1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. Core
  5. NetworkSecurityGroupSecurityRule
Oracle Cloud Infrastructure v1.29.0 published on Thursday, Mar 28, 2024 by Pulumi

oci.Core.NetworkSecurityGroupSecurityRule

Explore with Pulumi AI

oci logo
Oracle Cloud Infrastructure v1.29.0 published on Thursday, Mar 28, 2024 by Pulumi

    This resource provides the Network Security Group Security Rule resource in Oracle Cloud Infrastructure Core service.

    Adds a security rule to the specified network security group.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as oci from "@pulumi/oci";
    
    const testNetworkSecurityGroupSecurityRule = new oci.core.NetworkSecurityGroupSecurityRule("testNetworkSecurityGroupSecurityRule", {
        networkSecurityGroupId: oci_core_network_security_group.test_network_security_group.id,
        direction: _var.network_security_group_security_rule_direction,
        protocol: _var.network_security_group_security_rule_protocol,
        description: _var.network_security_group_security_rule_description,
        destination: _var.network_security_group_security_rule_destination,
        destinationType: _var.network_security_group_security_rule_destination_type,
        icmpOptions: {
            type: _var.network_security_group_security_rule_icmp_options_type,
            code: _var.network_security_group_security_rule_icmp_options_code,
        },
        source: _var.network_security_group_security_rule_source,
        sourceType: _var.network_security_group_security_rule_source_type,
        stateless: _var.network_security_group_security_rule_stateless,
        tcpOptions: {
            destinationPortRange: {
                max: _var.network_security_group_security_rule_tcp_options_destination_port_range_max,
                min: _var.network_security_group_security_rule_tcp_options_destination_port_range_min,
            },
            sourcePortRange: {
                max: _var.network_security_group_security_rule_tcp_options_source_port_range_max,
                min: _var.network_security_group_security_rule_tcp_options_source_port_range_min,
            },
        },
        udpOptions: {
            destinationPortRange: {
                max: _var.network_security_group_security_rule_udp_options_destination_port_range_max,
                min: _var.network_security_group_security_rule_udp_options_destination_port_range_min,
            },
            sourcePortRange: {
                max: _var.network_security_group_security_rule_udp_options_source_port_range_max,
                min: _var.network_security_group_security_rule_udp_options_source_port_range_min,
            },
        },
    });
    
