pulumi-alicloud-kotlin/com.pulumi.alicloud.ecs.kotlin/SecurityGroupRuleArgs

SecurityGroupRuleArgs

data class SecurityGroupRuleArgs(val cidrIp: Output<String>? = null, val description: Output<String>? = null, val ipProtocol: Output<String>? = null, val ipv6CidrIp: Output<String>? = null, val nicType: Output<String>? = null, val policy: Output<String>? = null, val portRange: Output<String>? = null, val prefixListId: Output<String>? = null, val priority: Output<Int>? = null, val securityGroupId: Output<String>? = null, val sourceGroupOwnerAccount: Output<String>? = null, val sourceSecurityGroupId: Output<String>? = null, val type: Output<String>? = null) : ConvertibleToJava<SecurityGroupRuleArgs>

Provides a security group rule resource. Represents a single ingress or egress group rule, which can be added to external Security Groups.

NOTE: nic_type should set to intranet when security group type is vpc or specifying the source_security_group_id. In this situation it does not distinguish between intranet and internet, the rule is effective on them both.

Example Usage

Basic Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ecs.SecurityGroup;
import com.pulumi.alicloud.ecs.SecurityGroupRule;
import com.pulumi.alicloud.ecs.SecurityGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var default_ = new SecurityGroup("default");
        var allowAllTcp = new SecurityGroupRule("allowAllTcp", SecurityGroupRuleArgs.builder()
            .type("ingress")
            .ipProtocol("tcp")
            .nicType("internet")
            .policy("accept")
            .portRange("1/65535")
            .priority(1)
            .securityGroupId(default_.id())
            .cidrIp("0.0.0.0/0")
            .build());
    }
}
Content copied to clipboard

Module Support

You can use the existing security-group module to create a security group and add several rules one-click.

Constructors

Link copied to clipboard
fun SecurityGroupRuleArgs(cidrIp: Output<String>? = null, description: Output<String>? = null, ipProtocol: Output<String>? = null, ipv6CidrIp: Output<String>? = null, nicType: Output<String>? = null, policy: Output<String>? = null, portRange: Output<String>? = null, prefixListId: Output<String>? = null, priority: Output<Int>? = null, securityGroupId: Output<String>? = null, sourceGroupOwnerAccount: Output<String>? = null, sourceSecurityGroupId: Output<String>? = null, type: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): SecurityGroupRuleArgs

Properties

Link copied to clipboard
val cidrIp: Output<String>? = null

The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.

Link copied to clipboard
val description: Output<String>? = null

The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.

Link copied to clipboard
val ipProtocol: Output<String>? = null

The protocol. Can be tcp, udp, icmp, gre or all.

Link copied to clipboard
val ipv6CidrIp: Output<String>? = null

Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.

Link copied to clipboard
val nicType: Output<String>? = null

Network type, can be either internet or intranet, the default value is internet.

Link copied to clipboard
val policy: Output<String>? = null

Authorization policy, can be either accept or drop, the default value is accept.

Link copied to clipboard
val portRange: Output<String>? = null

The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.

Link copied to clipboard
val prefixListId: Output<String>? = null

The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.

Link copied to clipboard
val priority: Output<Int>? = null

Authorization policy priority, with parameter values: 1-100, default value: 1.

Link copied to clipboard
val securityGroupId: Output<String>? = null

The security group to apply this rule to.

Link copied to clipboard
val sourceGroupOwnerAccount: Output<String>? = null

The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.

Link copied to clipboard
val sourceSecurityGroupId: Output<String>? = null

The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

Link copied to clipboard
val type: Output<String>? = null

The type of rule being created. Valid options are ingress (inbound) or egress (outbound).