index

title: "SecgroupRule" title_tag: "huaweicloud.Vpc.SecgroupRule" meta_desc: "Documentation for the huaweicloud.Vpc.SecgroupRule resource with examples, input properties, output properties, lookup functions, and supporting types." layout: api no_edit_this_page: true

Manages a Security Group Rule resource within HuaweiCloud.

## Example Usage

Create an ingress rule that opens TCP port 8080 with port range parameters

using System.Collections.Generic;
using Pulumi;
using Huaweicloud = Pulumi.Huaweicloud;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var securityGroupId = config.RequireObject<dynamic>("securityGroupId");
    var test = new Huaweicloud.Vpc.SecgroupRule("test", new()
    {
        SecurityGroupId = securityGroupId,
        Direction = "ingress",
        Ethertype = "IPv4",
        Protocol = "tcp",
        PortRangeMin = 8080,
        PortRangeMax = 8080,
        RemoteIpPrefix = "0.0.0.0/0",
    });

});

package main

import (
    "github.com/huaweicloud/pulumi-huaweicloud/sdk/go/huaweicloud/Vpc"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        cfg := config.New(ctx, "")
        securityGroupId := cfg.RequireObject("securityGroupId")
        _, err := Vpc.NewSecgroupRule(ctx, "test", &Vpc.SecgroupRuleArgs{
            SecurityGroupId: pulumi.Any(securityGroupId),
            Direction:       pulumi.String("ingress"),
            Ethertype:       pulumi.String("IPv4"),
            Protocol:        pulumi.String("tcp"),
            PortRangeMin:    pulumi.Int(8080),
            PortRangeMax:    pulumi.Int(8080),
            RemoteIpPrefix:  pulumi.String("0.0.0.0/0"),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.huaweicloud.Vpc.SecgroupRule;
import com.pulumi.huaweicloud.Vpc.SecgroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var securityGroupId = config.get("securityGroupId");
        var test = new SecgroupRule("test", SecgroupRuleArgs.builder()        
            .securityGroupId(securityGroupId)
            .direction("ingress")
            .ethertype("IPv4")
            .protocol("tcp")
            .portRangeMin(8080)
            .portRangeMax(8080)
            .remoteIpPrefix("0.0.0.0/0")
            .build());

    }
}

import pulumi
import pulumi_huaweicloud as huaweicloud

config = pulumi.Config()
security_group_id = config.require_object("securityGroupId")
test = huaweicloud.vpc.SecgroupRule("test",
    security_group_id=security_group_id,
    direction="ingress",
    ethertype="IPv4",
    protocol="tcp",
    port_range_min=8080,
    port_range_max=8080,
    remote_ip_prefix="0.0.0.0/0")

import * as pulumi from "@pulumi/pulumi";
import * as pulumi from "@huaweicloudos/pulumi";

const config = new pulumi.Config();
const securityGroupId = config.requireObject("securityGroupId");
const test = new huaweicloud.vpc.SecgroupRule("test", {
    securityGroupId: securityGroupId,
    direction: "ingress",
    ethertype: "IPv4",
    protocol: "tcp",
    portRangeMin: 8080,
    portRangeMax: 8080,
    remoteIpPrefix: "0.0.0.0/0",
});

configuration:
  securityGroupId:
    type: dynamic
resources:
  test:
    type: huaweicloud:Vpc:SecgroupRule
    properties:
      securityGroupId: ${securityGroupId}
      direction: ingress
      ethertype: IPv4
      protocol: tcp
      portRangeMin: 8080
      portRangeMax: 8080
      remoteIpPrefix: 0.0.0.0/0

Create an ingress rule that enable the remote address group and open some TCP ports

using System.Collections.Generic;
using Pulumi;
using Huaweicloud = Pulumi.Huaweicloud;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var groupName = config.RequireObject<dynamic>("groupName");
    var securityGroupId = config.RequireObject<dynamic>("securityGroupId");
    var testAddressGroup = new Huaweicloud.Vpc.AddressGroup("testAddressGroup", new()
    {
        Addresses = new[]
        {
            "192.168.10.12",
            "192.168.11.0-192.168.11.240",
        },
    });

    var testSecgroupRule = new Huaweicloud.Vpc.SecgroupRule("testSecgroupRule", new()
    {
        SecurityGroupId = securityGroupId,
        Direction = "ingress",
        Action = "allow",
        Ethertype = "IPv4",
        Ports = "80,500,600-800",
        Protocol = "tcp",
        Priority = 5,
        RemoteAddressGroupId = testAddressGroup.Id,
    });