    import pulumi
    import pulumi_oci as oci
    
    test_network_security_group_security_rule = oci.core.NetworkSecurityGroupSecurityRule("testNetworkSecurityGroupSecurityRule",
        network_security_group_id=oci_core_network_security_group["test_network_security_group"]["id"],
        direction=var["network_security_group_security_rule_direction"],
        protocol=var["network_security_group_security_rule_protocol"],
        description=var["network_security_group_security_rule_description"],
        destination=var["network_security_group_security_rule_destination"],
        destination_type=var["network_security_group_security_rule_destination_type"],
        icmp_options=oci.core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs(
            type=var["network_security_group_security_rule_icmp_options_type"],
            code=var["network_security_group_security_rule_icmp_options_code"],
        ),
        source=var["network_security_group_security_rule_source"],
        source_type=var["network_security_group_security_rule_source_type"],
        stateless=var["network_security_group_security_rule_stateless"],
        tcp_options=oci.core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs(
            destination_port_range=oci.core.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs(
                max=var["network_security_group_security_rule_tcp_options_destination_port_range_max"],
                min=var["network_security_group_security_rule_tcp_options_destination_port_range_min"],
            ),
            source_port_range=oci.core.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs(
                max=var["network_security_group_security_rule_tcp_options_source_port_range_max"],
                min=var["network_security_group_security_rule_tcp_options_source_port_range_min"],
            ),
        ),
        udp_options=oci.core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs(
            destination_port_range=oci.core.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs(
                max=var["network_security_group_security_rule_udp_options_destination_port_range_max"],
                min=var["network_security_group_security_rule_udp_options_destination_port_range_min"],
            ),
            source_port_range=oci.core.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs(
                max=var["network_security_group_security_rule_udp_options_source_port_range_max"],
                min=var["network_security_group_security_rule_udp_options_source_port_range_min"],
            ),
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-oci/sdk/go/oci/Core"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := Core.NewNetworkSecurityGroupSecurityRule(ctx, "testNetworkSecurityGroupSecurityRule", &Core.NetworkSecurityGroupSecurityRuleArgs{
    			NetworkSecurityGroupId: pulumi.Any(oci_core_network_security_group.Test_network_security_group.Id),
    			Direction:              pulumi.Any(_var.Network_security_group_security_rule_direction),
    			Protocol:               pulumi.Any(_var.Network_security_group_security_rule_protocol),
    			Description:            pulumi.Any(_var.Network_security_group_security_rule_description),
    			Destination:            pulumi.Any(_var.Network_security_group_security_rule_destination),
    			DestinationType:        pulumi.Any(_var.Network_security_group_security_rule_destination_type),
    			IcmpOptions: &core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs{
    				Type: pulumi.Any(_var.Network_security_group_security_rule_icmp_options_type),
    				Code: pulumi.Any(_var.Network_security_group_security_rule_icmp_options_code),
    			},
    			Source:     pulumi.Any(_var.Network_security_group_security_rule_source),
    			SourceType: pulumi.Any(_var.Network_security_group_security_rule_source_type),
    			Stateless:  pulumi.Any(_var.Network_security_group_security_rule_stateless),
    			TcpOptions: &core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs{
    				DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs{
    					Max: pulumi.Any(_var.Network_security_group_security_rule_tcp_options_destination_port_range_max),
    					Min: pulumi.Any(_var.Network_security_group_security_rule_tcp_options_destination_port_range_min),
    				},
    				SourcePortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs{
    					Max: pulumi.Any(_var.Network_security_group_security_rule_tcp_options_source_port_range_max),
    					Min: pulumi.Any(_var.Network_security_group_security_rule_tcp_options_source_port_range_min),
    				},
    			},
    			UdpOptions: &core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs{
    				DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs{
    					Max: pulumi.Any(_var.Network_security_group_security_rule_udp_options_destination_port_range_max),
    					Min: pulumi.Any(_var.Network_security_group_security_rule_udp_options_destination_port_range_min),
    				},
    				SourcePortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs{
    					Max: pulumi.Any(_var.Network_security_group_security_rule_udp_options_source_port_range_max),
    					Min: pulumi.Any(_var.Network_security_group_security_rule_udp_options_source_port_range_min),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Oci = Pulumi.Oci;
    
