IsSecurityGroupRule

ibm 1.87.0-beta1, Dec 22 25

ibm 1.87.0-beta1 published on Monday, Dec 22, 2025 by ibm-cloud

Schema (JSON)

ibm-cloud/terraform-provider-ibm

ibm 1.87.0-beta1 published on Monday, Dec 22, 2025 by ibm-cloud

Schema (JSON)

ibm-cloud/terraform-provider-ibm

Create, update, or delete a security group rule. When you want to create a security group and security group rule for a virtual server instance in your VPC, you must create these resources in a specific order to avoid errors during the creation of your virtual server instance. For more information, about security group rule, see security in your VPC. Protocol all in older versions is replaced with icmp_tcp_udp from 1.87.0-beta1.

Note: VPC infrastructure services are a regional specific based endpoint, by default targets to us-south. Please make sure to target right region in the provider block as shown in the provider.tf file, if VPC service is created in region other than us-south.

provider.tf

import * as pulumi from "@pulumi/pulumi";

import pulumi

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;

return await Deployment.RunAsync(() => 
{
});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
    }
}

{}

Example Usage

In the following example, you create a different type of protocol rules.

Example coming soon!

Example coming soon!

Example coming soon!

Example coming soon!

Example coming soon!

resources:
  example:
    type: ibm:IsVpc
    properties:
      name: example-vpc
  exampleIsSecurityGroup:
    type: ibm:IsSecurityGroup
    name: example
    properties:
      name: example-security-group
      vpc: ${example.isVpcId}
  exampleIsSecurityGroupRule:
    type: ibm:IsSecurityGroupRule
    name: example
    properties:
      group: ${exampleIsSecurityGroup.isSecurityGroupId}
      direction: inbound
      remote: 127.0.0.1
      name: my-test-sg-rule-name
  example1:
    type: ibm:IsSecurityGroupRule
    properties:
      group: ${exampleIsSecurityGroup.isSecurityGroupId}
      direction: inbound
      remote: 127.0.0.1
      protocol: icmp
      code: 20
      type: 30
  example2:
    type: ibm:IsSecurityGroupRule
    properties:
      group: ${exampleIsSecurityGroup.isSecurityGroupId}
      direction: inbound
      remote: 127.0.0.1
      protocol: udp
      portMin: 805
      portMax: 807
  example3:
    type: ibm:IsSecurityGroupRule
    properties:
      group: ${exampleIsSecurityGroup.isSecurityGroupId}
      direction: egress
      remote: 127.0.0.1
      protocol: tcp
      portMin: 8080
      portMax: 8080
  exampleSecurityGroupRuleIcmp:
    type: ibm:IsSecurityGroupRule
    name: example_security_group_rule_icmp
    properties:
      group: ${exampleSecurityGroup.id}
      direction: inbound
      remote: 127.0.0.1
      protocol: icmp
  exampleSecurityGroupRuleUdp:
    type: ibm:IsSecurityGroupRule
    name: example_security_group_rule_udp
    properties:
      group: ${exampleSecurityGroup.id}
      direction: inbound
      remote: 127.0.0.1
      protocol: udp
  exampleSecurityGroupRuleTcp:
    type: ibm:IsSecurityGroupRule
    name: example_security_group_rule_tcp
    properties:
      group: ${exampleSecurityGroup.id}
      direction: inbound
      remote: 127.0.0.1
      protocol: tcp

Create IsSecurityGroupRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IsSecurityGroupRule(name: string, args: IsSecurityGroupRuleArgs, opts?: CustomResourceOptions);

@overload
def IsSecurityGroupRule(resource_name: str,
                        args: IsSecurityGroupRuleInitArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def IsSecurityGroupRule(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        group: Optional[str] = None,
                        direction: Optional[str] = None,
                        local: Optional[str] = None,
                        icmp: Optional[IsSecurityGroupRuleIcmpArgs] = None,
                        ip_version: Optional[str] = None,
                        is_security_group_rule_id: Optional[str] = None,
                        code: Optional[float] = None,
                        port_max: Optional[float] = None,
                        port_min: Optional[float] = None,
                        protocol: Optional[str] = None,
                        remote: Optional[str] = None,
                        tcp: Optional[IsSecurityGroupRuleTcpArgs] = None,
                        type: Optional[float] = None,
                        udp: Optional[IsSecurityGroupRuleUdpArgs] = None)

func NewIsSecurityGroupRule(ctx *Context, name string, args IsSecurityGroupRuleArgs, opts ...ResourceOption) (*IsSecurityGroupRule, error)

