Alibaba Cloud v3.53.0, Apr 17 24

Alibaba Cloud v3.53.0 published on Wednesday, Apr 17, 2024 by Pulumi

alicloud.ecs.SecurityGroupRule

Explore with Pulumi AI

Alibaba Cloud v3.53.0 published on Wednesday, Apr 17, 2024 by Pulumi

pulumi/pulumi-alicloud

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const _default = new alicloud.ecs.SecurityGroup("default", {});
const allowAllTcp = new alicloud.ecs.SecurityGroupRule("allowAllTcp", {
    type: "ingress",
    ipProtocol: "tcp",
    nicType: "internet",
    policy: "accept",
    portRange: "1/65535",
    priority: 1,
    securityGroupId: _default.id,
    cidrIp: "0.0.0.0/0",
});

import pulumi
import pulumi_alicloud as alicloud

default = alicloud.ecs.SecurityGroup("default")
allow_all_tcp = alicloud.ecs.SecurityGroupRule("allowAllTcp",
    type="ingress",
    ip_protocol="tcp",
    nic_type="internet",
    policy="accept",
    port_range="1/65535",
    priority=1,
    security_group_id=default.id,
    cidr_ip="0.0.0.0/0")

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ecs"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ecs.NewSecurityGroup(ctx, "default", nil)
		if err != nil {
			return err
		}
		_, err = ecs.NewSecurityGroupRule(ctx, "allowAllTcp", &ecs.SecurityGroupRuleArgs{
			Type:            pulumi.String("ingress"),
			IpProtocol:      pulumi.String("tcp"),
			NicType:         pulumi.String("internet"),
			Policy:          pulumi.String("accept"),
			PortRange:       pulumi.String("1/65535"),
			Priority:        pulumi.Int(1),
			SecurityGroupId: _default.ID(),
			CidrIp:          pulumi.String("0.0.0.0/0"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var @default = new AliCloud.Ecs.SecurityGroup("default");

    var allowAllTcp = new AliCloud.Ecs.SecurityGroupRule("allowAllTcp", new()
    {
        Type = "ingress",
        IpProtocol = "tcp",
        NicType = "internet",
        Policy = "accept",
        PortRange = "1/65535",
        Priority = 1,
        SecurityGroupId = @default.Id,
        CidrIp = "0.0.0.0/0",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ecs.SecurityGroup;
import com.pulumi.alicloud.ecs.SecurityGroupRule;
import com.pulumi.alicloud.ecs.SecurityGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new SecurityGroup("default");

        var allowAllTcp = new SecurityGroupRule("allowAllTcp", SecurityGroupRuleArgs.builder()        
            .type("ingress")
            .ipProtocol("tcp")
            .nicType("internet")
            .policy("accept")
            .portRange("1/65535")
            .priority(1)
            .securityGroupId(default_.id())
            .cidrIp("0.0.0.0/0")
            .build());

    }
}

resources:
  default:
    type: alicloud:ecs:SecurityGroup
  allowAllTcp:
    type: alicloud:ecs:SecurityGroupRule
    properties:
      type: ingress
      ipProtocol: tcp
      nicType: internet
      policy: accept
      portRange: 1/65535
      priority: 1
      securityGroupId: ${default.id}
      cidrIp: 0.0.0.0/0

Module Support

You can use the existing security-group module to create a security group and add several rules one-click.

Create SecurityGroupRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecurityGroupRule(name: string, args: SecurityGroupRuleArgs, opts?: CustomResourceOptions);

@overload
def SecurityGroupRule(resource_name: str,
                      args: SecurityGroupRuleArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def SecurityGroupRule(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      security_group_id: Optional[str] = None,
                      type: Optional[str] = None,
                      ip_protocol: Optional[str] = None,
                      ipv6_cidr_ip: Optional[str] = None,
                      nic_type: Optional[str] = None,
                      policy: Optional[str] = None,
                      port_range: Optional[str] = None,
                      prefix_list_id: Optional[str] = None,
                      priority: Optional[int] = None,
                      cidr_ip: Optional[str] = None,
                      source_group_owner_account: Optional[str] = None,
                      source_security_group_id: Optional[str] = None,
                      description: Optional[str] = None)

func NewSecurityGroupRule(ctx *Context, name string, args SecurityGroupRuleArgs, opts ...ResourceOption) (*SecurityGroupRule, error)

public SecurityGroupRule(string name, SecurityGroupRuleArgs args, CustomResourceOptions? opts = null)

public SecurityGroupRule(String name, SecurityGroupRuleArgs args)
public SecurityGroupRule(String name, SecurityGroupRuleArgs args, CustomResourceOptions options)

type: alicloud:ecs:SecurityGroupRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecurityGroupRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecurityGroupRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecurityGroupRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecurityGroupRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecurityGroupRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Example

The following reference example uses placeholder values for all input properties.

