1. Packages
  2. Alibaba Cloud
  3. API Docs
  4. ecs
  5. getSecurityGroupRules
Alibaba Cloud v3.59.0 published on Friday, Jul 12, 2024 by Pulumi

alicloud.ecs.getSecurityGroupRules

Explore with Pulumi AI

alicloud logo
Alibaba Cloud v3.59.0 published on Friday, Jul 12, 2024 by Pulumi

    The alicloud.ecs.getSecurityGroupRules data source provides a collection of security permissions of a specific security group. Each collection item represents a single ingress or egress permission rule. The ID of the security group can be provided via a variable or the result from the other data source alicloud.ecs.getSecurityGroups.

    Example Usage

    The following example shows how to obtain details about a security group rule and how to pass its data to an instance at launch time.

    import * as pulumi from "@pulumi/pulumi";
    import * as alicloud from "@pulumi/alicloud";
    
    const config = new pulumi.Config();
    const securityGroupId = config.requireObject("securityGroupId");
    // Or get it from the alicloud_security_groups data source.
    // Please note that the data source arguments must be enough to filter results to one security group.
    const groupsDs = alicloud.ecs.getSecurityGroups({
        nameRegex: "api",
    });
    // Filter the security group rule by group
    const ingressRulesDs = groupsDs.then(groupsDs => alicloud.ecs.getSecurityGroupRules({
        groupId: groupsDs.groups?.[0]?.id,
        nicType: "internet",
        direction: "ingress",
        ipProtocol: "tcp",
    }));
    // Pass port_range to the backend service
    const backend = new alicloud.ecs.Instance("backend", {userData: ingressRulesDs.then(ingressRulesDs => `config_service.sh --portrange=${ingressRulesDs.rules?.[0]?.portRange}`)});
    
    import pulumi
    import pulumi_alicloud as alicloud
    
    config = pulumi.Config()
    security_group_id = config.require_object("securityGroupId")
    # Or get it from the alicloud_security_groups data source.
    # Please note that the data source arguments must be enough to filter results to one security group.
    groups_ds = alicloud.ecs.get_security_groups(name_regex="api")
    # Filter the security group rule by group
    ingress_rules_ds = alicloud.ecs.get_security_group_rules(group_id=groups_ds.groups[0].id,
        nic_type="internet",
        direction="ingress",
        ip_protocol="tcp")
    # Pass port_range to the backend service
    backend = alicloud.ecs.Instance("backend", user_data=f"config_service.sh --portrange={ingress_rules_ds.rules[0].port_range}")
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ecs"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		cfg := config.New(ctx, "")
    		securityGroupId := cfg.RequireObject("securityGroupId")
    		// Or get it from the alicloud_security_groups data source.
    		// Please note that the data source arguments must be enough to filter results to one security group.
    		groupsDs, err := ecs.GetSecurityGroups(ctx, &ecs.GetSecurityGroupsArgs{
    			NameRegex: pulumi.StringRef("api"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		// Filter the security group rule by group
    		ingressRulesDs, err := ecs.GetSecurityGroupRules(ctx, &ecs.GetSecurityGroupRulesArgs{
    			GroupId:    groupsDs.Groups[0].Id,
    			NicType:    pulumi.StringRef("internet"),
    			Direction:  pulumi.StringRef("ingress"),
    			IpProtocol: pulumi.StringRef("tcp"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		// Pass port_range to the backend service
    		_, err = ecs.NewInstance(ctx, "backend", &ecs.InstanceArgs{
    			UserData: pulumi.String(fmt.Sprintf("config_service.sh --portrange=%v", ingressRulesDs.Rules[0].PortRange)),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AliCloud = Pulumi.AliCloud;
    
    return await Deployment.RunAsync(() => 
    {
        var config = new Config();
        var securityGroupId = config.RequireObject<dynamic>("securityGroupId");
        // Or get it from the alicloud_security_groups data source.
        // Please note that the data source arguments must be enough to filter results to one security group.
        var groupsDs = AliCloud.Ecs.GetSecurityGroups.Invoke(new()
        {
            NameRegex = "api",
        });
    
