Yandex

v0.10.0 published on Thursday, Nov 18, 2021 by Pulumi

VpcSecurityGroupRule

Manages a single Secuirity Group Rule within the Yandex.Cloud. For more information, see the official documentation of security groups and security group rules.

NOTE: There is another way to manage security group rules by ingress and egress arguments in yandex_vpc_security_group. Both ways are equivalent but not compatible now. Using in-line rules of yandex.VpcSecurityGroup with Security Group Rule resource at the same time will cause a conflict of rules configuration.

Example Usage

using Pulumi;
using Yandex = Pulumi.Yandex;

class MyStack : Stack
{
    public MyStack()
    {
        var lab_net = new Yandex.VpcNetwork("lab-net", new Yandex.VpcNetworkArgs
        {
        });
        var group1 = new Yandex.VpcSecurityGroup("group1", new Yandex.VpcSecurityGroupArgs
        {
            Description = "description for my security group",
            NetworkId = lab_net.Id,
            Labels = 
            {
                { "my-label", "my-label-value" },
            },
        });
        var rule1 = new Yandex.VpcSecurityGroupRule("rule1", new Yandex.VpcSecurityGroupRuleArgs
        {
            SecurityGroupBinding = group1.Id,
            Direction = "ingress",
            Description = "rule1 description",
            V4CidrBlocks = 
            {
                "10.0.1.0/24",
                "10.0.2.0/24",
            },
            Port = 8080,
            Protocol = "TCP",
        });
        var rule2 = new Yandex.VpcSecurityGroupRule("rule2", new Yandex.VpcSecurityGroupRuleArgs
        {
            SecurityGroupBinding = group1.Id,
            Direction = "egress",
            Description = "rule2 description",
            V4CidrBlocks = 
            {
                "10.0.1.0/24",
            },
            FromPort = 8090,
            ToPort = 8099,
            Protocol = "UDP",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-yandex/sdk/go/yandex"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := yandex.NewVpcNetwork(ctx, "lab_net", nil)
		if err != nil {
			return err
		}
		group1, err := yandex.NewVpcSecurityGroup(ctx, "group1", &yandex.VpcSecurityGroupArgs{
			Description: pulumi.String("description for my security group"),
			NetworkId:   lab_net.ID(),
			Labels: pulumi.StringMap{
				"my-label": pulumi.String("my-label-value"),
			},
		})
		if err != nil {
			return err
		}
		_, err = yandex.NewVpcSecurityGroupRule(ctx, "rule1", &yandex.VpcSecurityGroupRuleArgs{
			SecurityGroupBinding: group1.ID(),
			Direction:            pulumi.String("ingress"),
			Description:          pulumi.String("rule1 description"),
			V4CidrBlocks: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
				pulumi.String("10.0.2.0/24"),
			},
			Port:     pulumi.Int(8080),
			Protocol: pulumi.String("TCP"),
		})
		if err != nil {
			return err
		}
		_, err = yandex.NewVpcSecurityGroupRule(ctx, "rule2", &yandex.VpcSecurityGroupRuleArgs{
			SecurityGroupBinding: group1.ID(),
			Direction:            pulumi.String("egress"),
			Description:          pulumi.String("rule2 description"),
			V4CidrBlocks: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
			},
			FromPort: pulumi.Int(8090),
			ToPort:   pulumi.Int(8099),
			Protocol: pulumi.String("UDP"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_yandex as yandex

lab_net = yandex.VpcNetwork("lab-net")
group1 = yandex.VpcSecurityGroup("group1",
    description="description for my security group",
    network_id=lab_net.id,
    labels={
        "my-label": "my-label-value",
    })
rule1 = yandex.VpcSecurityGroupRule("rule1",
    security_group_binding=group1.id,
    direction="ingress",
    description="rule1 description",
    v4_cidr_blocks=[
        "10.0.1.0/24",
        "10.0.2.0/24",
    ],
    port=8080,
    protocol="TCP")
rule2 = yandex.VpcSecurityGroupRule("rule2",
    security_group_binding=group1.id,
    direction="egress",
    description="rule2 description",
    v4_cidr_blocks=["10.0.1.0/24"],
    from_port=8090,
    to_port=8099,
    protocol="UDP")
import * as pulumi from "@pulumi/pulumi";
import * as yandex from "@pulumi/yandex";

