Alibaba Cloud v3.53.0, Apr 17 24

Alibaba Cloud v3.53.0 published on Wednesday, Apr 17, 2024 by Pulumi

alicloud.ecs.getSecurityGroupRules

Explore with Pulumi AI

Alibaba Cloud v3.53.0 published on Wednesday, Apr 17, 2024 by Pulumi

The alicloud.ecs.getSecurityGroupRules data source provides a collection of security permissions of a specific security group. Each collection item represents a single ingress or egress permission rule. The ID of the security group can be provided via a variable or the result from the other data source alicloud.ecs.getSecurityGroups.

Example Usage

The following example shows how to obtain details about a security group rule and how to pass its data to an instance at launch time.

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const config = new pulumi.Config();
const securityGroupId = config.requireObject("securityGroupId");
const groupsDs = alicloud.ecs.getSecurityGroups({
    nameRegex: "api",
});
const ingressRulesDs = groupsDs.then(groupsDs => alicloud.ecs.getSecurityGroupRules({
    direction: "ingress",
    groupId: groupsDs.groups?.[0]?.id,
    ipProtocol: "tcp",
    nicType: "internet",
}));
// Pass port_range to the backend service
const backend = new alicloud.ecs.Instance("backend", {userData: ingressRulesDs.then(ingressRulesDs => `config_service.sh --portrange=${ingressRulesDs.rules?.[0]?.portRange}`)});

import pulumi
import pulumi_alicloud as alicloud

config = pulumi.Config()
security_group_id = config.require_object("securityGroupId")
groups_ds = alicloud.ecs.get_security_groups(name_regex="api")
ingress_rules_ds = alicloud.ecs.get_security_group_rules(direction="ingress",
    group_id=groups_ds.groups[0].id,
    ip_protocol="tcp",
    nic_type="internet")
# Pass port_range to the backend service
backend = alicloud.ecs.Instance("backend", user_data=f"config_service.sh --portrange={ingress_rules_ds.rules[0].port_range}")

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ecs"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		securityGroupId := cfg.RequireObject("securityGroupId")
		groupsDs, err := ecs.GetSecurityGroups(ctx, &ecs.GetSecurityGroupsArgs{
			NameRegex: pulumi.StringRef("api"),
		}, nil)
		if err != nil {
			return err
		}
		ingressRulesDs, err := ecs.GetSecurityGroupRules(ctx, &ecs.GetSecurityGroupRulesArgs{
			Direction:  pulumi.StringRef("ingress"),
			GroupId:    groupsDs.Groups[0].Id,
			IpProtocol: pulumi.StringRef("tcp"),
			NicType:    pulumi.StringRef("internet"),
		}, nil)
		if err != nil {
			return err
		}
		// Pass port_range to the backend service
		_, err = ecs.NewInstance(ctx, "backend", &ecs.InstanceArgs{
			UserData: pulumi.String(fmt.Sprintf("config_service.sh --portrange=%v", ingressRulesDs.Rules[0].PortRange)),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var securityGroupId = config.RequireObject<dynamic>("securityGroupId");
    var groupsDs = AliCloud.Ecs.GetSecurityGroups.Invoke(new()
    {
        NameRegex = "api",
    });

    var ingressRulesDs = AliCloud.Ecs.GetSecurityGroupRules.Invoke(new()
    {
        Direction = "ingress",
        GroupId = groupsDs.Apply(getSecurityGroupsResult => getSecurityGroupsResult.Groups[0]?.Id),
        IpProtocol = "tcp",
        NicType = "internet",
    });

    // Pass port_range to the backend service
    var backend = new AliCloud.Ecs.Instance("backend", new()
    {
        UserData = $"config_service.sh --portrange={ingressRulesDs.Apply(getSecurityGroupRulesResult => getSecurityGroupRulesResult.Rules[0]?.PortRange)}",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ecs.EcsFunctions;
import com.pulumi.alicloud.ecs.inputs.GetSecurityGroupsArgs;
import com.pulumi.alicloud.ecs.inputs.GetSecurityGroupRulesArgs;
import com.pulumi.alicloud.ecs.Instance;
import com.pulumi.alicloud.ecs.InstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var securityGroupId = config.get("securityGroupId");
        final var groupsDs = EcsFunctions.getSecurityGroups(GetSecurityGroupsArgs.builder()
            .nameRegex("api")
            .build());

        final var ingressRulesDs = EcsFunctions.getSecurityGroupRules(GetSecurityGroupRulesArgs.builder()
            .direction("ingress")
            .groupId(groupsDs.applyValue(getSecurityGroupsResult -> getSecurityGroupsResult.groups()[0].id()))
            .ipProtocol("tcp")
            .nicType("internet")
            .build());

