Yandex

Pulumi Official
Package maintained by Pulumi
v0.13.0 published on Tuesday, Feb 22, 2022 by Pulumi

VpcSecurityGroupRule

Manages a single Secuirity Group Rule within the Yandex.Cloud. For more information, see the official documentation of security groups and security group rules.

NOTE: There is another way to manage security group rules by ingress and egress arguments in yandex_vpc_security_group. Both ways are equivalent but not compatible now. Using in-line rules of yandex.VpcSecurityGroup with Security Group Rule resource at the same time will cause a conflict of rules configuration.

Example Usage

using Pulumi;
using Yandex = Pulumi.Yandex;

class MyStack : Stack
{
    public MyStack()
    {
        var lab_net = new Yandex.VpcNetwork("lab-net", new Yandex.VpcNetworkArgs
        {
        });
        var group1 = new Yandex.VpcSecurityGroup("group1", new Yandex.VpcSecurityGroupArgs
        {
            Description = "description for my security group",
            NetworkId = lab_net.Id,
            Labels = 
            {
                { "my-label", "my-label-value" },
            },
        });
        var rule1 = new Yandex.VpcSecurityGroupRule("rule1", new Yandex.VpcSecurityGroupRuleArgs
        {
            SecurityGroupBinding = group1.Id,
            Direction = "ingress",
            Description = "rule1 description",
            V4CidrBlocks = 
            {
                "10.0.1.0/24",
                "10.0.2.0/24",
            },
            Port = 8080,
            Protocol = "TCP",
        });
        var rule2 = new Yandex.VpcSecurityGroupRule("rule2", new Yandex.VpcSecurityGroupRuleArgs
        {
            SecurityGroupBinding = group1.Id,
            Direction = "egress",
            Description = "rule2 description",
            V4CidrBlocks = 
            {
                "10.0.1.0/24",
            },
            FromPort = 8090,
            ToPort = 8099,
            Protocol = "UDP",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-yandex/sdk/go/yandex"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := yandex.NewVpcNetwork(ctx, "lab-net", nil)
		if err != nil {
			return err
		}
		group1, err := yandex.NewVpcSecurityGroup(ctx, "group1", &yandex.VpcSecurityGroupArgs{
			Description: pulumi.String("description for my security group"),
			NetworkId:   lab_net.ID(),
			Labels: pulumi.StringMap{
				"my-label": pulumi.String("my-label-value"),
			},
		})
		if err != nil {
			return err
		}
		_, err = yandex.NewVpcSecurityGroupRule(ctx, "rule1", &yandex.VpcSecurityGroupRuleArgs{
			SecurityGroupBinding: group1.ID(),
			Direction:            pulumi.String("ingress"),
			Description:          pulumi.String("rule1 description"),
			V4CidrBlocks: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
				pulumi.String("10.0.2.0/24"),
			},
			Port:     pulumi.Int(8080),
			Protocol: pulumi.String("TCP"),
		})
		if err != nil {
			return err
		}
		_, err = yandex.NewVpcSecurityGroupRule(ctx, "rule2", &yandex.VpcSecurityGroupRuleArgs{
			SecurityGroupBinding: group1.ID(),
			Direction:            pulumi.String("egress"),
			Description:          pulumi.String("rule2 description"),
			V4CidrBlocks: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
			},
			FromPort: pulumi.Int(8090),
			ToPort:   pulumi.Int(8099),
			Protocol: pulumi.String("UDP"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_yandex as yandex

lab_net = yandex.VpcNetwork("lab-net")
group1 = yandex.VpcSecurityGroup("group1",
    description="description for my security group",
    network_id=lab_net.id,
    labels={
        "my-label": "my-label-value",
    })
rule1 = yandex.VpcSecurityGroupRule("rule1",
    security_group_binding=group1.id,
    direction="ingress",
    description="rule1 description",
    v4_cidr_blocks=[
        "10.0.1.0/24",
        "10.0.2.0/24",
    ],
    port=8080,
    protocol="TCP")
rule2 = yandex.VpcSecurityGroupRule("rule2",
    security_group_binding=group1.id,
    direction="egress",
    description="rule2 description",
    v4_cidr_blocks=["10.0.1.0/24"],
    from_port=8090,
    to_port=8099,
    protocol="UDP")
import * as pulumi from "@pulumi/pulumi";
import * as yandex from "@pulumi/yandex";