public IsSecurityGroupRule(string name, IsSecurityGroupRuleArgs args, CustomResourceOptions? opts = null)

public IsSecurityGroupRule(String name, IsSecurityGroupRuleArgs args)
public IsSecurityGroupRule(String name, IsSecurityGroupRuleArgs args, CustomResourceOptions options)

type: ibm:IsSecurityGroupRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args IsSecurityGroupRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IsSecurityGroupRuleInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IsSecurityGroupRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IsSecurityGroupRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IsSecurityGroupRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var isSecurityGroupRuleResource = new Ibm.IsSecurityGroupRule("isSecurityGroupRuleResource", new()
{
    Group = "string",
    Direction = "string",
    Local = "string",
    IpVersion = "string",
    IsSecurityGroupRuleId = "string",
    Code = 0,
    PortMax = 0,
    PortMin = 0,
    Protocol = "string",
    Remote = "string",
    Type = 0,
});

example, err := ibm.NewIsSecurityGroupRule(ctx, "isSecurityGroupRuleResource", &ibm.IsSecurityGroupRuleArgs{
	Group:                 pulumi.String("string"),
	Direction:             pulumi.String("string"),
	Local:                 pulumi.String("string"),
	IpVersion:             pulumi.String("string"),
	IsSecurityGroupRuleId: pulumi.String("string"),
	Code:                  pulumi.Float64(0),
	PortMax:               pulumi.Float64(0),
	PortMin:               pulumi.Float64(0),
	Protocol:              pulumi.String("string"),
	Remote:                pulumi.String("string"),
	Type:                  pulumi.Float64(0),
})

var isSecurityGroupRuleResource = new IsSecurityGroupRule("isSecurityGroupRuleResource", IsSecurityGroupRuleArgs.builder()
    .group("string")
    .direction("string")
    .local("string")
    .ipVersion("string")
    .isSecurityGroupRuleId("string")
    .code(0.0)
    .portMax(0.0)
    .portMin(0.0)
    .protocol("string")
    .remote("string")
    .type(0.0)
    .build());

is_security_group_rule_resource = ibm.IsSecurityGroupRule("isSecurityGroupRuleResource",
    group="string",
    direction="string",
    local="string",
    ip_version="string",
    is_security_group_rule_id="string",
    code=0,
    port_max=0,
    port_min=0,
    protocol="string",
    remote="string",
    type=0)

const isSecurityGroupRuleResource = new ibm.IsSecurityGroupRule("isSecurityGroupRuleResource", {
    group: "string",
    direction: "string",
    local: "string",
    ipVersion: "string",
    isSecurityGroupRuleId: "string",
    code: 0,
    portMax: 0,
    portMin: 0,
    protocol: "string",
    remote: "string",
    type: 0,
});

type: ibm:IsSecurityGroupRule
properties:
    code: 0
    direction: string
    group: string
    ipVersion: string
    isSecurityGroupRuleId: string
    local: string
    portMax: 0
    portMin: 0
    protocol: string
    remote: string
    type: 0

IsSecurityGroupRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IsSecurityGroupRule resource accepts the following input properties:

Direction string

The direction of the traffic either inbound or outbound.

Group string

The security group ID.

Code double

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

Icmp IsSecurityGroupRuleIcmp

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

IpVersion string

The IP version to enforce. The format of local.address, remote.address, local.cidr_block or remote.cidr_block must match this property, if they are used. If remote references a security group, then this rule only applies to IP addresses (network interfaces) in that group matching this IP version. Supported value is [ipv4].

IsSecurityGroupRuleId string

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

Local string

The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules). an IP address, a CIDR block.

PortMax double

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

PortMin double

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

Protocol string

The name of the network protocol.

Remote string

Security group ID, an IP address, a CIDR block, or a single security group identifier.

Tcp IsSecurityGroupRuleTcp

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

Type double

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

Udp IsSecurityGroupRuleUdp

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

Direction string

The direction of the traffic either inbound or outbound.

Group string

The security group ID.

Code float64

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

Icmp IsSecurityGroupRuleIcmpArgs

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

IpVersion string

IsSecurityGroupRuleId string

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

Local string

PortMax float64

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

PortMin float64

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

Protocol string

The name of the network protocol.

Remote string

Security group ID, an IP address, a CIDR block, or a single security group identifier.

