GetSecurityGroupRules

The alicloud.ecs.getSecurityGroupRules data source provides a collection of security permissions of a specific security group. Each collection item represents a single ingress or egress permission rule. The ID of the security group can be provided via a variable or the result from the other data source alicloud.ecs.getSecurityGroups.

Example Usage

using Pulumi;
using AliCloud = Pulumi.AliCloud;

class MyStack : Stack
{
    public MyStack()
    {
        var config = new Config();
        var securityGroupId = config.RequireObject<dynamic>("securityGroupId");
        var groupsDs = Output.Create(AliCloud.Ecs.GetSecurityGroups.InvokeAsync(new AliCloud.Ecs.GetSecurityGroupsArgs
        {
            NameRegex = "api",
        }));
        var ingressRulesDs = groupsDs.Apply(groupsDs => Output.Create(AliCloud.Ecs.GetSecurityGroupRules.InvokeAsync(new AliCloud.Ecs.GetSecurityGroupRulesArgs
        {
            Direction = "ingress",
            GroupId = groupsDs.Groups[0].Id,
            IpProtocol = "TCP",
            NicType = "internet",
        })));
        // Pass port_range to the backend service
        var backend = new AliCloud.Ecs.Instance("backend", new AliCloud.Ecs.InstanceArgs
        {
            UserData = ingressRulesDs.Apply(ingressRulesDs => $"config_service.sh --portrange={ingressRulesDs.Rules[0].PortRange}"),
        });
    }

}

Coming soon!

import pulumi
import pulumi_alicloud as alicloud

config = pulumi.Config()
security_group_id = config.require_object("securityGroupId")
groups_ds = alicloud.ecs.get_security_groups(name_regex="api")
ingress_rules_ds = alicloud.ecs.get_security_group_rules(direction="ingress",
    group_id=groups_ds.groups[0]["id"],
    ip_protocol="TCP",
    nic_type="internet")
# Pass port_range to the backend service
backend = alicloud.ecs.Instance("backend", user_data=f"config_service.sh --portrange={ingress_rules_ds.rules[0]['port_range']}")

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const config = new pulumi.Config();
// Get the security group id from a variable
const securityGroupId = config.require("securityGroupId");

// Or get it from the alicloud.ecs.getSecurityGroups data source.
// Please note that the data source arguments must be enough to filter results to one security group.
const groupsDs = pulumi.output(alicloud.ecs.getSecurityGroups({
    nameRegex: "api",
}, { async: true }));
// Filter the security group rule by group
const ingressRulesDs = groupsDs.apply(groupsDs => alicloud.ecs.getSecurityGroupRules({
    direction: "ingress",
    groupId: groupsDs.groups[0].id,
    ipProtocol: "TCP",
    nicType: "internet",
}, { async: true }));
// Pass port_range to the backend service
const backend = new alicloud.ecs.Instance("backend", {
    userData: pulumi.interpolate`config_service.sh --portrange=${ingressRulesDs.rules[0].portRange}`,
});

Using GetSecurityGroupRules

function getSecurityGroupRules(args: GetSecurityGroupRulesArgs, opts?: InvokeOptions): Promise<GetSecurityGroupRulesResult>

function  get_security_group_rules(direction=None, group_id=None, ip_protocol=None, nic_type=None, output_file=None, policy=None, opts=None)

func GetSecurityGroupRules(ctx *Context, args *GetSecurityGroupRulesArgs, opts ...InvokeOption) (*GetSecurityGroupRulesResult, error)

public static class GetSecurityGroupRules {
    public static Task<GetSecurityGroupRulesResult> InvokeAsync(GetSecurityGroupRulesArgs args, InvokeOptions? opts = null)
}

The following arguments are supported:

GroupId string: The ID of the security group that owns the rules.
Direction string: Authorization direction. Valid values are: ingress or egress.
IpProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
NicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
OutputFile string
Policy string: Authorization policy. Can be either accept or drop. The default value is accept.

GroupId string: The ID of the security group that owns the rules.
Direction string: Authorization direction. Valid values are: ingress or egress.
IpProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
NicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
OutputFile string
Policy string: Authorization policy. Can be either accept or drop. The default value is accept.

groupId string: The ID of the security group that owns the rules.
direction string: Authorization direction. Valid values are: ingress or egress.
ipProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
outputFile string
policy string: Authorization policy. Can be either accept or drop. The default value is accept.

group_id str: The ID of the security group that owns the rules.
direction str: Authorization direction. Valid values are: ingress or egress.
ip_protocol str: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nic_type str: Refers to the network type. Can be either internet or intranet. The default value is internet.
output_file str
policy str: Authorization policy. Can be either accept or drop. The default value is accept.

