alicloud_security_group

Provides a ECS Security Group resource.

For information about ECS Security Group and how to use it, see What is Security Group.

-> NOTE: Available since v1.0.0.

-> NOTE: alicloud_security_group is used to build and manage a security group, and alicloud_security_group_rule can define ingress or egress rules for it.

-> NOTE: From version 1.7.2, alicloud_security_group has supported to segregate different ECS instance in which the same security group.

Example Usage

Basic Usage

resource "alicloud_security_group" "default" {
  security_group_name = "terraform-example"
}

Basic Usage for VPC

resource "alicloud_vpc" "default" {
  vpc_name   = "terraform-example"
  cidr_block = "172.16.0.0/16"
}

resource "alicloud_security_group" "default" {
  security_group_name = "terraform-example"
  vpc_id              = alicloud_vpc.default.id
}

Module Support

You can use the existing security-group module to create a security group and add several rules one-click.

Argument Reference

The following arguments are supported:

• description - (Optional) The description of the security group. The description must be 2 to 256 characters in length. It cannot start with http:// or https://.
• inner_access_policy - (Optional, Available since v1.55.3) The internal access control policy of the security group. Valid values:
  • Accept: The internal interconnectivity policy.
  • Drop: The internal isolation policy.
• resource_group_id - (Optional, Available since v1.58.0) The ID of the resource group to which the security group belongs. NOTE: From version 1.115.0, resource_group_id can be modified.
• security_group_name - (Optional, Available since v1.239.0) The name of the security group. The name must be 2 to 128 characters in length. The name must start with a letter and cannot start with http:// or https://. The name can contain Unicode characters under the Decimal Number category and the categories whose names contain Letter. The name can also contain colons (:), underscores (_), periods (.), and hyphens (-).
• security_group_type - (Optional, ForceNew, Available since v1.58.0) The type of the security group. Default value: normal. Valid values:
  • normal: Basic security group.
  • enterprise: Advanced security group For more information, see Advanced security groups.
• tags - (Optional, Map) A mapping of tags to assign to the resource.
• vpc_id - (Optional, ForceNew) The ID of the VPC in which you want to create the security group.
• name - (Optional, Deprecated since v1.239.0) Field name has been deprecated from provider version 1.239.0. New field security_group_name instead.
• inner_access - (Optional, Bool, Deprecated since v1.55.3) Field inner_access has been deprecated from provider version 1.55.3. New field inner_access_policy instead.

Attributes Reference

The following attributes are exported:

• id - The resource ID in terraform of Security Group.
• create_time - (Available since v1.239.0) The time when the security group was created.

Timeouts

-> NOTE: Available since v1.214.0.

The timeouts block allows you to specify timeouts for certain actions:

• create - (Defaults to 5 mins) Used when create the Security Group.
• delete - (Defaults to 10 mins) Used when delete the Security Group.
• update - (Defaults to 5 mins) Used when update the Security Group.

Import

ECS Security Group can be imported using the id, e.g.

$ terraform import alicloud_security_group.example <id>