Tcp IsSecurityGroupRuleTcpArgs

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

Type float64

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

Udp IsSecurityGroupRuleUdpArgs

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

direction String

The direction of the traffic either inbound or outbound.

group String

The security group ID.

code Double

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

icmp IsSecurityGroupRuleIcmp

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

ipVersion String

isSecurityGroupRuleId String

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

local String

portMax Double

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

portMin Double

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

protocol String

The name of the network protocol.

remote String

Security group ID, an IP address, a CIDR block, or a single security group identifier.

tcp IsSecurityGroupRuleTcp

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

type Double

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

udp IsSecurityGroupRuleUdp

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

direction string

The direction of the traffic either inbound or outbound.

group string

The security group ID.

code number

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

icmp IsSecurityGroupRuleIcmp

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

ipVersion string

isSecurityGroupRuleId string

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

local string

portMax number

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

portMin number

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

protocol string

The name of the network protocol.

remote string

Security group ID, an IP address, a CIDR block, or a single security group identifier.

tcp IsSecurityGroupRuleTcp

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

type number

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

udp IsSecurityGroupRuleUdp

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

direction str

The direction of the traffic either inbound or outbound.

group str

The security group ID.

code float

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

icmp IsSecurityGroupRuleIcmpArgs

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

ip_version str

is_security_group_rule_id str

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

local str

port_max float

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

port_min float

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

protocol str

The name of the network protocol.

remote str

Security group ID, an IP address, a CIDR block, or a single security group identifier.

tcp IsSecurityGroupRuleTcpArgs

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

type float

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

udp IsSecurityGroupRuleUdpArgs

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

direction String

The direction of the traffic either inbound or outbound.

group String

The security group ID.

code Number

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

icmp Property Map

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

ipVersion String

isSecurityGroupRuleId String

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

local String

portMax Number

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

portMin Number

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

protocol String

The name of the network protocol.

remote String

Security group ID, an IP address, a CIDR block, or a single security group identifier.

tcp Property Map

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

type Number

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

udp Property Map

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

Outputs

All input properties are implicitly available as output properties. Additionally, the IsSecurityGroupRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Name string: The name for this security group rule. The name must not be used by another rule in the security group.
RelatedCrn string: The crn of the Security Group
RuleId string: (String) The unique identifier of the rule.

Id string: The provider-assigned unique ID for this managed resource.
Name string: The name for this security group rule. The name must not be used by another rule in the security group.
RelatedCrn string: The crn of the Security Group
RuleId string: (String) The unique identifier of the rule.

id String: The provider-assigned unique ID for this managed resource.
name String: The name for this security group rule. The name must not be used by another rule in the security group.
relatedCrn String: The crn of the Security Group
ruleId String: (String) The unique identifier of the rule.

id string: The provider-assigned unique ID for this managed resource.
name string: The name for this security group rule. The name must not be used by another rule in the security group.
relatedCrn string: The crn of the Security Group
ruleId string: (String) The unique identifier of the rule.

id str: The provider-assigned unique ID for this managed resource.
name str: The name for this security group rule. The name must not be used by another rule in the security group.
related_crn str: The crn of the Security Group
rule_id str: (String) The unique identifier of the rule.

id String: The provider-assigned unique ID for this managed resource.
name String: The name for this security group rule. The name must not be used by another rule in the security group.
relatedCrn String: The crn of the Security Group
ruleId String: (String) The unique identifier of the rule.

Look up Existing IsSecurityGroupRule Resource

Get an existing IsSecurityGroupRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IsSecurityGroupRuleState, opts?: CustomResourceOptions): IsSecurityGroupRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        code: Optional[float] = None,
        direction: Optional[str] = None,
        group: Optional[str] = None,
        icmp: Optional[IsSecurityGroupRuleIcmpArgs] = None,
        ip_version: Optional[str] = None,
        is_security_group_rule_id: Optional[str] = None,
        local: Optional[str] = None,
        name: Optional[str] = None,
        port_max: Optional[float] = None,
        port_min: Optional[float] = None,
        protocol: Optional[str] = None,
        related_crn: Optional[str] = None,
        remote: Optional[str] = None,
        rule_id: Optional[str] = None,
        tcp: Optional[IsSecurityGroupRuleTcpArgs] = None,
        type: Optional[float] = None,
        udp: Optional[IsSecurityGroupRuleUdpArgs] = None) -> IsSecurityGroupRule

func GetIsSecurityGroupRule(ctx *Context, name string, id IDInput, state *IsSecurityGroupRuleState, opts ...ResourceOption) (*IsSecurityGroupRule, error)

public static IsSecurityGroupRule Get(string name, Input<string> id, IsSecurityGroupRuleState? state, CustomResourceOptions? opts = null)

public static IsSecurityGroupRule get(String name, Output<String> id, IsSecurityGroupRuleState state, CustomResourceOptions options)

resources:  _:    type: ibm:IsSecurityGroupRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Code double

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

Direction string

The direction of the traffic either inbound or outbound.