const lab_net = new yandex.VpcNetwork("lab-net", {});
const group1 = new yandex.VpcSecurityGroup("group1", {
    description: "description for my security group",
    networkId: lab_net.id,
    labels: {
        "my-label": "my-label-value",
    },
});
const rule1 = new yandex.VpcSecurityGroupRule("rule1", {
    securityGroupBinding: group1.id,
    direction: "ingress",
    description: "rule1 description",
    v4CidrBlocks: [
        "10.0.1.0/24",
        "10.0.2.0/24",
    ],
    port: 8080,
    protocol: "TCP",
});
const rule2 = new yandex.VpcSecurityGroupRule("rule2", {
    securityGroupBinding: group1.id,
    direction: "egress",
    description: "rule2 description",
    v4CidrBlocks: ["10.0.1.0/24"],
    fromPort: 8090,
    toPort: 8099,
    protocol: "UDP",
});

Create a VpcSecurityGroupRule Resource

new VpcSecurityGroupRule(name: string, args: VpcSecurityGroupRuleArgs, opts?: CustomResourceOptions);
@overload
def VpcSecurityGroupRule(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         description: Optional[str] = None,
                         direction: Optional[str] = None,
                         from_port: Optional[int] = None,
                         labels: Optional[Mapping[str, str]] = None,
                         port: Optional[int] = None,
                         predefined_target: Optional[str] = None,
                         protocol: Optional[str] = None,
                         security_group_binding: Optional[str] = None,
                         security_group_id: Optional[str] = None,
                         to_port: Optional[int] = None,
                         v4_cidr_blocks: Optional[Sequence[str]] = None,
                         v6_cidr_blocks: Optional[Sequence[str]] = None)
@overload
def VpcSecurityGroupRule(resource_name: str,
                         args: VpcSecurityGroupRuleArgs,
                         opts: Optional[ResourceOptions] = None)
func NewVpcSecurityGroupRule(ctx *Context, name string, args VpcSecurityGroupRuleArgs, opts ...ResourceOption) (*VpcSecurityGroupRule, error)
public VpcSecurityGroupRule(string name, VpcSecurityGroupRuleArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args VpcSecurityGroupRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args VpcSecurityGroupRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args VpcSecurityGroupRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args VpcSecurityGroupRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

VpcSecurityGroupRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The VpcSecurityGroupRule resource accepts the following input properties:

Direction string
direction of the rule. Can be ingress (inbound) or egress (outbound).
SecurityGroupBinding string
ID of the security group this rule belongs to.
Description string
Description of the rule.
FromPort int
Minimum port number.
Labels Dictionary<string, string>
Labels to assign to this rule.
Port int
Port number (if applied to a single port).
PredefinedTarget string
Special-purpose targets such as “self_security_group”. See docs for possible options.
Protocol string
One of ANY, TCP, UDP, ICMP, IPV6_ICMP.
SecurityGroupId string
Target security group ID for this rule.
ToPort int
Maximum port number.
V4CidrBlocks List<string>
The blocks of IPv4 addresses for this rule.
V6CidrBlocks List<string>
The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.
Direction string
direction of the rule. Can be ingress (inbound) or egress (outbound).
SecurityGroupBinding string
ID of the security group this rule belongs to.
Description string
Description of the rule.
FromPort int
Minimum port number.
Labels map[string]string
Labels to assign to this rule.
Port int
Port number (if applied to a single port).
PredefinedTarget string
Special-purpose targets such as “self_security_group”. See docs for possible options.
Protocol string
One of ANY, TCP, UDP, ICMP, IPV6_ICMP.
SecurityGroupId string
Target security group ID for this rule.
ToPort int
Maximum port number.
V4CidrBlocks []string
The blocks of IPv4 addresses for this rule.
V6CidrBlocks []string
The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.
direction string
direction of the rule. Can be ingress (inbound) or egress (outbound).
securityGroupBinding string
ID of the security group this rule belongs to.
description string
Description of the rule.
fromPort number
Minimum port number.
labels {[key: string]: string}
Labels to assign to this rule.
port number
Port number (if applied to a single port).
predefinedTarget string
Special-purpose targets such as “self_security_group”. See docs for possible options.
protocol string
One of ANY, TCP, UDP, ICMP, IPV6_ICMP.
securityGroupId string
Target security group ID for this rule.
toPort number
Maximum port number.
v4CidrBlocks string[]
The blocks of IPv4 addresses for this rule.
v6CidrBlocks string[]
The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.
direction str
direction of the rule. Can be ingress (inbound) or egress (outbound).
security_group_binding str
ID of the security group this rule belongs to.
description str
Description of the rule.
from_port int
Minimum port number.
labels Mapping[str, str]
Labels to assign to this rule.
port int
Port number (if applied to a single port).
predefined_target str
Special-purpose targets such as “self_security_group”. See docs for possible options.
protocol str
One of ANY, TCP, UDP, ICMP, IPV6_ICMP.
security_group_id str
Target security group ID for this rule.
to_port int
Maximum port number.
v4_cidr_blocks Sequence[str]
The blocks of IPv4 addresses for this rule.
v6_cidr_blocks Sequence[str]
The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

