get
suspend fun getSecurityGroupRules(argument: GetSecurityGroupRulesPlainArgs): GetSecurityGroupRulesResult
The alicloud.ecs.getSecurityGroupRules data source provides a collection of security permissions of a specific security group. Each collection item represents a single ingress or egress permission rule. The ID of the security group can be provided via a variable or the result from the other data source alicloud.ecs.getSecurityGroups.
Example Usage
The following example shows how to obtain details about a security group rule and how to pass its data to an instance at launch time.
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const securityGroupId = config.requireObject<any>("securityGroupId");
// Or get it from the alicloud_security_groups data source.
// Please note that the data source arguments must be enough to filter results to one security group.
const groupsDs = alicloud.ecs.getSecurityGroups({
nameRegex: "api",
});
// Filter the security group rule by group
const ingressRulesDs = groupsDs.then(groupsDs => alicloud.ecs.getSecurityGroupRules({
groupId: groupsDs.groups?.[0]?.id,
nicType: "internet",
direction: "ingress",
ipProtocol: "tcp",
}));
// Pass port_range to the backend service
const backend = new alicloud.ecs.Instance("backend", {userData: ingressRulesDs.then(ingressRulesDs => `config_service.sh --portrange=${ingressRulesDs.rules?.[0]?.portRange}`)});Content copied to clipboard
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
security_group_id = config.require_object("securityGroupId")
# Or get it from the alicloud_security_groups data source.
# Please note that the data source arguments must be enough to filter results to one security group.
groups_ds = alicloud.ecs.get_security_groups(name_regex="api")
# Filter the security group rule by group
ingress_rules_ds = alicloud.ecs.get_security_group_rules(group_id=groups_ds.groups[0].id,
nic_type="internet",
direction="ingress",
ip_protocol="tcp")
# Pass port_range to the backend service
backend = alicloud.ecs.Instance("backend", user_data=f"config_service.sh --portrange={ingress_rules_ds.rules[0].port_range}")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var securityGroupId = config.RequireObject<dynamic>("securityGroupId");
// Or get it from the alicloud_security_groups data source.
// Please note that the data source arguments must be enough to filter results to one security group.
var groupsDs = AliCloud.Ecs.GetSecurityGroups.Invoke(new()
{
NameRegex = "api",
});
// Filter the security group rule by group
var ingressRulesDs = AliCloud.Ecs.GetSecurityGroupRules.Invoke(new()
{
GroupId = groupsDs.Apply(getSecurityGroupsResult => getSecurityGroupsResult.Groups[0]?.Id),
NicType = "internet",
Direction = "ingress",
IpProtocol = "tcp",
});
// Pass port_range to the backend service
var backend = new AliCloud.Ecs.Instance("backend", new()
{
UserData = $"config_service.sh --portrange={ingressRulesDs.Apply(getSecurityGroupRulesResult => getSecurityGroupRulesResult.Rules[0]?.PortRange)}",
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ecs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
securityGroupId := cfg.RequireObject("securityGroupId")
// Or get it from the alicloud_security_groups data source.
// Please note that the data source arguments must be enough to filter results to one security group.
groupsDs, err := ecs.GetSecurityGroups(ctx, &ecs.GetSecurityGroupsArgs{
NameRegex: pulumi.StringRef("api"),
}, nil)
if err != nil {
return err
}
// Filter the security group rule by group
ingressRulesDs, err := ecs.GetSecurityGroupRules(ctx, &ecs.GetSecurityGroupRulesArgs{
GroupId: groupsDs.Groups[0].Id,
NicType: pulumi.StringRef("internet"),
Direction: pulumi.StringRef("ingress"),
IpProtocol: pulumi.StringRef("tcp"),
}, nil)
if err != nil {
return err
}
// Pass port_range to the backend service
_, err = ecs.NewInstance(ctx, "backend", &ecs.InstanceArgs{
UserData: pulumi.Sprintf("config_service.sh --portrange=%v", ingressRulesDs.Rules[0].PortRange),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ecs.EcsFunctions;
import com.pulumi.alicloud.ecs.inputs.GetSecurityGroupsArgs;
import com.pulumi.alicloud.ecs.inputs.GetSecurityGroupRulesArgs;
import com.pulumi.alicloud.ecs.Instance;
import com.pulumi.alicloud.ecs.InstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var securityGroupId = config.get("securityGroupId");
// Or get it from the alicloud_security_groups data source.
// Please note that the data source arguments must be enough to filter results to one security group.
final var groupsDs = EcsFunctions.getSecurityGroups(GetSecurityGroupsArgs.builder()
.nameRegex("api")
.build());
// Filter the security group rule by group
final var ingressRulesDs = EcsFunctions.getSecurityGroupRules(GetSecurityGroupRulesArgs.builder()
.groupId(groupsDs.groups()[0].id())
.nicType("internet")
.direction("ingress")
.ipProtocol("tcp")
.build());
// Pass port_range to the backend service
var backend = new Instance("backend", InstanceArgs.builder()
.userData(String.format("config_service.sh --portrange=%s", ingressRulesDs.rules()[0].portRange()))
.build());
}
}Content copied to clipboard
configuration:
# Get the security group id from a variable
securityGroupId:
type: dynamic
resources:
# Pass port_range to the backend service
backend:
type: alicloud:ecs:Instance
properties:
userData: config_service.sh --portrange=${ingressRulesDs.rules[0].portRange}
variables:
# Or get it from the alicloud_security_groups data source.
# Please note that the data source arguments must be enough to filter results to one security group.
groupsDs:
fn::invoke:
function: alicloud:ecs:getSecurityGroups
arguments:
nameRegex: api
# Filter the security group rule by group
ingressRulesDs:
fn::invoke:
function: alicloud:ecs:getSecurityGroupRules
arguments:
groupId: ${groupsDs.groups[0].id}
nicType: internet
direction: ingress
ipProtocol: tcpContent copied to clipboard
Return
A collection of values returned by getSecurityGroupRules.
Parameters
argument
A collection of arguments for invoking getSecurityGroupRules.
suspend fun getSecurityGroupRules(direction: String? = null, groupId: String, ipProtocol: String? = null, nicType: String? = null, outputFile: String? = null, policy: String? = null): GetSecurityGroupRulesResult
Return
A collection of values returned by getSecurityGroupRules.
Parameters
direction
Authorization direction. Valid values are: ingress or egress.
group
The ID of the security group that owns the rules.
ip
The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nic
Refers to the network type. Can be either internet or intranet. The default value is internet.
output
File name where to save data source results (after running pulumi preview).
policy
Authorization policy. Can be either accept or drop. The default value is accept.
See also
suspend fun getSecurityGroupRules(argument: suspend GetSecurityGroupRulesPlainArgsBuilder.() -> Unit): GetSecurityGroupRulesResult
Return
A collection of values returned by getSecurityGroupRules.
Parameters
argument
Builder for com.pulumi.alicloud.ecs.kotlin.inputs.GetSecurityGroupRulesPlainArgs.