    return await Deployment.RunAsync(() => 
    {
        var testNetworkSecurityGroupSecurityRule = new Oci.Core.NetworkSecurityGroupSecurityRule("testNetworkSecurityGroupSecurityRule", new()
        {
            NetworkSecurityGroupId = oci_core_network_security_group.Test_network_security_group.Id,
            Direction = @var.Network_security_group_security_rule_direction,
            Protocol = @var.Network_security_group_security_rule_protocol,
            Description = @var.Network_security_group_security_rule_description,
            Destination = @var.Network_security_group_security_rule_destination,
            DestinationType = @var.Network_security_group_security_rule_destination_type,
            IcmpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs
            {
                Type = @var.Network_security_group_security_rule_icmp_options_type,
                Code = @var.Network_security_group_security_rule_icmp_options_code,
            },
            Source = @var.Network_security_group_security_rule_source,
            SourceType = @var.Network_security_group_security_rule_source_type,
            Stateless = @var.Network_security_group_security_rule_stateless,
            TcpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsArgs
            {
                DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs
                {
                    Max = @var.Network_security_group_security_rule_tcp_options_destination_port_range_max,
                    Min = @var.Network_security_group_security_rule_tcp_options_destination_port_range_min,
                },
                SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs
                {
                    Max = @var.Network_security_group_security_rule_tcp_options_source_port_range_max,
                    Min = @var.Network_security_group_security_rule_tcp_options_source_port_range_min,
                },
            },
            UdpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsArgs
            {
                DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs
                {
                    Max = @var.Network_security_group_security_rule_udp_options_destination_port_range_max,
                    Min = @var.Network_security_group_security_rule_udp_options_destination_port_range_min,
                },
                SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs
                {
                    Max = @var.Network_security_group_security_rule_udp_options_source_port_range_max,
                    Min = @var.Network_security_group_security_rule_udp_options_source_port_range_min,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.oci.Core.NetworkSecurityGroupSecurityRule;
    import com.pulumi.oci.Core.NetworkSecurityGroupSecurityRuleArgs;
    import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs;
    import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsArgs;
    import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs;
    import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs;
    import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsArgs;
    import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs;
    import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testNetworkSecurityGroupSecurityRule = new NetworkSecurityGroupSecurityRule("testNetworkSecurityGroupSecurityRule", NetworkSecurityGroupSecurityRuleArgs.builder()        
                .networkSecurityGroupId(oci_core_network_security_group.test_network_security_group().id())
                .direction(var_.network_security_group_security_rule_direction())
                .protocol(var_.network_security_group_security_rule_protocol())
                .description(var_.network_security_group_security_rule_description())
                .destination(var_.network_security_group_security_rule_destination())
                .destinationType(var_.network_security_group_security_rule_destination_type())
                .icmpOptions(NetworkSecurityGroupSecurityRuleIcmpOptionsArgs.builder()
                    .type(var_.network_security_group_security_rule_icmp_options_type())
                    .code(var_.network_security_group_security_rule_icmp_options_code())
                    .build())
                .source(var_.network_security_group_security_rule_source())
                .sourceType(var_.network_security_group_security_rule_source_type())
                .stateless(var_.network_security_group_security_rule_stateless())
                .tcpOptions(NetworkSecurityGroupSecurityRuleTcpOptionsArgs.builder()
                    .destinationPortRange(NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs.builder()
                        .max(var_.network_security_group_security_rule_tcp_options_destination_port_range_max())
                        .min(var_.network_security_group_security_rule_tcp_options_destination_port_range_min())
                        .build())
                    .sourcePortRange(NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs.builder()
                        .max(var_.network_security_group_security_rule_tcp_options_source_port_range_max())
                        .min(var_.network_security_group_security_rule_tcp_options_source_port_range_min())
                        .build())
                    .build())
                .udpOptions(NetworkSecurityGroupSecurityRuleUdpOptionsArgs.builder()
                    .destinationPortRange(NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs.builder()
                        .max(var_.network_security_group_security_rule_udp_options_destination_port_range_max())
                        .min(var_.network_security_group_security_rule_udp_options_destination_port_range_min())
                        .build())
                    .sourcePortRange(NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs.builder()
                        .max(var_.network_security_group_security_rule_udp_options_source_port_range_max())
                        .min(var_.network_security_group_security_rule_udp_options_source_port_range_min())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      testNetworkSecurityGroupSecurityRule:
        type: oci:Core:NetworkSecurityGroupSecurityRule
        properties:
          #Required
          networkSecurityGroupId: ${oci_core_network_security_group.test_network_security_group.id}
          direction: ${var.network_security_group_security_rule_direction}
          protocol: ${var.network_security_group_security_rule_protocol}
          #Optional
          description: ${var.network_security_group_security_rule_description}
          destination: ${var.network_security_group_security_rule_destination}
          destinationType: ${var.network_security_group_security_rule_destination_type}
          icmpOptions:
            type: ${var.network_security_group_security_rule_icmp_options_type}
            code: ${var.network_security_group_security_rule_icmp_options_code}
          source: ${var.network_security_group_security_rule_source}
          sourceType: ${var.network_security_group_security_rule_source_type}
          stateless: ${var.network_security_group_security_rule_stateless}
          tcpOptions:
            destinationPortRange:
              max: ${var.network_security_group_security_rule_tcp_options_destination_port_range_max}
              min: ${var.network_security_group_security_rule_tcp_options_destination_port_range_min}
            sourcePortRange:
              max: ${var.network_security_group_security_rule_tcp_options_source_port_range_max}
              min: ${var.network_security_group_security_rule_tcp_options_source_port_range_min}
          udpOptions:
            destinationPortRange:
              max: ${var.network_security_group_security_rule_udp_options_destination_port_range_max}
              min: ${var.network_security_group_security_rule_udp_options_destination_port_range_min}
            sourcePortRange:
              max: ${var.network_security_group_security_rule_udp_options_source_port_range_max}
              min: ${var.network_security_group_security_rule_udp_options_source_port_range_min}
    