        // Filter the security group rule by group
        var ingressRulesDs = AliCloud.Ecs.GetSecurityGroupRules.Invoke(new()
        {
            GroupId = groupsDs.Apply(getSecurityGroupsResult => getSecurityGroupsResult.Groups[0]?.Id),
            NicType = "internet",
            Direction = "ingress",
            IpProtocol = "tcp",
        });
    
        // Pass port_range to the backend service
        var backend = new AliCloud.Ecs.Instance("backend", new()
        {
            UserData = $"config_service.sh --portrange={ingressRulesDs.Apply(getSecurityGroupRulesResult => getSecurityGroupRulesResult.Rules[0]?.PortRange)}",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.alicloud.ecs.EcsFunctions;
    import com.pulumi.alicloud.ecs.inputs.GetSecurityGroupsArgs;
    import com.pulumi.alicloud.ecs.inputs.GetSecurityGroupRulesArgs;
    import com.pulumi.alicloud.ecs.Instance;
    import com.pulumi.alicloud.ecs.InstanceArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var config = ctx.config();
            final var securityGroupId = config.get("securityGroupId");
            // Or get it from the alicloud_security_groups data source.
            // Please note that the data source arguments must be enough to filter results to one security group.
            final var groupsDs = EcsFunctions.getSecurityGroups(GetSecurityGroupsArgs.builder()
                .nameRegex("api")
                .build());
    
            // Filter the security group rule by group
            final var ingressRulesDs = EcsFunctions.getSecurityGroupRules(GetSecurityGroupRulesArgs.builder()
                .groupId(groupsDs.applyValue(getSecurityGroupsResult -> getSecurityGroupsResult.groups()[0].id()))
                .nicType("internet")
                .direction("ingress")
                .ipProtocol("tcp")
                .build());
    
            // Pass port_range to the backend service
            var backend = new Instance("backend", InstanceArgs.builder()
                .userData(String.format("config_service.sh --portrange=%s", ingressRulesDs.applyValue(getSecurityGroupRulesResult -> getSecurityGroupRulesResult.rules()[0].portRange())))
                .build());
    
        }
    }
    
    configuration:
      # Get the security group id from a variable
      securityGroupId:
        type: dynamic
    resources:
      # Pass port_range to the backend service
      backend:
        type: alicloud:ecs:Instance
        properties:
          userData: config_service.sh --portrange=${ingressRulesDs.rules[0].portRange}
    variables:
      # Or get it from the alicloud_security_groups data source.
      # Please note that the data source arguments must be enough to filter results to one security group.
      groupsDs:
        fn::invoke:
          Function: alicloud:ecs:getSecurityGroups
          Arguments:
            nameRegex: api
      # Filter the security group rule by group
      ingressRulesDs:
        fn::invoke:
          Function: alicloud:ecs:getSecurityGroupRules
          Arguments:
            groupId: ${groupsDs.groups[0].id}
            nicType: internet
            direction: ingress
            ipProtocol: tcp
    