});

package main

import (
    "github.com/huaweicloud/pulumi-huaweicloud/sdk/go/huaweicloud/Vpc"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        cfg := config.New(ctx, "")
        groupName := cfg.RequireObject("groupName")
        securityGroupId := cfg.RequireObject("securityGroupId")
        testAddressGroup, err := Vpc.NewAddressGroup(ctx, "testAddressGroup", &Vpc.AddressGroupArgs{
            Addresses: pulumi.StringArray{
                pulumi.String("192.168.10.12"),
                pulumi.String("192.168.11.0-192.168.11.240"),
            },
        })
        if err != nil {
            return err
        }
        _, err = Vpc.NewSecgroupRule(ctx, "testSecgroupRule", &Vpc.SecgroupRuleArgs{
            SecurityGroupId:      pulumi.Any(securityGroupId),
            Direction:            pulumi.String("ingress"),
            Action:               pulumi.String("allow"),
            Ethertype:            pulumi.String("IPv4"),
            Ports:                pulumi.String("80,500,600-800"),
            Protocol:             pulumi.String("tcp"),
            Priority:             pulumi.Int(5),
            RemoteAddressGroupId: testAddressGroup.ID(),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.huaweicloud.Vpc.AddressGroup;
import com.pulumi.huaweicloud.Vpc.AddressGroupArgs;
import com.pulumi.huaweicloud.Vpc.SecgroupRule;
import com.pulumi.huaweicloud.Vpc.SecgroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var groupName = config.get("groupName");
        final var securityGroupId = config.get("securityGroupId");
        var testAddressGroup = new AddressGroup("testAddressGroup", AddressGroupArgs.builder()        
            .addresses(            
                "192.168.10.12",
                "192.168.11.0-192.168.11.240")
            .build());

        var testSecgroupRule = new SecgroupRule("testSecgroupRule", SecgroupRuleArgs.builder()        
            .securityGroupId(securityGroupId)
            .direction("ingress")
            .action("allow")
            .ethertype("IPv4")
            .ports("80,500,600-800")
            .protocol("tcp")
            .priority(5)
            .remoteAddressGroupId(testAddressGroup.id())
            .build());

    }
}

import pulumi
import pulumi_huaweicloud as huaweicloud

config = pulumi.Config()
group_name = config.require_object("groupName")
security_group_id = config.require_object("securityGroupId")
test_address_group = huaweicloud.vpc.AddressGroup("testAddressGroup", addresses=[
    "192.168.10.12",
    "192.168.11.0-192.168.11.240",
])
test_secgroup_rule = huaweicloud.vpc.SecgroupRule("testSecgroupRule",
    security_group_id=security_group_id,
    direction="ingress",
    action="allow",
    ethertype="IPv4",
    ports="80,500,600-800",
    protocol="tcp",
    priority=5,
    remote_address_group_id=test_address_group.id)

import * as pulumi from "@pulumi/pulumi";
import * as pulumi from "@huaweicloudos/pulumi";

const config = new pulumi.Config();
const groupName = config.requireObject("groupName");
const securityGroupId = config.requireObject("securityGroupId");
const testAddressGroup = new huaweicloud.vpc.AddressGroup("testAddressGroup", {addresses: [
    "192.168.10.12",
    "192.168.11.0-192.168.11.240",
]});
const testSecgroupRule = new huaweicloud.vpc.SecgroupRule("testSecgroupRule", {
    securityGroupId: securityGroupId,
    direction: "ingress",
    action: "allow",
    ethertype: "IPv4",
    ports: "80,500,600-800",
    protocol: "tcp",
    priority: 5,
    remoteAddressGroupId: testAddressGroup.id,
});

configuration:
  groupName:
    type: dynamic
  securityGroupId:
    type: dynamic
resources:
  testAddressGroup:
    type: huaweicloud:Vpc:AddressGroup
    properties:
      addresses:
        - 192.168.10.12
        - 192.168.11.0-192.168.11.240
  testSecgroupRule:
    type: huaweicloud:Vpc:SecgroupRule
    properties:
      securityGroupId: ${securityGroupId}
      direction: ingress
      action: allow
      ethertype: IPv4
      ports: 80,500,600-800
      protocol: tcp
      priority: 5
      remoteAddressGroupId: ${testAddressGroup.id}

