Docs
PackagesYandex v0.13.0 published on Tuesday, Feb 22, 2022 by Pulumi
yandex.VpcSecurityGroupRule
Explore with Pulumi AI
Manages a single Secuirity Group Rule within the Yandex.Cloud. For more information, see the official documentation of security groups and security group rules.
NOTE: There is another way to manage security group rules by
ingressandegressarguments in yandex_vpc_security_group. Both ways are equivalent but not compatible now. Using in-line rules of yandex.VpcSecurityGroup with Security Group Rule resource at the same time will cause a conflict of rules configuration.
Example Usage
using Pulumi;
using Yandex = Pulumi.Yandex;
class MyStack : Stack
{
public MyStack()
{
var lab_net = new Yandex.VpcNetwork("lab-net", new Yandex.VpcNetworkArgs
{
});
var group1 = new Yandex.VpcSecurityGroup("group1", new Yandex.VpcSecurityGroupArgs
{
Description = "description for my security group",
NetworkId = lab_net.Id,
Labels =
{
{ "my-label", "my-label-value" },
},
});
var rule1 = new Yandex.VpcSecurityGroupRule("rule1", new Yandex.VpcSecurityGroupRuleArgs
{
SecurityGroupBinding = group1.Id,
Direction = "ingress",
Description = "rule1 description",
V4CidrBlocks =
{
"10.0.1.0/24",
"10.0.2.0/24",
},
Port = 8080,
Protocol = "TCP",
});
var rule2 = new Yandex.VpcSecurityGroupRule("rule2", new Yandex.VpcSecurityGroupRuleArgs
{
SecurityGroupBinding = group1.Id,
Direction = "egress",
Description = "rule2 description",
V4CidrBlocks =
{
"10.0.1.0/24",
},
FromPort = 8090,
ToPort = 8099,
Protocol = "UDP",
});
}
}
package main
import (
"github.com/pulumi/pulumi-yandex/sdk/go/yandex"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := yandex.NewVpcNetwork(ctx, "lab-net", nil)
if err != nil {
return err
}
group1, err := yandex.NewVpcSecurityGroup(ctx, "group1", &yandex.VpcSecurityGroupArgs{
Description: pulumi.String("description for my security group"),
NetworkId: lab_net.ID(),
Labels: pulumi.StringMap{
"my-label": pulumi.String("my-label-value"),
},
})
if err != nil {
return err
}
_, err = yandex.NewVpcSecurityGroupRule(ctx, "rule1", &yandex.VpcSecurityGroupRuleArgs{
SecurityGroupBinding: group1.ID(),
Direction: pulumi.String("ingress"),
Description: pulumi.String("rule1 description"),
V4CidrBlocks: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
pulumi.String("10.0.2.0/24"),
},
Port: pulumi.Int(8080),
Protocol: pulumi.String("TCP"),
})
if err != nil {
return err
}
_, err = yandex.NewVpcSecurityGroupRule(ctx, "rule2", &yandex.VpcSecurityGroupRuleArgs{
SecurityGroupBinding: group1.ID(),
Direction: pulumi.String("egress"),
Description: pulumi.String("rule2 description"),
V4CidrBlocks: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
},
FromPort: pulumi.Int(8090),
ToPort: pulumi.Int(8099),
Protocol: pulumi.String("UDP"),
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_yandex as yandex
lab_net = yandex.VpcNetwork("lab-net")
group1 = yandex.VpcSecurityGroup("group1",
description="description for my security group",
network_id=lab_net.id,
labels={
"my-label": "my-label-value",
})
rule1 = yandex.VpcSecurityGroupRule("rule1",
security_group_binding=group1.id,
direction="ingress",
description="rule1 description",
v4_cidr_blocks=[
"10.0.1.0/24",
"10.0.2.0/24",
],
port=8080,
protocol="TCP")
rule2 = yandex.VpcSecurityGroupRule("rule2",
security_group_binding=group1.id,
direction="egress",
description="rule2 description",
v4_cidr_blocks=["10.0.1.0/24"],
from_port=8090,
to_port=8099,
protocol="UDP")
import * as pulumi from "@pulumi/pulumi";
import * as yandex from "@pulumi/yandex";
const lab_net = new yandex.VpcNetwork("lab-net", {});
const group1 = new yandex.VpcSecurityGroup("group1", {
description: "description for my security group",
networkId: lab_net.id,
labels: {
"my-label": "my-label-value",
},
});
const rule1 = new yandex.VpcSecurityGroupRule("rule1", {
securityGroupBinding: group1.id,
direction: "ingress",
description: "rule1 description",
v4CidrBlocks: [
"10.0.1.0/24",
"10.0.2.0/24",
],
port: 8080,
protocol: "TCP",
});
const rule2 = new yandex.VpcSecurityGroupRule("rule2", {
securityGroupBinding: group1.id,
direction: "egress",
description: "rule2 description",
v4CidrBlocks: ["10.0.1.0/24"],
fromPort: 8090,
toPort: 8099,
protocol: "UDP",
});
Coming soon!