    Using getSecurityGroupRules

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getSecurityGroupRules(args: GetSecurityGroupRulesArgs, opts?: InvokeOptions): Promise<GetSecurityGroupRulesResult>
    function getSecurityGroupRulesOutput(args: GetSecurityGroupRulesOutputArgs, opts?: InvokeOptions): Output<GetSecurityGroupRulesResult>
    def get_security_group_rules(direction: Optional[str] = None,
                                 group_id: Optional[str] = None,
                                 ip_protocol: Optional[str] = None,
                                 nic_type: Optional[str] = None,
                                 output_file: Optional[str] = None,
                                 policy: Optional[str] = None,
                                 opts: Optional[InvokeOptions] = None) -> GetSecurityGroupRulesResult
    def get_security_group_rules_output(direction: Optional[pulumi.Input[str]] = None,
                                 group_id: Optional[pulumi.Input[str]] = None,
                                 ip_protocol: Optional[pulumi.Input[str]] = None,
                                 nic_type: Optional[pulumi.Input[str]] = None,
                                 output_file: Optional[pulumi.Input[str]] = None,
                                 policy: Optional[pulumi.Input[str]] = None,
                                 opts: Optional[InvokeOptions] = None) -> Output[GetSecurityGroupRulesResult]
    func GetSecurityGroupRules(ctx *Context, args *GetSecurityGroupRulesArgs, opts ...InvokeOption) (*GetSecurityGroupRulesResult, error)
    func GetSecurityGroupRulesOutput(ctx *Context, args *GetSecurityGroupRulesOutputArgs, opts ...InvokeOption) GetSecurityGroupRulesResultOutput

    > Note: This function is named GetSecurityGroupRules in the Go SDK.

    public static class GetSecurityGroupRules 
    {
        public static Task<GetSecurityGroupRulesResult> InvokeAsync(GetSecurityGroupRulesArgs args, InvokeOptions? opts = null)
        public static Output<GetSecurityGroupRulesResult> Invoke(GetSecurityGroupRulesInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetSecurityGroupRulesResult> getSecurityGroupRules(GetSecurityGroupRulesArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: alicloud:ecs/getSecurityGroupRules:getSecurityGroupRules
      arguments:
        # arguments dictionary

    The following arguments are supported:

    GroupId string
    The ID of the security group that owns the rules.
    Direction string
    Authorization direction. Valid values are: ingress or egress.
    IpProtocol string
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    NicType string
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    OutputFile string
    File name where to save data source results (after running pulumi preview).
    Policy string
    Authorization policy. Can be either accept or drop. The default value is accept.
    GroupId string
    The ID of the security group that owns the rules.
    Direction string
    Authorization direction. Valid values are: ingress or egress.
    IpProtocol string
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    NicType string
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    OutputFile string
    File name where to save data source results (after running pulumi preview).
    Policy string
    Authorization policy. Can be either accept or drop. The default value is accept.
    groupId String
    The ID of the security group that owns the rules.
    direction String
    Authorization direction. Valid values are: ingress or egress.
    ipProtocol String
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    nicType String
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    outputFile String
    File name where to save data source results (after running pulumi preview).
    policy String
    Authorization policy. Can be either accept or drop. The default value is accept.
    groupId string
    The ID of the security group that owns the rules.
    direction string
    Authorization direction. Valid values are: ingress or egress.
    ipProtocol string
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    nicType string
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    outputFile string
    File name where to save data source results (after running pulumi preview).
    policy string
    Authorization policy. Can be either accept or drop. The default value is accept.
    group_id str
    The ID of the security group that owns the rules.
    direction str
    Authorization direction. Valid values are: ingress or egress.
    ip_protocol str
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    nic_type str
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    output_file str
    File name where to save data source results (after running pulumi preview).
    policy str
    Authorization policy. Can be either accept or drop. The default value is accept.
    groupId String
    The ID of the security group that owns the rules.
    direction String
    Authorization direction. Valid values are: ingress or egress.
    ipProtocol String
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    nicType String
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    outputFile String
    File name where to save data source results (after running pulumi preview).
    policy String
    Authorization policy. Can be either accept or drop. The default value is accept.

    getSecurityGroupRules Result

    The following output properties are available:

