» alicloud_security_group_rule
Provides a security group rule resource.
Represents a single ingress
or egress
group rule, which can be added to external Security Groups.
NOTE: nic_type
should set to intranet
when security group type is vpc
or specifying the source_security_group_id
. In this situation it does not distinguish between intranet and internet, the rule is effective on them both.
» Example Usage
Basic Usage
resource "alicloud_security_group" "default" {
name = "default"
}
resource "alicloud_security_group_rule" "allow_all_tcp" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "internet"
policy = "accept"
port_range = "1/65535"
priority = 1
security_group_id = "${alicloud_security_group.default.id}"
cidr_ip = "0.0.0.0/0"
}
» Argument Reference
The following arguments are supported:
-
type
- (Required, ForceNew) The type of rule being created. Valid options areingress
(inbound) oregress
(outbound). -
ip_protocol
- (Required, ForceNew) The protocol. Can betcp
,udp
,icmp
,gre
orall
. -
port_range
- (ForceNew) The range of port numbers relevant to the IP protocol. Default to "-1/-1". When the protocol is tcp or udp, each side port number range from 1 to 65535 and '-1/-1' will be invalid. For example,1/200
means that the range of the port numbers is 1-200. Other protocols' 'port_range' can only be "-1/-1", and other values will be invalid. -
security_group_id
- (Required, ForceNew) The security group to apply this rule to. -
nic_type
- (Optional, ForceNew) Network type, can be eitherinternet
orintranet
, the default value isinternet
. -
policy
- (Optional, ForceNew) Authorization policy, can be eitheraccept
ordrop
, the default value isaccept
. -
priority
- (Optional, ForceNew) Authorization policy priority, with parameter values:1-100
, default value: 1. -
cidr_ip
- (Optional, ForceNew) The target IP address range. The default value is 0.0.0.0/0 (which means no restriction will be applied). Other supported formats include 10.159.6.18/12. Only IPv4 is supported. -
source_security_group_id
- (Optional, ForceNew) The target security group ID within the same region. If this field is specified, thenic_type
can only selectintranet
. -
source_group_owner_account
- (Optional, ForceNew) The Alibaba Cloud user account Id of the target security group when security groups are authorized across accounts. This parameter is invalid ifcidr_ip
has already been set.
NOTE: Either the source_security_group_id
or cidr_ip
must be set.
» Attributes Reference
The following attributes are exported:
-
id
- The ID of the security group rule -
type
- The type of rule,ingress
oregress
-
name
- The name of the security group -
port_range
- The range of port numbers -
ip_protocol
- The protocol of the security group rule