security group and add several rules one-click.
Create SecurityGroupRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecurityGroupRule(name: string, args: SecurityGroupRuleArgs, opts?: CustomResourceOptions);
@overload
def SecurityGroupRule(resource_name: str,
args: SecurityGroupRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecurityGroupRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
security_group_id: Optional[str] = None,
type: Optional[str] = None,
ip_protocol: Optional[str] = None,
ipv6_cidr_ip: Optional[str] = None,
nic_type: Optional[str] = None,
policy: Optional[str] = None,
port_range: Optional[str] = None,
prefix_list_id: Optional[str] = None,
priority: Optional[int] = None,
cidr_ip: Optional[str] = None,
source_group_owner_account: Optional[str] = None,
source_security_group_id: Optional[str] = None,
description: Optional[str] = None)
func NewSecurityGroupRule(ctx *Context, name string, args SecurityGroupRuleArgs, opts ...ResourceOption) (*SecurityGroupRule, error)
public SecurityGroupRule(string name, SecurityGroupRuleArgs args, CustomResourceOptions? opts = null)
public SecurityGroupRule(String name, SecurityGroupRuleArgs args)
public SecurityGroupRule(String name, SecurityGroupRuleArgs args, CustomResourceOptions options)
type: alicloud:ecs:SecurityGroupRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecurityGroupRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecurityGroupRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecurityGroupRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecurityGroupRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecurityGroupRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var securityGroupRuleResource = new AliCloud.Ecs.SecurityGroupRule("securityGroupRuleResource", new()
{
SecurityGroupId = "string",
Type = "string",
IpProtocol = "string",
Ipv6CidrIp = "string",
NicType = "string",
Policy = "string",
PortRange = "string",
PrefixListId = "string",
Priority = 0,
CidrIp = "string",
SourceGroupOwnerAccount = "string",
SourceSecurityGroupId = "string",
Description = "string",
});
example, err := ecs.NewSecurityGroupRule(ctx, "securityGroupRuleResource", &ecs.SecurityGroupRuleArgs{
SecurityGroupId: pulumi.String("string"),
Type: pulumi.String("string"),
IpProtocol: pulumi.String("string"),
Ipv6CidrIp: pulumi.String("string"),
NicType: pulumi.String("string"),
Policy: pulumi.String("string"),
PortRange: pulumi.String("string"),
PrefixListId: pulumi.String("string"),
Priority: pulumi.Int(0),
CidrIp: pulumi.String("string"),
SourceGroupOwnerAccount: pulumi.String("string"),
SourceSecurityGroupId: pulumi.String("string"),
Description: pulumi.String("string"),
})
var securityGroupRuleResource = new SecurityGroupRule("securityGroupRuleResource", SecurityGroupRuleArgs.builder()
.securityGroupId("string")
.type("string")
.ipProtocol("string")
.ipv6CidrIp("string")
.nicType("string")
.policy("string")
.portRange("string")
.prefixListId("string")
.priority(0)
.cidrIp("string")
.sourceGroupOwnerAccount("string")
.sourceSecurityGroupId("string")
.description("string")
.build());
security_group_rule_resource = alicloud.ecs.SecurityGroupRule("securityGroupRuleResource",
security_group_id="string",
type="string",
ip_protocol="string",
ipv6_cidr_ip="string",
nic_type="string",
policy="string",
port_range="string",
prefix_list_id="string",
priority=0,
cidr_ip="string",
source_group_owner_account="string",
source_security_group_id="string",
description="string")
const securityGroupRuleResource = new alicloud.ecs.SecurityGroupRule("securityGroupRuleResource", {
securityGroupId: "string",
type: "string",
ipProtocol: "string",
ipv6CidrIp: "string",
nicType: "string",
policy: "string",
portRange: "string",
prefixListId: "string",
priority: 0,
cidrIp: "string",
sourceGroupOwnerAccount: "string",
sourceSecurityGroupId: "string",
description: "string",
});
type: alicloud:ecs:SecurityGroupRule
properties:
cidrIp: string
description: string
ipProtocol: string
ipv6CidrIp: string
nicType: string
policy: string
portRange: string
prefixListId: string
priority: 0
securityGroupId: string
sourceGroupOwnerAccount: string
sourceSecurityGroupId: string
type: string
SecurityGroupRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The SecurityGroupRule resource accepts the following input properties:
- Ip
Protocol string - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - Security
Group stringId - The security group to apply this rule to.
- Type string
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound). - Cidr
Ip string - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- Description string
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- Ipv6Cidr
Ip string Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- Nic
Type string - Network type, can be either
internet
orintranet
, the default value isinternet
. - Policy string
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - Port
Range string - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - Prefix
List stringId - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - Priority int
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - Source
Group stringOwner Account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - Source
Security stringGroup Id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
.
- Ip
Protocol string - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - Security
Group stringId - The security group to apply this rule to.
- Type string
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound). - Cidr
Ip string - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- Description string
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- Ipv6Cidr
Ip string Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- Nic
Type string - Network type, can be either
internet
orintranet
, the default value isinternet
. - Policy string
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - Port
Range string - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - Prefix
List stringId - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - Priority int
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - Source
Group stringOwner Account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - Source
Security stringGroup Id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
.
- ip
Protocol String - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - security
Group StringId - The security group to apply this rule to.
- type String
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound). - cidr
Ip String - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- description String
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- ipv6Cidr
Ip String Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- nic
Type String - Network type, can be either
internet
orintranet
, the default value isinternet
. - policy String
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - port
Range String - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - prefix
List StringId - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - priority Integer
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - source
Group StringOwner Account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - source
Security StringGroup Id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
.