    GroupDesc string
    The description of the security group that owns the rules.
    GroupId string
    GroupName string
    The name of the security group that owns the rules.
    Id string
    The provider-assigned unique ID for this managed resource.
    Rules List<Pulumi.AliCloud.Ecs.Outputs.GetSecurityGroupRulesRule>
    A list of security group rules. Each element contains the following attributes:
    Direction string
    Authorization direction, ingress or egress.
    IpProtocol string
    The protocol. Can be tcp, udp, icmp, gre or all.
    NicType string
    Network type, internet or intranet.
    OutputFile string
    Policy string
    Authorization policy. Can be either accept or drop.
    GroupDesc string
    The description of the security group that owns the rules.
    GroupId string
    GroupName string
    The name of the security group that owns the rules.
    Id string
    The provider-assigned unique ID for this managed resource.
    Rules []GetSecurityGroupRulesRule
    A list of security group rules. Each element contains the following attributes:
    Direction string
    Authorization direction, ingress or egress.
    IpProtocol string
    The protocol. Can be tcp, udp, icmp, gre or all.
    NicType string
    Network type, internet or intranet.
    OutputFile string
    Policy string
    Authorization policy. Can be either accept or drop.
    groupDesc String
    The description of the security group that owns the rules.
    groupId String
    groupName String
    The name of the security group that owns the rules.
    id String
    The provider-assigned unique ID for this managed resource.
    rules List<GetSecurityGroupRulesRule>
    A list of security group rules. Each element contains the following attributes:
    direction String
    Authorization direction, ingress or egress.
    ipProtocol String
    The protocol. Can be tcp, udp, icmp, gre or all.
    nicType String
    Network type, internet or intranet.
    outputFile String
    policy String
    Authorization policy. Can be either accept or drop.
    groupDesc string
    The description of the security group that owns the rules.
    groupId string
    groupName string
    The name of the security group that owns the rules.
    id string
    The provider-assigned unique ID for this managed resource.
    rules GetSecurityGroupRulesRule[]
    A list of security group rules. Each element contains the following attributes:
    direction string
    Authorization direction, ingress or egress.
    ipProtocol string
    The protocol. Can be tcp, udp, icmp, gre or all.
    nicType string
    Network type, internet or intranet.
    outputFile string
    policy string
    Authorization policy. Can be either accept or drop.
    group_desc str
    The description of the security group that owns the rules.
    group_id str
    group_name str
    The name of the security group that owns the rules.
    id str
    The provider-assigned unique ID for this managed resource.
    rules Sequence[GetSecurityGroupRulesRule]
    A list of security group rules. Each element contains the following attributes:
    direction str
    Authorization direction, ingress or egress.
    ip_protocol str
    The protocol. Can be tcp, udp, icmp, gre or all.
    nic_type str
    Network type, internet or intranet.
    output_file str
    policy str
    Authorization policy. Can be either accept or drop.
    groupDesc String
    The description of the security group that owns the rules.
    groupId String
    groupName String
    The name of the security group that owns the rules.
    id String
    The provider-assigned unique ID for this managed resource.
    rules List<Property Map>
    A list of security group rules. Each element contains the following attributes:
    direction String
    Authorization direction, ingress or egress.
    ipProtocol String
    The protocol. Can be tcp, udp, icmp, gre or all.
    nicType String
    Network type, internet or intranet.
    outputFile String
    policy String
    Authorization policy. Can be either accept or drop.