    Create NetworkSecurityGroupSecurityRule Resource

    new NetworkSecurityGroupSecurityRule(name: string, args: NetworkSecurityGroupSecurityRuleArgs, opts?: CustomResourceOptions);
    @overload
    def NetworkSecurityGroupSecurityRule(resource_name: str,
                                         opts: Optional[ResourceOptions] = None,
                                         description: Optional[str] = None,
                                         destination: Optional[str] = None,
                                         destination_type: Optional[str] = None,
                                         direction: Optional[str] = None,
                                         icmp_options: Optional[_core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs] = None,
                                         network_security_group_id: Optional[str] = None,
                                         protocol: Optional[str] = None,
                                         source: Optional[str] = None,
                                         source_type: Optional[str] = None,
                                         stateless: Optional[bool] = None,
                                         tcp_options: Optional[_core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs] = None,
                                         udp_options: Optional[_core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs] = None)
    @overload
    def NetworkSecurityGroupSecurityRule(resource_name: str,
                                         args: NetworkSecurityGroupSecurityRuleArgs,
                                         opts: Optional[ResourceOptions] = None)
    func NewNetworkSecurityGroupSecurityRule(ctx *Context, name string, args NetworkSecurityGroupSecurityRuleArgs, opts ...ResourceOption) (*NetworkSecurityGroupSecurityRule, error)
    public NetworkSecurityGroupSecurityRule(string name, NetworkSecurityGroupSecurityRuleArgs args, CustomResourceOptions? opts = null)
    public NetworkSecurityGroupSecurityRule(String name, NetworkSecurityGroupSecurityRuleArgs args)
    public NetworkSecurityGroupSecurityRule(String name, NetworkSecurityGroupSecurityRuleArgs args, CustomResourceOptions options)
    
    type: oci:Core:NetworkSecurityGroupSecurityRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args NetworkSecurityGroupSecurityRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args NetworkSecurityGroupSecurityRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args NetworkSecurityGroupSecurityRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args NetworkSecurityGroupSecurityRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args NetworkSecurityGroupSecurityRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    NetworkSecurityGroupSecurityRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The NetworkSecurityGroupSecurityRule resource accepts the following input properties:

    Direction string
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    NetworkSecurityGroupId string
    The OCID of the network security group.
    Protocol string
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    Description string
    An optional description of your choice for the rule. Avoid entering confidential information.
    Destination string

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    DestinationType string

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    IcmpOptions NetworkSecurityGroupSecurityRuleIcmpOptions

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    Source string

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    SourceType string
    Type of source for the rule. Required if direction = INGRESS.
    Stateless bool
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    TcpOptions NetworkSecurityGroupSecurityRuleTcpOptions
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    UdpOptions NetworkSecurityGroupSecurityRuleUdpOptions
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    Direction string
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    NetworkSecurityGroupId string
    The OCID of the network security group.
    Protocol string
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    Description string
    An optional description of your choice for the rule. Avoid entering confidential information.
    Destination string

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    DestinationType string

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    IcmpOptions NetworkSecurityGroupSecurityRuleIcmpOptionsArgs