Create SecgroupRule Resource {#create}

new SecgroupRule(name: string, args: SecgroupRuleArgs, opts?: CustomResourceOptions);

@overload
def SecgroupRule(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 action: Optional[str] = None,
                 description: Optional[str] = None,
                 direction: Optional[str] = None,
                 ethertype: Optional[str] = None,
                 port_range_max: Optional[int] = None,
                 port_range_min: Optional[int] = None,
                 ports: Optional[str] = None,
                 priority: Optional[int] = None,
                 protocol: Optional[str] = None,
                 region: Optional[str] = None,
                 remote_address_group_id: Optional[str] = None,
                 remote_group_id: Optional[str] = None,
                 remote_ip_prefix: Optional[str] = None,
                 security_group_id: Optional[str] = None)
@overload
def SecgroupRule(resource_name: str,
                 args: SecgroupRuleInitArgs,
                 opts: Optional[ResourceOptions] = None)

func NewSecgroupRule(ctx *Context, name string, args SecgroupRuleArgs, opts ...ResourceOption) (*SecgroupRule, error)

public SecgroupRule(string name, SecgroupRuleArgs args, CustomResourceOptions? opts = null)

public SecgroupRule(String name, SecgroupRuleArgs args)
public SecgroupRule(String name, SecgroupRuleArgs args, CustomResourceOptions options)

type: huaweicloud:Vpc:SecgroupRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecgroupRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecgroupRuleInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecgroupRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecgroupRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecgroupRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

SecgroupRule Resource Properties {#properties}

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SecgroupRule resource accepts the following input properties:

Direction string: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
Ethertype string: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
SecurityGroupId string: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.
Action string: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
Description string: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
PortRangeMax int: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
PortRangeMin int: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
Ports string: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
Priority int: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
Protocol string: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
Region string: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
RemoteAddressGroupId string: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
RemoteGroupId string: Specifies the remote group ID. Changing this creates a new security group rule.
RemoteIpPrefix string: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.

Direction string: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
Ethertype string: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
SecurityGroupId string: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.
Action string: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
Description string: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
PortRangeMax int: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
PortRangeMin int: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
Ports string: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
Priority int: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
Protocol string: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
Region string: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
RemoteAddressGroupId string: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
RemoteGroupId string: Specifies the remote group ID. Changing this creates a new security group rule.
RemoteIpPrefix string: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.

direction String: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype String: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
securityGroupId String: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.
action String: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
description String: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
portRangeMax Integer: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
portRangeMin Integer: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
ports String: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
priority Integer: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
protocol String: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
region String: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
remoteAddressGroupId String: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
remoteGroupId String: Specifies the remote group ID. Changing this creates a new security group rule.
remoteIpPrefix String: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.

direction string: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype string: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
securityGroupId string: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.
action string: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
description string: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
portRangeMax number: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
portRangeMin number: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
ports string: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
priority number: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
protocol string: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
region string: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
remoteAddressGroupId string: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
remoteGroupId string: Specifies the remote group ID. Changing this creates a new security group rule.
remoteIpPrefix string: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.

direction str: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype str: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
security_group_id str: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.
action str: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
description str: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
port_range_max int: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
port_range_min int: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
ports str: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
priority int: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
protocol str: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
region str: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
remote_address_group_id str: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
remote_group_id str: Specifies the remote group ID. Changing this creates a new security group rule.
remote_ip_prefix str: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.

direction String: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype String: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
securityGroupId String: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.
action String: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
description String: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
portRangeMax Number: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
portRangeMin Number: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
ports String: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
priority Number: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
protocol String: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
region String: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
remoteAddressGroupId String: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
remoteGroupId String: Specifies the remote group ID. Changing this creates a new security group rule.
remoteIpPrefix String: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecgroupRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing SecgroupRule Resource {#look-up}