Outputs

All input properties are implicitly available as output properties. Additionally, the VpcSecurityGroupRule resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing VpcSecurityGroupRule Resource

Get an existing VpcSecurityGroupRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VpcSecurityGroupRuleState, opts?: CustomResourceOptions): VpcSecurityGroupRule
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        direction: Optional[str] = None,
        from_port: Optional[int] = None,
        labels: Optional[Mapping[str, str]] = None,
        port: Optional[int] = None,
        predefined_target: Optional[str] = None,
        protocol: Optional[str] = None,
        security_group_binding: Optional[str] = None,
        security_group_id: Optional[str] = None,
        to_port: Optional[int] = None,
        v4_cidr_blocks: Optional[Sequence[str]] = None,
        v6_cidr_blocks: Optional[Sequence[str]] = None) -> VpcSecurityGroupRule
func GetVpcSecurityGroupRule(ctx *Context, name string, id IDInput, state *VpcSecurityGroupRuleState, opts ...ResourceOption) (*VpcSecurityGroupRule, error)
public static VpcSecurityGroupRule Get(string name, Input<string> id, VpcSecurityGroupRuleState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string
Description of the rule.
Direction string
direction of the rule. Can be ingress (inbound) or egress (outbound).
FromPort int
Minimum port number.
Labels Dictionary<string, string>
Labels to assign to this rule.
Port int
Port number (if applied to a single port).
PredefinedTarget string
Special-purpose targets such as “self_security_group”. See docs for possible options.
Protocol string
One of ANY, TCP, UDP, ICMP, IPV6_ICMP.
SecurityGroupBinding string
ID of the security group this rule belongs to.
SecurityGroupId string
Target security group ID for this rule.
ToPort int
Maximum port number.
V4CidrBlocks List<string>
The blocks of IPv4 addresses for this rule.
V6CidrBlocks List<string>
The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.
Description string
Description of the rule.
Direction string
direction of the rule. Can be ingress (inbound) or egress (outbound).
FromPort int
Minimum port number.
Labels map[string]string
Labels to assign to this rule.
Port int
Port number (if applied to a single port).
PredefinedTarget string
Special-purpose targets such as “self_security_group”. See docs for possible options.
Protocol string
One of ANY, TCP, UDP, ICMP, IPV6_ICMP.
SecurityGroupBinding string
ID of the security group this rule belongs to.
SecurityGroupId string
Target security group ID for this rule.
ToPort int
Maximum port number.
V4CidrBlocks []string
The blocks of IPv4 addresses for this rule.
V6CidrBlocks []string
The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.
description string
Description of the rule.
direction string
direction of the rule. Can be ingress (inbound) or egress (outbound).
fromPort number
Minimum port number.
labels {[key: string]: string}
Labels to assign to this rule.
port number
Port number (if applied to a single port).
predefinedTarget string
Special-purpose targets such as “self_security_group”. See docs for possible options.
protocol string
One of ANY, TCP, UDP, ICMP, IPV6_ICMP.
securityGroupBinding string
ID of the security group this rule belongs to.
securityGroupId string
Target security group ID for this rule.
toPort number
Maximum port number.
v4CidrBlocks string[]
The blocks of IPv4 addresses for this rule.
v6CidrBlocks string[]
The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.
description str
Description of the rule.
direction str
direction of the rule. Can be ingress (inbound) or egress (outbound).
from_port int
Minimum port number.
labels Mapping[str, str]
Labels to assign to this rule.
port int
Port number (if applied to a single port).
predefined_target str
Special-purpose targets such as “self_security_group”. See docs for possible options.
protocol str
One of ANY, TCP, UDP, ICMP, IPV6_ICMP.
security_group_binding str
ID of the security group this rule belongs to.
security_group_id str
Target security group ID for this rule.
to_port int
Maximum port number.
v4_cidr_blocks Sequence[str]
The blocks of IPv4 addresses for this rule.
v6_cidr_blocks Sequence[str]
The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

Package Details

Repository
https://github.com/pulumi/pulumi-yandex
License
Apache-2.0
Notes
This Pulumi package is based on the yandex Terraform Provider.