        // Pass port_range to the backend service
        var backend = new Instance("backend", InstanceArgs.builder()        
            .userData(String.format("config_service.sh --portrange=%s", ingressRulesDs.applyValue(getSecurityGroupRulesResult -> getSecurityGroupRulesResult.rules()[0].portRange())))
            .build());

    }
}

configuration:
  # Get the security group id from a variable
  securityGroupId:
    type: dynamic
resources:
  # Pass port_range to the backend service
  backend:
    type: alicloud:ecs:Instance
    properties:
      # ...
      userData: config_service.sh --portrange=${ingressRulesDs.rules[0].portRange}
variables:
  groupsDs:
    fn::invoke:
      Function: alicloud:ecs:getSecurityGroups
      Arguments:
        nameRegex: api
  ingressRulesDs:
    fn::invoke:
      Function: alicloud:ecs:getSecurityGroupRules
      Arguments:
        direction: ingress
        groupId: ${groupsDs.groups[0].id}
        ipProtocol: tcp
        nicType: internet

Using getSecurityGroupRules

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSecurityGroupRules(args: GetSecurityGroupRulesArgs, opts?: InvokeOptions): Promise<GetSecurityGroupRulesResult>
function getSecurityGroupRulesOutput(args: GetSecurityGroupRulesOutputArgs, opts?: InvokeOptions): Output<GetSecurityGroupRulesResult>

def get_security_group_rules(direction: Optional[str] = None,
                             group_id: Optional[str] = None,
                             ip_protocol: Optional[str] = None,
                             nic_type: Optional[str] = None,
                             output_file: Optional[str] = None,
                             policy: Optional[str] = None,
                             opts: Optional[InvokeOptions] = None) -> GetSecurityGroupRulesResult
def get_security_group_rules_output(direction: Optional[pulumi.Input[str]] = None,
                             group_id: Optional[pulumi.Input[str]] = None,
                             ip_protocol: Optional[pulumi.Input[str]] = None,
                             nic_type: Optional[pulumi.Input[str]] = None,
                             output_file: Optional[pulumi.Input[str]] = None,
                             policy: Optional[pulumi.Input[str]] = None,
                             opts: Optional[InvokeOptions] = None) -> Output[GetSecurityGroupRulesResult]

func GetSecurityGroupRules(ctx *Context, args *GetSecurityGroupRulesArgs, opts ...InvokeOption) (*GetSecurityGroupRulesResult, error)
func GetSecurityGroupRulesOutput(ctx *Context, args *GetSecurityGroupRulesOutputArgs, opts ...InvokeOption) GetSecurityGroupRulesResultOutput

> Note: This function is named GetSecurityGroupRules in the Go SDK.

public static class GetSecurityGroupRules 
{
    public static Task<GetSecurityGroupRulesResult> InvokeAsync(GetSecurityGroupRulesArgs args, InvokeOptions? opts = null)
    public static Output<GetSecurityGroupRulesResult> Invoke(GetSecurityGroupRulesInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSecurityGroupRulesResult> getSecurityGroupRules(GetSecurityGroupRulesArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: alicloud:ecs/getSecurityGroupRules:getSecurityGroupRules
  arguments:
    # arguments dictionary

The following arguments are supported:

GroupId string: The ID of the security group that owns the rules.
Direction string: Authorization direction. Valid values are: ingress or egress.
IpProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
NicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
OutputFile string: File name where to save data source results (after running pulumi preview).
Policy string: Authorization policy. Can be either accept or drop. The default value is accept.