    Supporting Types

    GetSecurityGroupRulesRule

    Description string
    The description of the rule.
    DestCidrIp string
    Target IP address segment for egress authorization.
    DestGroupId string
    Target security group id for ingress authorization.
    DestGroupOwnerAccount string
    Alibaba Cloud account of the target security group.
    Direction string
    Authorization direction. Valid values are: ingress or egress.
    IpProtocol string
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    NicType string
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    Policy string
    Authorization policy. Can be either accept or drop. The default value is accept.
    PortRange string
    The range of port numbers.
    Priority int
    Rule priority.
    SourceCidrIp string
    Source IP address segment for ingress authorization.
    SourceGroupId string
    Source security group ID for ingress authorization.
    SourceGroupOwnerAccount string
    Alibaba Cloud account of the source security group.
    Description string
    The description of the rule.
    DestCidrIp string
    Target IP address segment for egress authorization.
    DestGroupId string
    Target security group id for ingress authorization.
    DestGroupOwnerAccount string
    Alibaba Cloud account of the target security group.
    Direction string
    Authorization direction. Valid values are: ingress or egress.
    IpProtocol string
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    NicType string
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    Policy string
    Authorization policy. Can be either accept or drop. The default value is accept.
    PortRange string
    The range of port numbers.
    Priority int
    Rule priority.
    SourceCidrIp string
    Source IP address segment for ingress authorization.
    SourceGroupId string
    Source security group ID for ingress authorization.
    SourceGroupOwnerAccount string
    Alibaba Cloud account of the source security group.
    description String
    The description of the rule.
    destCidrIp String
    Target IP address segment for egress authorization.
    destGroupId String
    Target security group id for ingress authorization.
    destGroupOwnerAccount String
    Alibaba Cloud account of the target security group.
    direction String
    Authorization direction. Valid values are: ingress or egress.
    ipProtocol String
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    nicType String
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    policy String
    Authorization policy. Can be either accept or drop. The default value is accept.
    portRange String
    The range of port numbers.
    priority Integer
    Rule priority.
    sourceCidrIp String
    Source IP address segment for ingress authorization.
    sourceGroupId String
    Source security group ID for ingress authorization.
    sourceGroupOwnerAccount String
    Alibaba Cloud account of the source security group.
    description string
    The description of the rule.
    destCidrIp string
    Target IP address segment for egress authorization.
    destGroupId string
    Target security group id for ingress authorization.
    destGroupOwnerAccount string
    Alibaba Cloud account of the target security group.
    direction string
    Authorization direction. Valid values are: ingress or egress.
    ipProtocol string
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    nicType string
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    policy string
    Authorization policy. Can be either accept or drop. The default value is accept.
    portRange string
    The range of port numbers.
    priority number
    Rule priority.
    sourceCidrIp string
    Source IP address segment for ingress authorization.
    sourceGroupId string
    Source security group ID for ingress authorization.
    sourceGroupOwnerAccount string
    Alibaba Cloud account of the source security group.
    description str
    The description of the rule.
    dest_cidr_ip str
    Target IP address segment for egress authorization.
    dest_group_id str
    Target security group id for ingress authorization.
    dest_group_owner_account str
    Alibaba Cloud account of the target security group.
    direction str
    Authorization direction. Valid values are: ingress or egress.
    ip_protocol str
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    nic_type str
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    policy str
    Authorization policy. Can be either accept or drop. The default value is accept.
    port_range str
    The range of port numbers.
    priority int
    Rule priority.
    source_cidr_ip str
    Source IP address segment for ingress authorization.
    source_group_id str
    Source security group ID for ingress authorization.
    source_group_owner_account str
    Alibaba Cloud account of the source security group.
    description String
    The description of the rule.
    destCidrIp String
    Target IP address segment for egress authorization.
    destGroupId String
    Target security group id for ingress authorization.
    destGroupOwnerAccount String
    Alibaba Cloud account of the target security group.
    direction String
    Authorization direction. Valid values are: ingress or egress.
    ipProtocol String
    The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
    nicType String
    Refers to the network type. Can be either internet or intranet. The default value is internet.
    policy String
    Authorization policy. Can be either accept or drop. The default value is accept.
    portRange String
    The range of port numbers.
    priority Number
    Rule priority.
    sourceCidrIp String
    Source IP address segment for ingress authorization.
    sourceGroupId String
    Source security group ID for ingress authorization.
    sourceGroupOwnerAccount String
    Alibaba Cloud account of the source security group.

    Package Details

    Repository
    Alibaba Cloud pulumi/pulumi-alicloud
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the alicloud Terraform Provider.
    alicloud logo
    Alibaba Cloud v3.59.0 published on Friday, Jul 12, 2024 by Pulumi