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    Source string

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    SourceType string
    Type of source for the rule. Required if direction = INGRESS.
    Stateless bool
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    TcpOptions NetworkSecurityGroupSecurityRuleTcpOptionsArgs
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    UdpOptions NetworkSecurityGroupSecurityRuleUdpOptionsArgs
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    direction String
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    networkSecurityGroupId String
    The OCID of the network security group.
    protocol String
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    description String
    An optional description of your choice for the rule. Avoid entering confidential information.
    destination String

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    destinationType String

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    icmpOptions NetworkSecurityGroupSecurityRuleIcmpOptions

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    source String

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    sourceType String
    Type of source for the rule. Required if direction = INGRESS.
    stateless Boolean
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    tcpOptions NetworkSecurityGroupSecurityRuleTcpOptions
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    udpOptions NetworkSecurityGroupSecurityRuleUdpOptions
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    direction string
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    networkSecurityGroupId string
    The OCID of the network security group.
    protocol string
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    description string
    An optional description of your choice for the rule. Avoid entering confidential information.
    destination string

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    destinationType string

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    icmpOptions NetworkSecurityGroupSecurityRuleIcmpOptions

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    source string

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    sourceType string
    Type of source for the rule. Required if direction = INGRESS.
    stateless boolean
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    tcpOptions NetworkSecurityGroupSecurityRuleTcpOptions
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    udpOptions NetworkSecurityGroupSecurityRuleUdpOptions
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    direction str
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    network_security_group_id str
    The OCID of the network security group.
    protocol str
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    description str
    An optional description of your choice for the rule. Avoid entering confidential information.
    destination str

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    destination_type str

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    icmp_options NetworkSecurityGroupSecurityRuleIcmpOptionsArgs

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    source str

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    source_type str
    Type of source for the rule. Required if direction = INGRESS.
    stateless bool
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    tcp_options NetworkSecurityGroupSecurityRuleTcpOptionsArgs
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    udp_options NetworkSecurityGroupSecurityRuleUdpOptionsArgs
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    direction String
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    networkSecurityGroupId String
    The OCID of the network security group.
    protocol String
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    description String
    An optional description of your choice for the rule. Avoid entering confidential information.
    destination String

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    destinationType String

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    icmpOptions Property Map

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    source String

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    sourceType String
    Type of source for the rule. Required if direction = INGRESS.
    stateless Boolean
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    tcpOptions Property Map
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    udpOptions Property Map
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the NetworkSecurityGroupSecurityRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    IsValid bool
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    TimeCreated string
    The date and time the security rule was created. Format defined by RFC3339.
    Id string
    The provider-assigned unique ID for this managed resource.
    IsValid bool
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    TimeCreated string
    The date and time the security rule was created. Format defined by RFC3339.
    id String
    The provider-assigned unique ID for this managed resource.
    isValid Boolean
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    timeCreated String
    The date and time the security rule was created. Format defined by RFC3339.
    id string
    The provider-assigned unique ID for this managed resource.
    isValid boolean
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    timeCreated string
    The date and time the security rule was created. Format defined by RFC3339.
    id str
    The provider-assigned unique ID for this managed resource.
    is_valid bool
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    time_created str
    The date and time the security rule was created. Format defined by RFC3339.
    id String
    The provider-assigned unique ID for this managed resource.
    isValid Boolean
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    timeCreated String
    The date and time the security rule was created. Format defined by RFC3339.