const lab_net = new yandex.VpcNetwork("lab-net", {});
const group1 = new yandex.VpcSecurityGroup("group1", {
    description: "description for my security group",
    networkId: lab_net.id,
    labels: {
        "my-label": "my-label-value",
    },
});
const rule1 = new yandex.VpcSecurityGroupRule("rule1", {
    securityGroupBinding: group1.id,
    direction: "ingress",
    description: "rule1 description",
    v4CidrBlocks: [
        "10.0.1.0/24",
        "10.0.2.0/24",
    ],
    port: 8080,
    protocol: "TCP",
});
const rule2 = new yandex.VpcSecurityGroupRule("rule2", {
    securityGroupBinding: group1.id,
    direction: "egress",
    description: "rule2 description",
    v4CidrBlocks: ["10.0.1.0/24"],
    fromPort: 8090,
    toPort: 8099,
    protocol: "UDP",
});

Coming soon!

Create a VpcSecurityGroupRule Resource

new VpcSecurityGroupRule(name: string, args: VpcSecurityGroupRuleArgs, opts?: CustomResourceOptions);
@overload
def VpcSecurityGroupRule(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         description: Optional[str] = None,
                         direction: Optional[str] = None,
                         from_port: Optional[int] = None,
                         labels: Optional[Mapping[str, str]] = None,
                         port: Optional[int] = None,
                         predefined_target: Optional[str] = None,
                         protocol: Optional[str] = None,
                         security_group_binding: Optional[str] = None,
                         security_group_id: Optional[str] = None,
                         to_port: Optional[int] = None,
                         v4_cidr_blocks: Optional[Sequence[str]] = None,
                         v6_cidr_blocks: Optional[Sequence[str]] = None)
@overload
def VpcSecurityGroupRule(resource_name: str,
                         args: VpcSecurityGroupRuleArgs,
                         opts: Optional[ResourceOptions] = None)
func NewVpcSecurityGroupRule(ctx *Context, name string, args VpcSecurityGroupRuleArgs, opts ...ResourceOption) (*VpcSecurityGroupRule, error)
public VpcSecurityGroupRule(string name, VpcSecurityGroupRuleArgs args, CustomResourceOptions? opts = null)
public VpcSecurityGroupRule(String name, VpcSecurityGroupRuleArgs args)
public VpcSecurityGroupRule(String name, VpcSecurityGroupRuleArgs args, CustomResourceOptions options)
type: yandex:VpcSecurityGroupRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args VpcSecurityGroupRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args VpcSecurityGroupRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args VpcSecurityGroupRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args VpcSecurityGroupRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args VpcSecurityGroupRuleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

VpcSecurityGroupRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The VpcSecurityGroupRule resource accepts the following input properties:

Direction string

direction of the rule. Can be ingress (inbound) or egress (outbound).

SecurityGroupBinding string

ID of the security group this rule belongs to.

Description string

Description of the rule.

FromPort int

Minimum port number.

Labels Dictionary<string, string>

Labels to assign to this rule.

Port int

Port number (if applied to a single port).

PredefinedTarget string

Special-purpose targets such as "self_security_group". See docs for possible options.

Protocol string

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

SecurityGroupId string

Target security group ID for this rule.

ToPort int

Maximum port number.

V4CidrBlocks List<string>

The blocks of IPv4 addresses for this rule.

V6CidrBlocks List<string>

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

Direction string

direction of the rule. Can be ingress (inbound) or egress (outbound).

SecurityGroupBinding string

ID of the security group this rule belongs to.

Description string

Description of the rule.

FromPort int

Minimum port number.

Labels map[string]string

Labels to assign to this rule.

Port int

Port number (if applied to a single port).