GroupId string: The ID of the security group that owns the rules.
Direction string: Authorization direction. Valid values are: ingress or egress.
IpProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
NicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
OutputFile string: File name where to save data source results (after running pulumi preview).
Policy string: Authorization policy. Can be either accept or drop. The default value is accept.

groupId String: The ID of the security group that owns the rules.
direction String: Authorization direction. Valid values are: ingress or egress.
ipProtocol String: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nicType String: Refers to the network type. Can be either internet or intranet. The default value is internet.
outputFile String: File name where to save data source results (after running pulumi preview).
policy String: Authorization policy. Can be either accept or drop. The default value is accept.

groupId string: The ID of the security group that owns the rules.
direction string: Authorization direction. Valid values are: ingress or egress.
ipProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
outputFile string: File name where to save data source results (after running pulumi preview).
policy string: Authorization policy. Can be either accept or drop. The default value is accept.

group_id str: The ID of the security group that owns the rules.
direction str: Authorization direction. Valid values are: ingress or egress.
ip_protocol str: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nic_type str: Refers to the network type. Can be either internet or intranet. The default value is internet.
output_file str: File name where to save data source results (after running pulumi preview).
policy str: Authorization policy. Can be either accept or drop. The default value is accept.

groupId String: The ID of the security group that owns the rules.
direction String: Authorization direction. Valid values are: ingress or egress.
ipProtocol String: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nicType String: Refers to the network type. Can be either internet or intranet. The default value is internet.
outputFile String: File name where to save data source results (after running pulumi preview).
policy String: Authorization policy. Can be either accept or drop. The default value is accept.

getSecurityGroupRules Result

The following output properties are available:

GroupDesc string: The description of the security group that owns the rules.
GroupId string
GroupName string: The name of the security group that owns the rules.
Id string: The provider-assigned unique ID for this managed resource.
Rules List<Pulumi.AliCloud.Ecs.Outputs.GetSecurityGroupRulesRule>: A list of security group rules. Each element contains the following attributes:
Direction string: Authorization direction, ingress or egress.
IpProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
NicType string: Network type, internet or intranet.
OutputFile string
Policy string: Authorization policy. Can be either accept or drop.

GroupDesc string: The description of the security group that owns the rules.
GroupId string
GroupName string: The name of the security group that owns the rules.
Id string: The provider-assigned unique ID for this managed resource.
Rules []GetSecurityGroupRulesRule: A list of security group rules. Each element contains the following attributes:
Direction string: Authorization direction, ingress or egress.
IpProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
NicType string: Network type, internet or intranet.
OutputFile string
Policy string: Authorization policy. Can be either accept or drop.

groupDesc String: The description of the security group that owns the rules.
groupId String
groupName String: The name of the security group that owns the rules.
id String: The provider-assigned unique ID for this managed resource.
rules List<GetSecurityGroupRulesRule>: A list of security group rules. Each element contains the following attributes:
direction String: Authorization direction, ingress or egress.
ipProtocol String: The protocol. Can be tcp, udp, icmp, gre or all.
nicType String: Network type, internet or intranet.
outputFile String
policy String: Authorization policy. Can be either accept or drop.

groupDesc string: The description of the security group that owns the rules.
groupId string
groupName string: The name of the security group that owns the rules.
id string: The provider-assigned unique ID for this managed resource.
rules GetSecurityGroupRulesRule[]: A list of security group rules. Each element contains the following attributes:
direction string: Authorization direction, ingress or egress.
ipProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
nicType string: Network type, internet or intranet.
outputFile string
policy string: Authorization policy. Can be either accept or drop.

group_desc str: The description of the security group that owns the rules.
group_id str
group_name str: The name of the security group that owns the rules.
id str: The provider-assigned unique ID for this managed resource.
rules Sequence[GetSecurityGroupRulesRule]: A list of security group rules. Each element contains the following attributes:
direction str: Authorization direction, ingress or egress.
ip_protocol str: The protocol. Can be tcp, udp, icmp, gre or all.
nic_type str: Network type, internet or intranet.
output_file str
policy str: Authorization policy. Can be either accept or drop.

groupDesc String: The description of the security group that owns the rules.
groupId String
groupName String: The name of the security group that owns the rules.
id String: The provider-assigned unique ID for this managed resource.
rules List<Property Map>: A list of security group rules. Each element contains the following attributes:
direction String: Authorization direction, ingress or egress.
ipProtocol String: The protocol. Can be tcp, udp, icmp, gre or all.
nicType String: Network type, internet or intranet.
outputFile String
policy String: Authorization policy. Can be either accept or drop.