Create VpcSecurityGroupRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new VpcSecurityGroupRule(name: string, args: VpcSecurityGroupRuleArgs, opts?: CustomResourceOptions);@overload
def VpcSecurityGroupRule(resource_name: str,
args: VpcSecurityGroupRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def VpcSecurityGroupRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
direction: Optional[str] = None,
security_group_binding: Optional[str] = None,
description: Optional[str] = None,
from_port: Optional[int] = None,
labels: Optional[Mapping[str, str]] = None,
port: Optional[int] = None,
predefined_target: Optional[str] = None,
protocol: Optional[str] = None,
security_group_id: Optional[str] = None,
to_port: Optional[int] = None,
v4_cidr_blocks: Optional[Sequence[str]] = None,
v6_cidr_blocks: Optional[Sequence[str]] = None)func NewVpcSecurityGroupRule(ctx *Context, name string, args VpcSecurityGroupRuleArgs, opts ...ResourceOption) (*VpcSecurityGroupRule, error)public VpcSecurityGroupRule(string name, VpcSecurityGroupRuleArgs args, CustomResourceOptions? opts = null)
public VpcSecurityGroupRule(String name, VpcSecurityGroupRuleArgs args)
public VpcSecurityGroupRule(String name, VpcSecurityGroupRuleArgs args, CustomResourceOptions options)
type: yandex:VpcSecurityGroupRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args VpcSecurityGroupRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args VpcSecurityGroupRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args VpcSecurityGroupRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args VpcSecurityGroupRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args VpcSecurityGroupRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var vpcSecurityGroupRuleResource = new Yandex.VpcSecurityGroupRule("vpcSecurityGroupRuleResource", new()
{
Direction = "string",
SecurityGroupBinding = "string",
Description = "string",
FromPort = 0,
Labels =
{
{ "string", "string" },
},
Port = 0,
PredefinedTarget = "string",
Protocol = "string",
SecurityGroupId = "string",
ToPort = 0,
V4CidrBlocks = new[]
{
"string",
},
V6CidrBlocks = new[]
{
"string",
},
});
example, err := yandex.NewVpcSecurityGroupRule(ctx, "vpcSecurityGroupRuleResource", &yandex.VpcSecurityGroupRuleArgs{
Direction: pulumi.String("string"),
SecurityGroupBinding: pulumi.String("string"),
Description: pulumi.String("string"),
FromPort: pulumi.Int(0),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Port: pulumi.Int(0),
PredefinedTarget: pulumi.String("string"),
Protocol: pulumi.String("string"),
SecurityGroupId: pulumi.String("string"),
ToPort: pulumi.Int(0),
V4CidrBlocks: pulumi.StringArray{
pulumi.String("string"),
},
V6CidrBlocks: pulumi.StringArray{
pulumi.String("string"),
},
})
var vpcSecurityGroupRuleResource = new VpcSecurityGroupRule("vpcSecurityGroupRuleResource", VpcSecurityGroupRuleArgs.builder()
.direction("string")
.securityGroupBinding("string")
.description("string")
.fromPort(0)
.labels(Map.of("string", "string"))
.port(0)
.predefinedTarget("string")
.protocol("string")
.securityGroupId("string")
.toPort(0)
.v4CidrBlocks("string")
.v6CidrBlocks("string")
.build());
vpc_security_group_rule_resource = yandex.VpcSecurityGroupRule("vpcSecurityGroupRuleResource",
direction="string",
security_group_binding="string",
description="string",
from_port=0,
labels={
"string": "string",
},
port=0,
predefined_target="string",
protocol="string",
security_group_id="string",
to_port=0,
v4_cidr_blocks=["string"],
v6_cidr_blocks=["string"])
const vpcSecurityGroupRuleResource = new yandex.VpcSecurityGroupRule("vpcSecurityGroupRuleResource", {
direction: "string",
securityGroupBinding: "string",
description: "string",
fromPort: 0,
labels: {
string: "string",
},
port: 0,
predefinedTarget: "string",
protocol: "string",
securityGroupId: "string",
toPort: 0,
v4CidrBlocks: ["string"],
v6CidrBlocks: ["string"],
});
type: yandex:VpcSecurityGroupRule
properties:
description: string
direction: string
fromPort: 0
labels:
string: string
port: 0
predefinedTarget: string
protocol: string
securityGroupBinding: string
securityGroupId: string
toPort: 0
v4CidrBlocks:
- string
v6CidrBlocks:
- string
VpcSecurityGroupRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The VpcSecurityGroupRule resource accepts the following input properties:
- Direction string
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - Security
Group stringBinding - ID of the security group this rule belongs to.