    Look up Existing NetworkSecurityGroupSecurityRule Resource

    Get an existing NetworkSecurityGroupSecurityRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: NetworkSecurityGroupSecurityRuleState, opts?: CustomResourceOptions): NetworkSecurityGroupSecurityRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            description: Optional[str] = None,
            destination: Optional[str] = None,
            destination_type: Optional[str] = None,
            direction: Optional[str] = None,
            icmp_options: Optional[_core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs] = None,
            is_valid: Optional[bool] = None,
            network_security_group_id: Optional[str] = None,
            protocol: Optional[str] = None,
            source: Optional[str] = None,
            source_type: Optional[str] = None,
            stateless: Optional[bool] = None,
            tcp_options: Optional[_core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs] = None,
            time_created: Optional[str] = None,
            udp_options: Optional[_core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs] = None) -> NetworkSecurityGroupSecurityRule
    func GetNetworkSecurityGroupSecurityRule(ctx *Context, name string, id IDInput, state *NetworkSecurityGroupSecurityRuleState, opts ...ResourceOption) (*NetworkSecurityGroupSecurityRule, error)
    public static NetworkSecurityGroupSecurityRule Get(string name, Input<string> id, NetworkSecurityGroupSecurityRuleState? state, CustomResourceOptions? opts = null)
    public static NetworkSecurityGroupSecurityRule get(String name, Output<String> id, NetworkSecurityGroupSecurityRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Description string
    An optional description of your choice for the rule. Avoid entering confidential information.
    Destination string

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    DestinationType string

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    Direction string
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    IcmpOptions NetworkSecurityGroupSecurityRuleIcmpOptions

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    IsValid bool
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    NetworkSecurityGroupId string
    The OCID of the network security group.
    Protocol string
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    Source string

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    SourceType string
    Type of source for the rule. Required if direction = INGRESS.
    Stateless bool
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    TcpOptions NetworkSecurityGroupSecurityRuleTcpOptions
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    TimeCreated string
    The date and time the security rule was created. Format defined by RFC3339.
    UdpOptions NetworkSecurityGroupSecurityRuleUdpOptions
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    Description string
    An optional description of your choice for the rule. Avoid entering confidential information.
    Destination string

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    DestinationType string

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    Direction string
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    IcmpOptions NetworkSecurityGroupSecurityRuleIcmpOptionsArgs

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    IsValid bool
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    NetworkSecurityGroupId string
    The OCID of the network security group.
    Protocol string
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    Source string

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    SourceType string
    Type of source for the rule. Required if direction = INGRESS.
    Stateless bool
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    TcpOptions NetworkSecurityGroupSecurityRuleTcpOptionsArgs
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    TimeCreated string
    The date and time the security rule was created. Format defined by RFC3339.
    UdpOptions NetworkSecurityGroupSecurityRuleUdpOptionsArgs
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    description String
    An optional description of your choice for the rule. Avoid entering confidential information.
    destination String

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    destinationType String

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    direction String
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    icmpOptions NetworkSecurityGroupSecurityRuleIcmpOptions

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    isValid Boolean
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    networkSecurityGroupId String
    The OCID of the network security group.
    protocol String
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    source String

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    sourceType String
    Type of source for the rule. Required if direction = INGRESS.
    stateless Boolean
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    tcpOptions NetworkSecurityGroupSecurityRuleTcpOptions
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    timeCreated String
    The date and time the security rule was created. Format defined by RFC3339.
    udpOptions NetworkSecurityGroupSecurityRuleUdpOptions
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    description string
    An optional description of your choice for the rule. Avoid entering confidential information.
    destination string

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    destinationType string

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    direction string
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    icmpOptions NetworkSecurityGroupSecurityRuleIcmpOptions

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    isValid boolean
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    networkSecurityGroupId string
    The OCID of the network security group.
    protocol string
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    source string

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    sourceType string
    Type of source for the rule. Required if direction = INGRESS.
    stateless boolean
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    tcpOptions NetworkSecurityGroupSecurityRuleTcpOptions
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    timeCreated string
    The date and time the security rule was created. Format defined by RFC3339.
    udpOptions NetworkSecurityGroupSecurityRuleUdpOptions
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    description str
    An optional description of your choice for the rule. Avoid entering confidential information.
    destination str

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    destination_type str

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    direction str
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    icmp_options NetworkSecurityGroupSecurityRuleIcmpOptionsArgs