Supporting Types

GetSecurityGroupRulesRule

Description string: The description of the rule.
DestCidrIp string: Target IP address segment for egress authorization.
DestGroupId string: Target security group id for ingress authorization.
DestGroupOwnerAccount string: Alibaba Cloud account of the target security group.
Direction string: Authorization direction. Valid values are: ingress or egress.
IpProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
NicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
Policy string: Authorization policy. Can be either accept or drop. The default value is accept.
PortRange string: The range of port numbers.
Priority int: Rule priority.
SourceCidrIp string: Source IP address segment for ingress authorization.
SourceGroupId string: Source security group ID for ingress authorization.
SourceGroupOwnerAccount string: Alibaba Cloud account of the source security group.

Description string: The description of the rule.
DestCidrIp string: Target IP address segment for egress authorization.
DestGroupId string: Target security group id for ingress authorization.
DestGroupOwnerAccount string: Alibaba Cloud account of the target security group.
Direction string: Authorization direction. Valid values are: ingress or egress.
IpProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
NicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
Policy string: Authorization policy. Can be either accept or drop. The default value is accept.
PortRange string: The range of port numbers.
Priority int: Rule priority.
SourceCidrIp string: Source IP address segment for ingress authorization.
SourceGroupId string: Source security group ID for ingress authorization.
SourceGroupOwnerAccount string: Alibaba Cloud account of the source security group.

description String: The description of the rule.
destCidrIp String: Target IP address segment for egress authorization.
destGroupId String: Target security group id for ingress authorization.
destGroupOwnerAccount String: Alibaba Cloud account of the target security group.
direction String: Authorization direction. Valid values are: ingress or egress.
ipProtocol String: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nicType String: Refers to the network type. Can be either internet or intranet. The default value is internet.
policy String: Authorization policy. Can be either accept or drop. The default value is accept.
portRange String: The range of port numbers.
priority Integer: Rule priority.
sourceCidrIp String: Source IP address segment for ingress authorization.
sourceGroupId String: Source security group ID for ingress authorization.
sourceGroupOwnerAccount String: Alibaba Cloud account of the source security group.

description string: The description of the rule.
destCidrIp string: Target IP address segment for egress authorization.
destGroupId string: Target security group id for ingress authorization.
destGroupOwnerAccount string: Alibaba Cloud account of the target security group.
direction string: Authorization direction. Valid values are: ingress or egress.
ipProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
policy string: Authorization policy. Can be either accept or drop. The default value is accept.
portRange string: The range of port numbers.
priority number: Rule priority.
sourceCidrIp string: Source IP address segment for ingress authorization.
sourceGroupId string: Source security group ID for ingress authorization.
sourceGroupOwnerAccount string: Alibaba Cloud account of the source security group.

description str: The description of the rule.
dest_cidr_ip str: Target IP address segment for egress authorization.
dest_group_id str: Target security group id for ingress authorization.
dest_group_owner_account str: Alibaba Cloud account of the target security group.
direction str: Authorization direction. Valid values are: ingress or egress.
ip_protocol str: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nic_type str: Refers to the network type. Can be either internet or intranet. The default value is internet.
policy str: Authorization policy. Can be either accept or drop. The default value is accept.
port_range str: The range of port numbers.
priority int: Rule priority.
source_cidr_ip str: Source IP address segment for ingress authorization.
source_group_id str: Source security group ID for ingress authorization.
source_group_owner_account str: Alibaba Cloud account of the source security group.

description String: The description of the rule.
destCidrIp String: Target IP address segment for egress authorization.
destGroupId String: Target security group id for ingress authorization.
destGroupOwnerAccount String: Alibaba Cloud account of the target security group.
direction String: Authorization direction. Valid values are: ingress or egress.
ipProtocol String: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nicType String: Refers to the network type. Can be either internet or intranet. The default value is internet.
policy String: Authorization policy. Can be either accept or drop. The default value is accept.
portRange String: The range of port numbers.
priority Number: Rule priority.
sourceCidrIp String: Source IP address segment for ingress authorization.
sourceGroupId String: Source security group ID for ingress authorization.
sourceGroupOwnerAccount String: Alibaba Cloud account of the source security group.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.53.0 published on Wednesday, Apr 17, 2024 by Pulumi

pulumi/pulumi-alicloud

alicloud.ecs.getSecurityGroupRules

On this page

On this page

Example Usage

Using getSecurityGroupRules

getSecurityGroupRules Result

Supporting Types

GetSecurityGroupRulesRule

Package Details

On this page

On this page