PredefinedTarget string

Special-purpose targets such as "self_security_group". See docs for possible options.

Protocol string

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

SecurityGroupId string

Target security group ID for this rule.

ToPort int

Maximum port number.

V4CidrBlocks []string

The blocks of IPv4 addresses for this rule.

V6CidrBlocks []string

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

direction String

direction of the rule. Can be ingress (inbound) or egress (outbound).

securityGroupBinding String

ID of the security group this rule belongs to.

description String

Description of the rule.

fromPort Integer

Minimum port number.

labels Map

Labels to assign to this rule.

port Integer

Port number (if applied to a single port).

predefinedTarget String

Special-purpose targets such as "self_security_group". See docs for possible options.

protocol String

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

securityGroupId String

Target security group ID for this rule.

toPort Integer

Maximum port number.

v4CidrBlocks List

The blocks of IPv4 addresses for this rule.

v6CidrBlocks List

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

direction string

direction of the rule. Can be ingress (inbound) or egress (outbound).

securityGroupBinding string

ID of the security group this rule belongs to.

description string

Description of the rule.

fromPort number

Minimum port number.

labels {[key: string]: string}

Labels to assign to this rule.

port number

Port number (if applied to a single port).

predefinedTarget string

Special-purpose targets such as "self_security_group". See docs for possible options.

protocol string

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

securityGroupId string

Target security group ID for this rule.

toPort number

Maximum port number.

v4CidrBlocks string[]

The blocks of IPv4 addresses for this rule.

v6CidrBlocks string[]

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

direction str

direction of the rule. Can be ingress (inbound) or egress (outbound).

security_group_binding str

ID of the security group this rule belongs to.

description str

Description of the rule.

from_port int

Minimum port number.

labels Mapping[str, str]

Labels to assign to this rule.

port int

Port number (if applied to a single port).

predefined_target str

Special-purpose targets such as "self_security_group". See docs for possible options.

protocol str

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

security_group_id str

Target security group ID for this rule.

to_port int

Maximum port number.

v4_cidr_blocks Sequence[str]

The blocks of IPv4 addresses for this rule.

v6_cidr_blocks Sequence[str]

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

direction String

direction of the rule. Can be ingress (inbound) or egress (outbound).

securityGroupBinding String

ID of the security group this rule belongs to.

description String

Description of the rule.

fromPort Number

Minimum port number.

labels Map

Labels to assign to this rule.

port Number

Port number (if applied to a single port).

predefinedTarget String

Special-purpose targets such as "self_security_group". See docs for possible options.

protocol String

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

securityGroupId String

Target security group ID for this rule.

toPort Number

Maximum port number.

v4CidrBlocks List

The blocks of IPv4 addresses for this rule.

v6CidrBlocks List

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

Outputs

All input properties are implicitly available as output properties. Additionally, the VpcSecurityGroupRule resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing VpcSecurityGroupRule Resource

Get an existing VpcSecurityGroupRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: VpcSecurityGroupRuleState, opts?: CustomResourceOptions): VpcSecurityGroupRule
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        direction: Optional[str] = None,
        from_port: Optional[int] = None,
        labels: Optional[Mapping[str, str]] = None,
        port: Optional[int] = None,
        predefined_target: Optional[str] = None,
        protocol: Optional[str] = None,
        security_group_binding: Optional[str] = None,
        security_group_id: Optional[str] = None,
        to_port: Optional[int] = None,
        v4_cidr_blocks: Optional[Sequence[str]] = None,
        v6_cidr_blocks: Optional[Sequence[str]] = None) -> VpcSecurityGroupRule
func GetVpcSecurityGroupRule(ctx *Context, name string, id IDInput, state *VpcSecurityGroupRuleState, opts ...ResourceOption) (*VpcSecurityGroupRule, error)
public static VpcSecurityGroupRule Get(string name, Input<string> id, VpcSecurityGroupRuleState? state, CustomResourceOptions? opts = null)
public static VpcSecurityGroupRule get(String name, Output<String> id, VpcSecurityGroupRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Description string

Description of the rule.