Get an existing SecgroupRule resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecgroupRuleState, opts?: CustomResourceOptions): SecgroupRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        description: Optional[str] = None,
        direction: Optional[str] = None,
        ethertype: Optional[str] = None,
        port_range_max: Optional[int] = None,
        port_range_min: Optional[int] = None,
        ports: Optional[str] = None,
        priority: Optional[int] = None,
        protocol: Optional[str] = None,
        region: Optional[str] = None,
        remote_address_group_id: Optional[str] = None,
        remote_group_id: Optional[str] = None,
        remote_ip_prefix: Optional[str] = None,
        security_group_id: Optional[str] = None) -> SecgroupRule

func GetSecgroupRule(ctx *Context, name string, id IDInput, state *SecgroupRuleState, opts ...ResourceOption) (*SecgroupRule, error)

public static SecgroupRule Get(string name, Input<string> id, SecgroupRuleState? state, CustomResourceOptions? opts = null)

public static SecgroupRule get(String name, Output<String> id, SecgroupRuleState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
Description string: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
Direction string: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
Ethertype string: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
PortRangeMax int: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
PortRangeMin int: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
Ports string: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
Priority int: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
Protocol string: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
Region string: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
RemoteAddressGroupId string: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
RemoteGroupId string: Specifies the remote group ID. Changing this creates a new security group rule.
RemoteIpPrefix string: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
SecurityGroupId string: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.

Action string: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
Description string: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
Direction string: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
Ethertype string: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
PortRangeMax int: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
PortRangeMin int: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
Ports string: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
Priority int: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
Protocol string: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
Region string: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
RemoteAddressGroupId string: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
RemoteGroupId string: Specifies the remote group ID. Changing this creates a new security group rule.
RemoteIpPrefix string: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
SecurityGroupId string: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.

action String: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
description String: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
direction String: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype String: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
portRangeMax Integer: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
portRangeMin Integer: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
ports String: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
priority Integer: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
protocol String: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
region String: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
remoteAddressGroupId String: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
remoteGroupId String: Specifies the remote group ID. Changing this creates a new security group rule.
remoteIpPrefix String: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
securityGroupId String: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.

action string: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
description string: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
direction string: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype string: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
portRangeMax number: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
portRangeMin number: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
ports string: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
priority number: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
protocol string: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
region string: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
remoteAddressGroupId string: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
remoteGroupId string: Specifies the remote group ID. Changing this creates a new security group rule.
remoteIpPrefix string: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
securityGroupId string: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.

action str: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
description str: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
direction str: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype str: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
port_range_max int: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
port_range_min int: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
ports str: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
priority int: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
protocol str: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
region str: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
remote_address_group_id str: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
remote_group_id str: Specifies the remote group ID. Changing this creates a new security group rule.
remote_ip_prefix str: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
security_group_id str: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.

action String: Specifies the effective policy. The valid values are allow and deny. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
description String: Specifies the supplementary information about the networking security group rule. This parameter can contain a maximum of 255 characters and cannot contain angle brackets (< or >). Changing this creates a new security group rule.
direction String: Specifies the direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.
ethertype String: Specifies the layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.
portRangeMax Number: Specifies the higher part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
portRangeMin Number: Specifies the lower part of the allowed port range, valid integer value needs to be between 1 and 65,535. Changing this creates a new security group rule. This parameter and ports are alternative.
ports String: Specifies the allowed port value range, which supports single port (80), continuous port (1-30) and discontinous port (22, 3389, 80) The valid port values is range form 1 to 65,535. Changing this creates a new security group rule.
priority Number: Specifies the priority number. The valid value is range from 1 to 100. The default value is 1. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
protocol String: Specifies the layer 4 protocol type, valid values are tcp, udp, icmp and icmpv6. If omitted, the protocol means that all protocols are supported. This is required if you want to specify a port range. Changing this creates a new security group rule.
region String: Specifies the region in which to create the security group rule resource. If omitted, the provider-level region will be used. Changing this creates a new security group rule.
remoteAddressGroupId String: Specifies the remote address group ID. This parameter is not used with port_range_min and port_range_max. Changing this creates a new security group rule.
remoteGroupId String: Specifies the remote group ID. Changing this creates a new security group rule.
remoteIpPrefix String: Specifies the remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.
securityGroupId String: Specifies the security group ID the rule should belong to. Changing this creates a new security group rule.

Import

Security Group Rules can be imported using the id, e.g.

 $ pulumi import huaweicloud:Vpc/secgroupRule:SecgroupRule secgroup_rule_1 aeb68ee3-6e9d-4256-955c-9584a6212745

Package Details

Repository: https://github.com/huaweicloud/pulumi-huaweicloud
License: Apache-2.0
Notes: This Pulumi package is based on the huaweicloud Terraform Provider.