Group string

The security group ID.

Icmp IsSecurityGroupRuleIcmp

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

IpVersion string

IsSecurityGroupRuleId string

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

Local string

Name string

The name for this security group rule. The name must not be used by another rule in the security group.

PortMax double

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

PortMin double

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

Protocol string

The name of the network protocol.

RelatedCrn string

The crn of the Security Group

Remote string

Security group ID, an IP address, a CIDR block, or a single security group identifier.

RuleId string

(String) The unique identifier of the rule.

Tcp IsSecurityGroupRuleTcp

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

Type double

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

Udp IsSecurityGroupRuleUdp

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

Code float64

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

Direction string

The direction of the traffic either inbound or outbound.

Group string

The security group ID.

Icmp IsSecurityGroupRuleIcmpArgs

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

IpVersion string

IsSecurityGroupRuleId string

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

Local string

Name string

The name for this security group rule. The name must not be used by another rule in the security group.

PortMax float64

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

PortMin float64

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

Protocol string

The name of the network protocol.

RelatedCrn string

The crn of the Security Group

Remote string

Security group ID, an IP address, a CIDR block, or a single security group identifier.

RuleId string

(String) The unique identifier of the rule.

Tcp IsSecurityGroupRuleTcpArgs

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

Type float64

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

Udp IsSecurityGroupRuleUdpArgs

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

code Double

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

direction String

The direction of the traffic either inbound or outbound.

group String

The security group ID.

icmp IsSecurityGroupRuleIcmp

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

ipVersion String

isSecurityGroupRuleId String

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

local String

name String

The name for this security group rule. The name must not be used by another rule in the security group.

portMax Double

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

portMin Double

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

protocol String

The name of the network protocol.

relatedCrn String

The crn of the Security Group

remote String

Security group ID, an IP address, a CIDR block, or a single security group identifier.

ruleId String

(String) The unique identifier of the rule.

tcp IsSecurityGroupRuleTcp

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

type Double

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

udp IsSecurityGroupRuleUdp

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

code number

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

direction string

The direction of the traffic either inbound or outbound.

group string

The security group ID.

icmp IsSecurityGroupRuleIcmp

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

ipVersion string

isSecurityGroupRuleId string

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

local string

name string

The name for this security group rule. The name must not be used by another rule in the security group.

portMax number

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

portMin number

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

protocol string

The name of the network protocol.

relatedCrn string

The crn of the Security Group

remote string

Security group ID, an IP address, a CIDR block, or a single security group identifier.

ruleId string

(String) The unique identifier of the rule.

tcp IsSecurityGroupRuleTcp

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

type number

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

udp IsSecurityGroupRuleUdp

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

code float

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

direction str

The direction of the traffic either inbound or outbound.

group str

The security group ID.

icmp IsSecurityGroupRuleIcmpArgs

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

ip_version str

is_security_group_rule_id str

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

local str

name str

The name for this security group rule. The name must not be used by another rule in the security group.

port_max float

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

port_min float

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

protocol str

The name of the network protocol.

related_crn str

The crn of the Security Group

remote str

Security group ID, an IP address, a CIDR block, or a single security group identifier.

rule_id str

(String) The unique identifier of the rule.

tcp IsSecurityGroupRuleTcpArgs

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

type float

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

udp IsSecurityGroupRuleUdpArgs

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

code Number

The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.

direction String

The direction of the traffic either inbound or outbound.

group String

The security group ID.

icmp Property Map

A nested block describes the icmp protocol of this security group rule. icmp is deprecated and use protocol, code, and type argument instead.

Nested scheme for icmp:

Deprecated: Deprecated

ipVersion String

isSecurityGroupRuleId String

(String) The ID of the security group rule. The ID is composed of <security_group_id>.<security_group_rule_id>.

local String

name String

The name for this security group rule. The name must not be used by another rule in the security group.

portMax Number

The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.

portMin Number

The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

protocol String

The name of the network protocol.

relatedCrn String

The crn of the Security Group

remote String

Security group ID, an IP address, a CIDR block, or a single security group identifier.

ruleId String

(String) The unique identifier of the rule.

tcp Property Map

A nested block describes the tcp protocol of this security group rule. tcp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for tcp:

Deprecated: Deprecated

type Number

The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

udp Property Map

A nested block describes the udp protocol of this security group rule. udp is deprecated and use protocol, port_min, and port_max argument instead.

