Security
Provides a Security Group Rule resource. For information about Security Group Rule and how to use it, see What is Rule.
NOTE: Available since v0.1.0. Represents a single
ingressoregressgroup rule, which can be added to external Security Groups. NOTE:nic_typeshould set tointranetwhen security group type isvpcor specifying thesource_security_group_id. In this situation it does not distinguish between intranet and internet, the rule is effective on them both.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const _default = new alicloud.ecs.SecurityGroup("default", {securityGroupName: "default"});
const allowAllTcp = new alicloud.ecs.SecurityGroupRule("allow_all_tcp", {
type: "ingress",
ipProtocol: "tcp",
nicType: "intranet",
policy: "accept",
portRange: "1/65535",
priority: 1,
securityGroupId: _default.id,
cidrIp: "0.0.0.0/0",
});import pulumi
import pulumi_alicloud as alicloud
default = alicloud.ecs.SecurityGroup("default", security_group_name="default")
allow_all_tcp = alicloud.ecs.SecurityGroupRule("allow_all_tcp",
type="ingress",
ip_protocol="tcp",
nic_type="intranet",
policy="accept",
port_range="1/65535",
priority=1,
security_group_id=default.id,
cidr_ip="0.0.0.0/0")using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var @default = new AliCloud.Ecs.SecurityGroup("default", new()
{
SecurityGroupName = "default",
});
var allowAllTcp = new AliCloud.Ecs.SecurityGroupRule("allow_all_tcp", new()
{
Type = "ingress",
IpProtocol = "tcp",
NicType = "intranet",
Policy = "accept",
PortRange = "1/65535",
Priority = 1,
SecurityGroupId = @default.Id,
CidrIp = "0.0.0.0/0",
});
});package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/ecs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := ecs.NewSecurityGroup(ctx, "default", &ecs.SecurityGroupArgs{
SecurityGroupName: pulumi.String("default"),
})
if err != nil {
return err
}
_, err = ecs.NewSecurityGroupRule(ctx, "allow_all_tcp", &ecs.SecurityGroupRuleArgs{
Type: pulumi.String("ingress"),
IpProtocol: pulumi.String("tcp"),
NicType: pulumi.String("intranet"),
Policy: pulumi.String("accept"),
PortRange: pulumi.String("1/65535"),
Priority: pulumi.Int(1),
SecurityGroupId: _default.ID(),
CidrIp: pulumi.String("0.0.0.0/0"),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.ecs.SecurityGroup;
import com.pulumi.alicloud.ecs.SecurityGroupArgs;
import com.pulumi.alicloud.ecs.SecurityGroupRule;
import com.pulumi.alicloud.ecs.SecurityGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new SecurityGroup("default", SecurityGroupArgs.builder()
.securityGroupName("default")
.build());
var allowAllTcp = new SecurityGroupRule("allowAllTcp", SecurityGroupRuleArgs.builder()
.type("ingress")
.ipProtocol("tcp")
.nicType("intranet")
.policy("accept")
.portRange("1/65535")
.priority(1)
.securityGroupId(default_.id())
.cidrIp("0.0.0.0/0")
.build());
}
}resources:
default:
type: alicloud:ecs:SecurityGroup
properties:
securityGroupName: default
allowAllTcp:
type: alicloud:ecs:SecurityGroupRule
name: allow_all_tcp
properties:
type: ingress
ipProtocol: tcp
nicType: intranet
policy: accept
portRange: 1/65535
priority: 1
securityGroupId: ${default.id}
cidrIp: 0.0.0.0/0Module Support
You can use the existing security-group module to create a security group and add several rules one-click.
Import
Security Group Rule can be imported using the id, e.g.
$ pulumi import alicloud:ecs/securityGroupRule:SecurityGroupRule example <id>Properties
The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.
The transport layer protocol of the Security Group Rule. Valid values: tcp, udp, icmp, gre, all.
Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as the cidr_ip parameter.
The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example, 1/200 means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.
The ID of the source/destination prefix list to which you want to control access. NOTE: If you specify cidr_ip,source_security_group_id,ipv6_cidr_ip parameter, this parameter is ignored.
The ID of the Security Group.
The ID of the Security Group Rule.
The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid if cidr_ip has already been set.
The target security group ID within the same region. If this field is specified, the nic_type can only select intranet.