Direction string

direction of the rule. Can be ingress (inbound) or egress (outbound).

FromPort int

Minimum port number.

Labels Dictionary<string, string>

Labels to assign to this rule.

Port int

Port number (if applied to a single port).

PredefinedTarget string

Special-purpose targets such as "self_security_group". See docs for possible options.

Protocol string

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

SecurityGroupBinding string

ID of the security group this rule belongs to.

SecurityGroupId string

Target security group ID for this rule.

ToPort int

Maximum port number.

V4CidrBlocks List<string>

The blocks of IPv4 addresses for this rule.

V6CidrBlocks List<string>

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

Description string

Description of the rule.

Direction string

direction of the rule. Can be ingress (inbound) or egress (outbound).

FromPort int

Minimum port number.

Labels map[string]string

Labels to assign to this rule.

Port int

Port number (if applied to a single port).

PredefinedTarget string

Special-purpose targets such as "self_security_group". See docs for possible options.

Protocol string

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

SecurityGroupBinding string

ID of the security group this rule belongs to.

SecurityGroupId string

Target security group ID for this rule.

ToPort int

Maximum port number.

V4CidrBlocks []string

The blocks of IPv4 addresses for this rule.

V6CidrBlocks []string

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

description String

Description of the rule.

direction String

direction of the rule. Can be ingress (inbound) or egress (outbound).

fromPort Integer

Minimum port number.

labels Map

Labels to assign to this rule.

port Integer

Port number (if applied to a single port).

predefinedTarget String

Special-purpose targets such as "self_security_group". See docs for possible options.

protocol String

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

securityGroupBinding String

ID of the security group this rule belongs to.

securityGroupId String

Target security group ID for this rule.

toPort Integer

Maximum port number.

v4CidrBlocks List

The blocks of IPv4 addresses for this rule.

v6CidrBlocks List

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

description string

Description of the rule.

direction string

direction of the rule. Can be ingress (inbound) or egress (outbound).

fromPort number

Minimum port number.

labels {[key: string]: string}

Labels to assign to this rule.

port number

Port number (if applied to a single port).

predefinedTarget string

Special-purpose targets such as "self_security_group". See docs for possible options.

protocol string

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

securityGroupBinding string

ID of the security group this rule belongs to.

securityGroupId string

Target security group ID for this rule.

toPort number

Maximum port number.

v4CidrBlocks string[]

The blocks of IPv4 addresses for this rule.

v6CidrBlocks string[]

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

description str

Description of the rule.

direction str

direction of the rule. Can be ingress (inbound) or egress (outbound).

from_port int

Minimum port number.

labels Mapping[str, str]

Labels to assign to this rule.

port int

Port number (if applied to a single port).

predefined_target str

Special-purpose targets such as "self_security_group". See docs for possible options.

protocol str

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

security_group_binding str

ID of the security group this rule belongs to.

security_group_id str

Target security group ID for this rule.

to_port int

Maximum port number.

v4_cidr_blocks Sequence[str]

The blocks of IPv4 addresses for this rule.

v6_cidr_blocks Sequence[str]

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

description String

Description of the rule.

direction String

direction of the rule. Can be ingress (inbound) or egress (outbound).

fromPort Number

Minimum port number.

labels Map

Labels to assign to this rule.

port Number

Port number (if applied to a single port).

predefinedTarget String

Special-purpose targets such as "self_security_group". See docs for possible options.

protocol String

One of ANY, TCP, UDP, ICMP, IPV6_ICMP.

securityGroupBinding String

ID of the security group this rule belongs to.

securityGroupId String

Target security group ID for this rule.

toPort Number

Maximum port number.

v4CidrBlocks List

The blocks of IPv4 addresses for this rule.

v6CidrBlocks List

The blocks of IPv6 addresses for this rule. v6_cidr_blocks argument is currently not supported. It will be available in the future.

Package Details

Repository
https://github.com/pulumi/pulumi-yandex
License
Apache-2.0
Notes

This Pulumi package is based on the yandex Terraform Provider.