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    is_valid bool
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    network_security_group_id str
    The OCID of the network security group.
    protocol str
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    source str

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    source_type str
    Type of source for the rule. Required if direction = INGRESS.
    stateless bool
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    tcp_options NetworkSecurityGroupSecurityRuleTcpOptionsArgs
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    time_created str
    The date and time the security rule was created. Format defined by RFC3339.
    udp_options NetworkSecurityGroupSecurityRuleUdpOptionsArgs
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    description String
    An optional description of your choice for the rule. Avoid entering confidential information.
    destination String

    Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    destinationType String

    Type of destination for the rule. Required if direction = EGRESS.

    Allowed values:

    direction String
    Direction of the security rule. Set to EGRESS for rules to allow outbound IP packets, or INGRESS for rules to allow inbound IP packets.
    icmpOptions Property Map

    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:

    If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.

    isValid Boolean
    Whether the rule is valid. The value is True when the rule is first created. If the rule's source or destination is a network security group, the value changes to False if that network security group is deleted.
    networkSecurityGroupId String
    The OCID of the network security group.
    protocol String
    The transport protocol. Specify either all or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    source String

    Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.

    Allowed values:

    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56 IPv6 addressing is supported for all commercial and government regions. See IPv6 Addresses.
    • The cidrBlock value for a Service, if you're setting up a security rule for traffic coming from a particular Service through a service gateway. For example: oci-phx-objectstorage.
    • The OCID of a NetworkSecurityGroup in the same VCN. The value can be the NSG that the rule belongs to if the rule's intent is to control traffic between VNICs in the same NSG.
    sourceType String
    Type of source for the rule. Required if direction = INGRESS.
    stateless Boolean
    A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    tcpOptions Property Map
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    timeCreated String
    The date and time the security rule was created. Format defined by RFC3339.
    udpOptions Property Map
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.

    Supporting Types

    NetworkSecurityGroupSecurityRuleIcmpOptions, NetworkSecurityGroupSecurityRuleIcmpOptionsArgs

    Type int
    The ICMP type.
    Code int
    The ICMP code (optional).
    Type int
    The ICMP type.
    Code int
    The ICMP code (optional).
    type Integer
    The ICMP type.
    code Integer
    The ICMP code (optional).
    type number
    The ICMP type.
    code number
    The ICMP code (optional).
    type int
    The ICMP type.
    code int
    The ICMP code (optional).
    type Number
    The ICMP type.
    code Number
    The ICMP code (optional).

    NetworkSecurityGroupSecurityRuleTcpOptions, NetworkSecurityGroupSecurityRuleTcpOptionsArgs

    NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRange, NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs

    Max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    Min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    Min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max Integer
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min Integer

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max number
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min number

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max Number
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min Number

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRange, NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs

    Max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    Min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    Min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max Integer
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min Integer

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max number
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min number

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max Number
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min Number

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    NetworkSecurityGroupSecurityRuleUdpOptions, NetworkSecurityGroupSecurityRuleUdpOptionsArgs

    NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRange, NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs

    Max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    Min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    Min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max Integer
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min Integer

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max number
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min number

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max Number
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min Number

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRange, NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs

    Max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    Min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    Min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max Integer
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min Integer

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max number
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min number

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max int
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min int

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    max Number
    The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    min Number

    The minimum port number, which must not be greater than the maximum port number.

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Import

    NetworkSecurityGroupSecurityRule can be imported using the id, e.g.

    $ pulumi import oci:Core/networkSecurityGroupSecurityRule:NetworkSecurityGroupSecurityRule test_network_security_group_security_rule "networkSecurityGroups/{networkSecurityGroupId}/securityRules/{securityRuleId}"
    

    Package Details

    Repository
    oci pulumi/pulumi-oci
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the oci Terraform Provider.
    oci logo
    Oracle Cloud Infrastructure v1.29.0 published on Thursday, Mar 28, 2024 by Pulumi