- Description string
- Description of the rule.
- From
Port int - Minimum port number.
- Labels Dictionary<string, string>
- Labels to assign to this rule.
- Port int
- Port number (if applied to a single port).
- Predefined
Target string - Special-purpose targets such as "self_security_group". See docs for possible options.
- Protocol string
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - Security
Group stringId - Target security group ID for this rule.
- To
Port int - Maximum port number.
- V4Cidr
Blocks List<string> - The blocks of IPv4 addresses for this rule.
- V6Cidr
Blocks List<string> - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
- Direction string
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - Security
Group stringBinding - ID of the security group this rule belongs to.
- Description string
- Description of the rule.
- From
Port int - Minimum port number.
- Labels map[string]string
- Labels to assign to this rule.
- Port int
- Port number (if applied to a single port).
- Predefined
Target string - Special-purpose targets such as "self_security_group". See docs for possible options.
- Protocol string
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - Security
Group stringId - Target security group ID for this rule.
- To
Port int - Maximum port number.
- V4Cidr
Blocks []string - The blocks of IPv4 addresses for this rule.
- V6Cidr
Blocks []string - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
- direction String
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - security
Group StringBinding - ID of the security group this rule belongs to.
- description String
- Description of the rule.
- from
Port Integer - Minimum port number.
- labels Map<String,String>
- Labels to assign to this rule.
- port Integer
- Port number (if applied to a single port).
- predefined
Target String - Special-purpose targets such as "self_security_group". See docs for possible options.
- protocol String
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - security
Group StringId - Target security group ID for this rule.
- to
Port Integer - Maximum port number.
- v4Cidr
Blocks List<String> - The blocks of IPv4 addresses for this rule.
- v6Cidr
Blocks List<String> - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
- direction string
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - security
Group stringBinding - ID of the security group this rule belongs to.
- description string
- Description of the rule.
- from
Port number - Minimum port number.
- labels {[key: string]: string}
- Labels to assign to this rule.
- port number
- Port number (if applied to a single port).
- predefined
Target string - Special-purpose targets such as "self_security_group". See docs for possible options.
- protocol string
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - security
Group stringId - Target security group ID for this rule.
- to
Port number - Maximum port number.
- v4Cidr
Blocks string[] - The blocks of IPv4 addresses for this rule.
- v6Cidr
Blocks string[] - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
- direction str
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - security_
group_ strbinding - ID of the security group this rule belongs to.
- description str
- Description of the rule.
- from_
port int - Minimum port number.
- labels Mapping[str, str]
- Labels to assign to this rule.
- port int
- Port number (if applied to a single port).
- predefined_
target str - Special-purpose targets such as "self_security_group". See docs for possible options.
- protocol str
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - security_
group_ strid - Target security group ID for this rule.
- to_
port int - Maximum port number.
- v4_
cidr_ Sequence[str]blocks - The blocks of IPv4 addresses for this rule.
- v6_
cidr_ Sequence[str]blocks - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
- direction String
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - security
Group StringBinding - ID of the security group this rule belongs to.
- description String
- Description of the rule.
- from
Port Number - Minimum port number.
- labels Map<String>
- Labels to assign to this rule.
- port Number
- Port number (if applied to a single port).
- predefined
Target String - Special-purpose targets such as "self_security_group". See docs for possible options.
- protocol String
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - security
Group StringId - Target security group ID for this rule.
- to
Port Number - Maximum port number.
- v4Cidr
Blocks List<String> - The blocks of IPv4 addresses for this rule.
- v6Cidr
Blocks List<String> - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
Outputs
All input properties are implicitly available as output properties. Additionally, the VpcSecurityGroupRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing VpcSecurityGroupRule Resource
Get an existing VpcSecurityGroupRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: VpcSecurityGroupRuleState, opts?: CustomResourceOptions): VpcSecurityGroupRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
direction: Optional[str] = None,
from_port: Optional[int] = None,
labels: Optional[Mapping[str, str]] = None,
port: Optional[int] = None,
predefined_target: Optional[str] = None,
protocol: Optional[str] = None,
security_group_binding: Optional[str] = None,
security_group_id: Optional[str] = None,
to_port: Optional[int] = None,
v4_cidr_blocks: Optional[Sequence[str]] = None,
v6_cidr_blocks: Optional[Sequence[str]] = None) -> VpcSecurityGroupRulefunc GetVpcSecurityGroupRule(ctx *Context, name string, id IDInput, state *VpcSecurityGroupRuleState, opts ...ResourceOption) (*VpcSecurityGroupRule, error)public static VpcSecurityGroupRule Get(string name, Input<string> id, VpcSecurityGroupRuleState? state, CustomResourceOptions? opts = null)public static VpcSecurityGroupRule get(String name, Output<String> id, VpcSecurityGroupRuleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- Description of the rule.