var securityGroupRuleResource = new AliCloud.Ecs.SecurityGroupRule("securityGroupRuleResource", new()
{
    SecurityGroupId = "string",
    Type = "string",
    IpProtocol = "string",
    Ipv6CidrIp = "string",
    NicType = "string",
    Policy = "string",
    PortRange = "string",
    PrefixListId = "string",
    Priority = 0,
    CidrIp = "string",
    SourceGroupOwnerAccount = "string",
    SourceSecurityGroupId = "string",
    Description = "string",
});

example, err := ecs.NewSecurityGroupRule(ctx, "securityGroupRuleResource", &ecs.SecurityGroupRuleArgs{
	SecurityGroupId:         pulumi.String("string"),
	Type:                    pulumi.String("string"),
	IpProtocol:              pulumi.String("string"),
	Ipv6CidrIp:              pulumi.String("string"),
	NicType:                 pulumi.String("string"),
	Policy:                  pulumi.String("string"),
	PortRange:               pulumi.String("string"),
	PrefixListId:            pulumi.String("string"),
	Priority:                pulumi.Int(0),
	CidrIp:                  pulumi.String("string"),
	SourceGroupOwnerAccount: pulumi.String("string"),
	SourceSecurityGroupId:   pulumi.String("string"),
	Description:             pulumi.String("string"),
})

var securityGroupRuleResource = new SecurityGroupRule("securityGroupRuleResource", SecurityGroupRuleArgs.builder()        
    .securityGroupId("string")
    .type("string")
    .ipProtocol("string")
    .ipv6CidrIp("string")
    .nicType("string")
    .policy("string")
    .portRange("string")
    .prefixListId("string")
    .priority(0)
    .cidrIp("string")
    .sourceGroupOwnerAccount("string")
    .sourceSecurityGroupId("string")
    .description("string")
    .build());

security_group_rule_resource = alicloud.ecs.SecurityGroupRule("securityGroupRuleResource",
    security_group_id="string",
    type="string",
    ip_protocol="string",
    ipv6_cidr_ip="string",
    nic_type="string",
    policy="string",
    port_range="string",
    prefix_list_id="string",
    priority=0,
    cidr_ip="string",
    source_group_owner_account="string",
    source_security_group_id="string",
    description="string")

const securityGroupRuleResource = new alicloud.ecs.SecurityGroupRule("securityGroupRuleResource", {
    securityGroupId: "string",
    type: "string",
    ipProtocol: "string",
    ipv6CidrIp: "string",
    nicType: "string",
    policy: "string",
    portRange: "string",
    prefixListId: "string",
    priority: 0,
    cidrIp: "string",
    sourceGroupOwnerAccount: "string",
    sourceSecurityGroupId: "string",
    description: "string",
});

type: alicloud:ecs:SecurityGroupRule
properties:
    cidrIp: string
    description: string
    ipProtocol: string
    ipv6CidrIp: string
    nicType: string
    policy: string
    portRange: string
    prefixListId: string
    priority: 0
    securityGroupId: string
    sourceGroupOwnerAccount: string
    sourceSecurityGroupId: string
    type: string

SecurityGroupRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SecurityGroupRule resource accepts the following input properties:

IpProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
SecurityGroupId string: The security group to apply this rule to.
Type string: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).
CidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
Description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
Ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
NicType string: Network type, can be either internet or intranet, the default value is internet.
Policy string: Authorization policy, can be either accept or drop, the default value is accept.
PortRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
PrefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
Priority int: Authorization policy priority, with parameter values: 1-100, default value: 1.
SourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
SourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

IpProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
SecurityGroupId string: The security group to apply this rule to.
Type string: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).
CidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
Description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
Ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
NicType string: Network type, can be either internet or intranet, the default value is internet.
Policy string: Authorization policy, can be either accept or drop, the default value is accept.
PortRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
PrefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
Priority int: Authorization policy priority, with parameter values: 1-100, default value: 1.
SourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
SourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

ipProtocol String: The protocol. Can be tcp, udp, icmp, gre or all.
securityGroupId String: The security group to apply this rule to.
type String: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).
cidrIp String: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description String: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
ipv6CidrIp String: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
nicType String: Network type, can be either internet or intranet, the default value is internet.
policy String: Authorization policy, can be either accept or drop, the default value is accept.
portRange String: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId String: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority Integer: Authorization policy priority, with parameter values: 1-100, default value: 1.
sourceGroupOwnerAccount String: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId String: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

ipProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
securityGroupId string: The security group to apply this rule to.
type string: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).
cidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
nicType string: Network type, can be either internet or intranet, the default value is internet.
policy string: Authorization policy, can be either accept or drop, the default value is accept.
portRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority number: Authorization policy priority, with parameter values: 1-100, default value: 1.
sourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

ip_protocol str: The protocol. Can be tcp, udp, icmp, gre or all.
security_group_id str: The security group to apply this rule to.
type str: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).
cidr_ip str: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description str: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
ipv6_cidr_ip str: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
nic_type str: Network type, can be either internet or intranet, the default value is internet.
policy str: Authorization policy, can be either accept or drop, the default value is accept.
port_range str: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefix_list_id str: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority int: Authorization policy priority, with parameter values: 1-100, default value: 1.
source_group_owner_account str: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
source_security_group_id str: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

ipProtocol String: The protocol. Can be tcp, udp, icmp, gre or all.
securityGroupId String: The security group to apply this rule to.
type String: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).
cidrIp String: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description String: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
ipv6CidrIp String: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
nicType String: Network type, can be either internet or intranet, the default value is internet.
policy String: Authorization policy, can be either accept or drop, the default value is accept.
portRange String: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId String: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority Number: Authorization policy priority, with parameter values: 1-100, default value: 1.
sourceGroupOwnerAccount String: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId String: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityGroupRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SecurityGroupRule Resource

