Provides a security group rule resource.
Represents a single ingress
or egress
group rule, which can be added to external Security Groups.
-> NOTE: nic_type
should set to intranet
when security group type is vpc
or specifying the source_security_group_id
. In this situation it does not distinguish between intranet and internet, the rule is effective on them both.
-> NOTE: Available since v0.1.0.
Example Usage
Basic Usage
resource "alicloud_security_group" "default" {
name = "default"
}
resource "alicloud_security_group_rule" "allow_all_tcp" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "internet"
policy = "accept"
port_range = "1/65535"
priority = 1
security_group_id = alicloud_security_group.default.id
cidr_ip = "0.0.0.0/0"
}
Module Support
You can use the existing security-group module to create a security group and add several rules one-click.
Argument Reference
The following arguments are supported:
type
- (Required, ForceNew) The type of rule being created. Valid options areingress
(inbound) oregress
(outbound).ip_protocol
- (Required, ForceNew) The protocol. Can betcp
,udp
,icmp
,gre
orall
.port_range
- (Optional, ForceNew) The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example,1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid.security_group_id
- (Required, ForceNew) The security group to apply this rule to.nic_type
- (Optional, ForceNew) Network type, can be eitherinternet
orintranet
, the default value isinternet
.policy
- (Optional, ForceNew) Authorization policy, can be eitheraccept
ordrop
, the default value isaccept
.priority
- (Optional, ForceNew) Authorization policy priority, with parameter values:1-100
, default value: 1.cidr_ip
- (Optional, ForceNew) The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported.source_security_group_id
- (Optional, ForceNew) The target security group ID within the same region. If this field is specified, thenic_type
can only selectintranet
.source_group_owner_account
- (Optional, ForceNew) The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid ifcidr_ip
has already been set.description
- (Optional) The description of the security group rule. The description can be up to 1 to 512 characters in length. Defaults to null.prefix_list_id
- (Optional, ForceNew) The ID of the source/destination prefix list to which you want to control access. NOTE: If you specifycidr_ip
,source_security_group_id
,ipv6_cidr_ip
parameter, this parameter is ignored.ipv6_cidr_ip
- (Optional, ForceNew, Available in 1.174.0) Source IPv6 CIDR address block that requires access. Supports IP address ranges in CIDR format and IPv6 format. NOTE: This parameter cannot be set at the same time as thecidr_ip
parameter.
-> NOTE: You must specify one of the following field: cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.
Attributes Reference
The following attributes are exported:
id
- The ID of the security group rule. The value is formulated as<security_group_id>:<type>:<ip_protocol>:<port_range>:<nic_type>:<real_ip>:<policy>:<priority>
. The real_ip may be one of the following field:cidr_ip
,source_security_group_id
,prefix_list_id
,ipv6_cidr_ip
.
反馈
- 本页导读 (0)
文档反馈