- Direction string
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - From
Port int - Minimum port number.
- Labels Dictionary<string, string>
- Labels to assign to this rule.
- Port int
- Port number (if applied to a single port).
- Predefined
Target string - Special-purpose targets such as "self_security_group". See docs for possible options.
- Protocol string
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - Security
Group stringBinding - ID of the security group this rule belongs to.
- Security
Group stringId - Target security group ID for this rule.
- To
Port int - Maximum port number.
- V4Cidr
Blocks List<string> - The blocks of IPv4 addresses for this rule.
- V6Cidr
Blocks List<string> - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
- Description string
- Description of the rule.
- Direction string
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - From
Port int - Minimum port number.
- Labels map[string]string
- Labels to assign to this rule.
- Port int
- Port number (if applied to a single port).
- Predefined
Target string - Special-purpose targets such as "self_security_group". See docs for possible options.
- Protocol string
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - Security
Group stringBinding - ID of the security group this rule belongs to.
- Security
Group stringId - Target security group ID for this rule.
- To
Port int - Maximum port number.
- V4Cidr
Blocks []string - The blocks of IPv4 addresses for this rule.
- V6Cidr
Blocks []string - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
- description String
- Description of the rule.
- direction String
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - from
Port Integer - Minimum port number.
- labels Map<String,String>
- Labels to assign to this rule.
- port Integer
- Port number (if applied to a single port).
- predefined
Target String - Special-purpose targets such as "self_security_group". See docs for possible options.
- protocol String
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - security
Group StringBinding - ID of the security group this rule belongs to.
- security
Group StringId - Target security group ID for this rule.
- to
Port Integer - Maximum port number.
- v4Cidr
Blocks List<String> - The blocks of IPv4 addresses for this rule.
- v6Cidr
Blocks List<String> - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
- description string
- Description of the rule.
- direction string
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - from
Port number - Minimum port number.
- labels {[key: string]: string}
- Labels to assign to this rule.
- port number
- Port number (if applied to a single port).
- predefined
Target string - Special-purpose targets such as "self_security_group". See docs for possible options.
- protocol string
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - security
Group stringBinding - ID of the security group this rule belongs to.
- security
Group stringId - Target security group ID for this rule.
- to
Port number - Maximum port number.
- v4Cidr
Blocks string[] - The blocks of IPv4 addresses for this rule.
- v6Cidr
Blocks string[] - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
- description str
- Description of the rule.
- direction str
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - from_
port int - Minimum port number.
- labels Mapping[str, str]
- Labels to assign to this rule.
- port int
- Port number (if applied to a single port).
- predefined_
target str - Special-purpose targets such as "self_security_group". See docs for possible options.
- protocol str
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - security_
group_ strbinding - ID of the security group this rule belongs to.
- security_
group_ strid - Target security group ID for this rule.
- to_
port int - Maximum port number.
- v4_
cidr_ Sequence[str]blocks - The blocks of IPv4 addresses for this rule.
- v6_
cidr_ Sequence[str]blocks - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
- description String
- Description of the rule.
- direction String
- direction of the rule. Can be
ingress(inbound) oregress(outbound). - from
Port Number - Minimum port number.
- labels Map<String>
- Labels to assign to this rule.
- port Number
- Port number (if applied to a single port).
- predefined
Target String - Special-purpose targets such as "self_security_group". See docs for possible options.
- protocol String
- One of
ANY,TCP,UDP,ICMP,IPV6_ICMP. - security
Group StringBinding - ID of the security group this rule belongs to.
- security
Group StringId - Target security group ID for this rule.
- to
Port Number - Maximum port number.
- v4Cidr
Blocks List<String> - The blocks of IPv4 addresses for this rule.
- v6Cidr
Blocks List<String> - The blocks of IPv6 addresses for this rule.
v6_cidr_blocksargument is currently not supported. It will be available in the future.
Package Details
- Repository
- Yandex pulumi/pulumi-yandex
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
yandexTerraform Provider.