Get an existing SecurityGroupRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecurityGroupRuleState, opts?: CustomResourceOptions): SecurityGroupRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        cidr_ip: Optional[str] = None,
        description: Optional[str] = None,
        ip_protocol: Optional[str] = None,
        ipv6_cidr_ip: Optional[str] = None,
        nic_type: Optional[str] = None,
        policy: Optional[str] = None,
        port_range: Optional[str] = None,
        prefix_list_id: Optional[str] = None,
        priority: Optional[int] = None,
        security_group_id: Optional[str] = None,
        source_group_owner_account: Optional[str] = None,
        source_security_group_id: Optional[str] = None,
        type: Optional[str] = None) -> SecurityGroupRule

func GetSecurityGroupRule(ctx *Context, name string, id IDInput, state *SecurityGroupRuleState, opts ...ResourceOption) (*SecurityGroupRule, error)

public static SecurityGroupRule Get(string name, Input<string> id, SecurityGroupRuleState? state, CustomResourceOptions? opts = null)

public static SecurityGroupRule get(String name, Output<String> id, SecurityGroupRuleState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
Description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
IpProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
Ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
NicType string: Network type, can be either internet or intranet, the default value is internet.
Policy string: Authorization policy, can be either accept or drop, the default value is accept.
PortRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
PrefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
Priority int: Authorization policy priority, with parameter values: 1-100, default value: 1.
SecurityGroupId string: The security group to apply this rule to.
SourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
SourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
Type string: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).

CidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
Description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
IpProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
Ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
NicType string: Network type, can be either internet or intranet, the default value is internet.
Policy string: Authorization policy, can be either accept or drop, the default value is accept.
PortRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
PrefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
Priority int: Authorization policy priority, with parameter values: 1-100, default value: 1.
SecurityGroupId string: The security group to apply this rule to.
SourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
SourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
Type string: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).

cidrIp String: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description String: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
ipProtocol String: The protocol. Can be tcp, udp, icmp, gre or all.
ipv6CidrIp String: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
nicType String: Network type, can be either internet or intranet, the default value is internet.
policy String: Authorization policy, can be either accept or drop, the default value is accept.
portRange String: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId String: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority Integer: Authorization policy priority, with parameter values: 1-100, default value: 1.
securityGroupId String: The security group to apply this rule to.
sourceGroupOwnerAccount String: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId String: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
type String: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).

cidrIp string: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description string: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
ipProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
ipv6CidrIp string: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
nicType string: Network type, can be either internet or intranet, the default value is internet.
policy string: Authorization policy, can be either accept or drop, the default value is accept.
portRange string: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId string: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority number: Authorization policy priority, with parameter values: 1-100, default value: 1.
securityGroupId string: The security group to apply this rule to.
sourceGroupOwnerAccount string: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId string: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
type string: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).

cidr_ip str: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description str: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
ip_protocol str: The protocol. Can be tcp, udp, icmp, gre or all.
ipv6_cidr_ip str: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
nic_type str: Network type, can be either internet or intranet, the default value is internet.
policy str: Authorization policy, can be either accept or drop, the default value is accept.
port_range str: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefix_list_id str: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority int: Authorization policy priority, with parameter values: 1-100, default value: 1.
security_group_id str: The security group to apply this rule to.
source_group_owner_account str: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
source_security_group_id str: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
type str: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).

cidrIp String: The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.
description String: The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
ipProtocol String: The protocol. Can be tcp, udp, icmp, gre or all.
ipv6CidrIp String: Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
NOTE: You must specify one of the following field: cidr_ip,source_security_group_id,prefix_list_id,ipv6_cidr_ip.
nicType String: Network type, can be either internet or intranet, the default value is internet.
policy String: Authorization policy, can be either accept or drop, the default value is accept.
portRange String: The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
prefixListId String: The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
priority Number: Authorization policy priority, with parameter values: 1-100, default value: 1.
securityGroupId String: The security group to apply this rule to.
sourceGroupOwnerAccount String: The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
sourceSecurityGroupId String: The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.
type String: The type of rule being created. Valid options are ingress (inbound) or egress (outbound).

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.53.0 published on Wednesday, Apr 17, 2024 by Pulumi

pulumi/pulumi-alicloud

alicloud.ecs.SecurityGroupRule

On this page

On this page

Example Usage

Module Support

Create SecurityGroupRule Resource

Constructor syntax

Parameters

Example

SecurityGroupRule Resource Properties

Inputs

Outputs

Look up Existing SecurityGroupRule Resource

Package Details

On this page

On this page