- ip
Protocol string - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - security
Group stringId - The security group to apply this rule to.
- type string
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound). - cidr
Ip string - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- description string
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- ipv6Cidr
Ip string Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- nic
Type string - Network type, can be either
internet
orintranet
, the default value isinternet
. - policy string
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - port
Range string - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - prefix
List stringId - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - priority number
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - source
Group stringOwner Account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - source
Security stringGroup Id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
.
- ip_
protocol str - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - security_
group_ strid - The security group to apply this rule to.
- type str
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound). - cidr_
ip str - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- description str
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- ipv6_
cidr_ strip Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- nic_
type str - Network type, can be either
internet
orintranet
, the default value isinternet
. - policy str
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - port_
range str - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - prefix_
list_ strid - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - priority int
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - source_
group_ strowner_ account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - source_
security_ strgroup_ id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
.
- ip
Protocol String - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - security
Group StringId - The security group to apply this rule to.
- type String
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound). - cidr
Ip String - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- description String
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- ipv6Cidr
Ip String Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- nic
Type String - Network type, can be either
internet
orintranet
, the default value isinternet
. - policy String
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - port
Range String - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - prefix
List StringId - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - priority Number
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - source
Group StringOwner Account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - source
Security StringGroup Id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecurityGroupRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SecurityGroupRule Resource
Get an existing SecurityGroupRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecurityGroupRuleState, opts?: CustomResourceOptions): SecurityGroupRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cidr_ip: Optional[str] = None,
description: Optional[str] = None,
ip_protocol: Optional[str] = None,
ipv6_cidr_ip: Optional[str] = None,
nic_type: Optional[str] = None,
policy: Optional[str] = None,
port_range: Optional[str] = None,
prefix_list_id: Optional[str] = None,
priority: Optional[int] = None,
security_group_id: Optional[str] = None,
source_group_owner_account: Optional[str] = None,
source_security_group_id: Optional[str] = None,
type: Optional[str] = None) -> SecurityGroupRule
func GetSecurityGroupRule(ctx *Context, name string, id IDInput, state *SecurityGroupRuleState, opts ...ResourceOption) (*SecurityGroupRule, error)
public static SecurityGroupRule Get(string name, Input<string> id, SecurityGroupRuleState? state, CustomResourceOptions? opts = null)
public static SecurityGroupRule get(String name, Output<String> id, SecurityGroupRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cidr
Ip string - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- Description string
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- Ip
Protocol string - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - Ipv6Cidr
Ip string Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- Nic
Type string - Network type, can be either
internet
orintranet
, the default value isinternet
. - Policy string
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - Port
Range string - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - Prefix
List stringId - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - Priority int
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - Security
Group stringId - The security group to apply this rule to.
- Source
Group stringOwner Account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - Source
Security stringGroup Id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
. - Type string
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound).
- Cidr
Ip string - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- Description string
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- Ip
Protocol string - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - Ipv6Cidr
Ip string Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- Nic
Type string - Network type, can be either
internet
orintranet
, the default value isinternet
. - Policy string
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - Port
Range string - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - Prefix
List stringId - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - Priority int
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - Security
Group stringId - The security group to apply this rule to.
- Source
Group stringOwner Account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - Source
Security stringGroup Id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
. - Type string
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound).
- cidr
Ip String - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- description String
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- ip
Protocol String - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - ipv6Cidr
Ip String Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- nic
Type String - Network type, can be either
internet
orintranet
, the default value isinternet
. - policy String
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - port
Range String - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - prefix
List StringId - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - priority Integer
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - security
Group StringId - The security group to apply this rule to.
- source
Group StringOwner Account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - source
Security StringGroup Id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
. - type String
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound).
- cidr
Ip string - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- description string
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- ip
Protocol string - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - ipv6Cidr
Ip string Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- nic
Type string - Network type, can be either
internet
orintranet
, the default value isinternet
. - policy string
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - port
Range string - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - prefix
List stringId - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - priority number
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - security
Group stringId - The security group to apply this rule to.
- source
Group stringOwner Account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - source
Security stringGroup Id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
. - type string
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound).
- cidr_
ip str - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- description str
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- ip_
protocol str - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - ipv6_
cidr_ strip Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- nic_
type str - Network type, can be either
internet
orintranet
, the default value isinternet
. - policy str
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - port_
range str - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - prefix_
list_ strid - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - priority int
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - security_
group_ strid - The security group to apply this rule to.
- source_
group_ strowner_ account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - source_
security_ strgroup_ id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
. - type str
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound).
- cidr
Ip String - The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
- description String
- The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
- ip
Protocol String - The protocol. Can be
tcp
,udp
,icmp
,gre
orall
. - ipv6Cidr
Ip String Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the
cidr_ip
parameter.NOTE: You must specify one of the following field:
cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.- nic
Type String - Network type, can be either
internet
orintranet
, the default value isinternet
. - policy String
- Authorization policy, can be either
accept
ordrop
, the default value isaccept
. - port
Range String - The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid.
For example,
1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. - prefix
List StringId - The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify
cidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored. - priority Number
- Authorization policy priority, with parameter values:
1-100
, default value: 1. - security
Group StringId - The security group to apply this rule to.
- source
Group StringOwner Account - The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if
cidr_ip
has already been set. - source
Security StringGroup Id - The target security group ID within the same region. If this field is specified, the
nic_type
can only selectintranet
. - type String
- The type of rule being created. Valid options are
ingress
(inbound) oregress
(outbound).
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloud
Terraform Provider.