pulumi-alicloud-kotlin/com.pulumi.alicloud.ecs.kotlin/SecurityGroupRule

SecurityGroupRule

class SecurityGroupRule : KotlinCustomResource

Provides a security group rule resource. Represents a single ingress or egress group rule, which can be added to external Security Groups.

NOTE: nic_type should set to intranet when security group type is vpc or specifying the source_security_group_id. In this situation it does not distinguish between intranet and internet, the rule is effective on them both.

Example Usage

Basic Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ecs.SecurityGroup;
import com.pulumi.alicloud.ecs.SecurityGroupRule;
import com.pulumi.alicloud.ecs.SecurityGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var default_ = new SecurityGroup("default");
        var allowAllTcp = new SecurityGroupRule("allowAllTcp", SecurityGroupRuleArgs.builder()
            .type("ingress")
            .ipProtocol("tcp")
            .nicType("internet")
            .policy("accept")
            .portRange("1/65535")
            .priority(1)
            .securityGroupId(default_.id())
            .cidrIp("0.0.0.0/0")
            .build());
    }
}

Module Support

You can use the existing security-group module to create a security group and add several rules one-click.

Properties

cidrIp

val cidrIp: Output<String>?

The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.

description

val description: Output<String>?

The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.

val id: Output<String>

ipProtocol

val ipProtocol: Output<String>

The protocol. Can be tcp, udp, icmp, gre or all.

ipv6CidrIp

val ipv6CidrIp: Output<String>?

Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.

nicType

val nicType: Output<String>

Network type, can be either internet or intranet, the default value is internet.

policy

val policy: Output<String>?

Authorization policy, can be either accept or drop, the default value is accept.

portRange

val portRange: Output<String>?

The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.

prefixListId

val prefixListId: Output<String>

The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.

priority

val priority: Output<Int>?

Authorization policy priority, with parameter values: 1-100, default value: 1.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

securityGroupId

val securityGroupId: Output<String>

The security group to apply this rule to.

sourceGroupOwnerAccount

val sourceGroupOwnerAccount: Output<String>?

The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.

sourceSecurityGroupId

val sourceSecurityGroupId: Output<String>?

The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.

type

val type: Output<String>

The type of rule being created. Valid options are ingress (inbound) or egress (outbound).

urn

val urn: Output<String>