Nested scheme for udp:

Deprecated: Deprecated

Supporting Types

IsSecurityGroupRuleIcmp, IsSecurityGroupRuleIcmpArgs

Code double: The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.
Type double: The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

Code float64: The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.
Type float64: The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

code Double: The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.
type Double: The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

code number: The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.
type number: The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

code float: The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.
type float: The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

code Number: The ICMP traffic code to allow. Valid values from 0 to 255. If unspecified, all codes are allowed.
type Number: The ICMP traffic type to allow. Valid values from 0 to 254. If unspecified, all codes are allowed.

IsSecurityGroupRuleTcp, IsSecurityGroupRuleTcpArgs

PortMax double: The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.
PortMin double: The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

PortMax float64: The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.
PortMin float64: The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

portMax Double: The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.
portMin Double: The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

portMax number: The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.
portMin number: The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

port_max float: The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.
port_min float: The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

portMax Number: The TCP port range that includes the maximum bound. Valid values are from 1 to 65535.
portMin Number: The TCP port range that includes the minimum bound. Valid values are from 1 to 65535.

IsSecurityGroupRuleUdp, IsSecurityGroupRuleUdpArgs

PortMax double: The UDP port range that includes maximum bound. Valid values are from 1 to 65535.
Note: Note: If no protocol block is specified; it creates a rule with protocol icmp_tcp_udp. Protocol all in older versions is replaced with icmp_tcp_udp from 1.87.0-beta1.
PortMin double: The UDP port range that includes minimum bound. Valid values are from 1 to 65535.

PortMax float64: The UDP port range that includes maximum bound. Valid values are from 1 to 65535.
Note: Note: If no protocol block is specified; it creates a rule with protocol icmp_tcp_udp. Protocol all in older versions is replaced with icmp_tcp_udp from 1.87.0-beta1.
PortMin float64: The UDP port range that includes minimum bound. Valid values are from 1 to 65535.

portMax Double: The UDP port range that includes maximum bound. Valid values are from 1 to 65535.
Note: Note: If no protocol block is specified; it creates a rule with protocol icmp_tcp_udp. Protocol all in older versions is replaced with icmp_tcp_udp from 1.87.0-beta1.
portMin Double: The UDP port range that includes minimum bound. Valid values are from 1 to 65535.

portMax number: The UDP port range that includes maximum bound. Valid values are from 1 to 65535.
Note: Note: If no protocol block is specified; it creates a rule with protocol icmp_tcp_udp. Protocol all in older versions is replaced with icmp_tcp_udp from 1.87.0-beta1.
portMin number: The UDP port range that includes minimum bound. Valid values are from 1 to 65535.

port_max float: The UDP port range that includes maximum bound. Valid values are from 1 to 65535.
Note: Note: If no protocol block is specified; it creates a rule with protocol icmp_tcp_udp. Protocol all in older versions is replaced with icmp_tcp_udp from 1.87.0-beta1.
port_min float: The UDP port range that includes minimum bound. Valid values are from 1 to 65535.

portMax Number: The UDP port range that includes maximum bound. Valid values are from 1 to 65535.
Note: Note: If no protocol block is specified; it creates a rule with protocol icmp_tcp_udp. Protocol all in older versions is replaced with icmp_tcp_udp from 1.87.0-beta1.
portMin Number: The UDP port range that includes minimum bound. Valid values are from 1 to 65535.

Import

Using pulumi import. For example:

$ pulumi import ibm:index/isSecurityGroupRule:IsSecurityGroupRule example <security_group_id>/<security_group_rule_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.87.0-beta1 published on Monday, Dec 22, 2025 by ibm-cloud

Schema (JSON)

ibm-cloud/terraform-provider-ibm

ibm.IsSecurityGroupRule

On this page

On this page

Example Usage

Create IsSecurityGroupRule Resource

Constructor syntax

Parameters

Constructor example

IsSecurityGroupRule Resource Properties

Inputs

Outputs

Look up Existing IsSecurityGroupRule Resource

Supporting Types

IsSecurityGroupRuleIcmp, IsSecurityGroupRuleIcmpArgs

IsSecurityGroupRuleTcp, IsSecurityGroupRuleTcpArgs

IsSecurityGroupRuleUdp, IsSecurityGroupRuleUdpArgs

Import

Package Details

On this page

On this page