GetSecurityGroupRules Result

The following output properties are available:

GroupDesc string: The description of the security group that owns the rules.
GroupId string
GroupName string: The name of the security group that owns the rules.
Id string: The provider-assigned unique ID for this managed resource.
Rules List<Pulumi.AliCloud.Ecs.Outputs.GetSecurityGroupRulesRule>: A list of security group rules. Each element contains the following attributes:
Direction string: Authorization direction, ingress or egress.
IpProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
NicType string: Network type, internet or intranet.
OutputFile string
Policy string: Authorization policy. Can be either accept or drop.

GroupDesc string: The description of the security group that owns the rules.
GroupId string
GroupName string: The name of the security group that owns the rules.
Id string: The provider-assigned unique ID for this managed resource.
Rules []GetSecurityGroupRulesRule: A list of security group rules. Each element contains the following attributes:
Direction string: Authorization direction, ingress or egress.
IpProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
NicType string: Network type, internet or intranet.
OutputFile string
Policy string: Authorization policy. Can be either accept or drop.

groupDesc string: The description of the security group that owns the rules.
groupId string
groupName string: The name of the security group that owns the rules.
id string: The provider-assigned unique ID for this managed resource.
rules GetSecurityGroupRulesRule[]: A list of security group rules. Each element contains the following attributes:
direction string: Authorization direction, ingress or egress.
ipProtocol string: The protocol. Can be tcp, udp, icmp, gre or all.
nicType string: Network type, internet or intranet.
outputFile string
policy string: Authorization policy. Can be either accept or drop.

group_desc str: The description of the security group that owns the rules.
group_id str
group_name str: The name of the security group that owns the rules.
id str: The provider-assigned unique ID for this managed resource.
rules List[GetSecurityGroupRulesRule]: A list of security group rules. Each element contains the following attributes:
direction str: Authorization direction, ingress or egress.
ip_protocol str: The protocol. Can be tcp, udp, icmp, gre or all.
nic_type str: Network type, internet or intranet.
output_file str
policy str: Authorization policy. Can be either accept or drop.

Supporting Types

GetSecurityGroupRulesRule

See the output API doc for this type.

Description string: The description of the rule.
DestCidrIp string: Target IP address segment for egress authorization.
DestGroupId string
DestGroupOwnerAccount string: Alibaba Cloud account of the target security group.
Direction string: Authorization direction. Valid values are: ingress or egress.
IpProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
NicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
Policy string: Authorization policy. Can be either accept or drop. The default value is accept.
PortRange string: The range of port numbers.
Priority int: Rule priority.
SourceCidrIp string: Source IP address segment for ingress authorization.
SourceGroupId string
SourceGroupOwnerAccount string: Alibaba Cloud account of the source security group.

Description string: The description of the rule.
DestCidrIp string: Target IP address segment for egress authorization.
DestGroupId string
DestGroupOwnerAccount string: Alibaba Cloud account of the target security group.
Direction string: Authorization direction. Valid values are: ingress or egress.
IpProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
NicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
Policy string: Authorization policy. Can be either accept or drop. The default value is accept.
PortRange string: The range of port numbers.
Priority int: Rule priority.
SourceCidrIp string: Source IP address segment for ingress authorization.
SourceGroupId string
SourceGroupOwnerAccount string: Alibaba Cloud account of the source security group.

description string: The description of the rule.
destCidrIp string: Target IP address segment for egress authorization.
destGroupId string
destGroupOwnerAccount string: Alibaba Cloud account of the target security group.
direction string: Authorization direction. Valid values are: ingress or egress.
ipProtocol string: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nicType string: Refers to the network type. Can be either internet or intranet. The default value is internet.
policy string: Authorization policy. Can be either accept or drop. The default value is accept.
portRange string: The range of port numbers.
priority number: Rule priority.
sourceCidrIp string: Source IP address segment for ingress authorization.
sourceGroupId string
sourceGroupOwnerAccount string: Alibaba Cloud account of the source security group.

description str: The description of the rule.
destCidrIp str: Target IP address segment for egress authorization.
destGroupId str
destGroupOwnerAccount str: Alibaba Cloud account of the target security group.
direction str: Authorization direction. Valid values are: ingress or egress.
ip_protocol str: The IP protocol. Valid values are: tcp, udp, icmp, gre and all.
nic_type str: Refers to the network type. Can be either internet or intranet. The default value is internet.
policy str: Authorization policy. Can be either accept or drop. The default value is accept.
port_range str: The range of port numbers.
priority float: Rule priority.
sourceGroupId str
source_cidr_ip str: Source IP address segment for ingress authorization.
source_group_owner_account str: Alibaba Cloud account of the source security group.

Package Details

Repository: https://github.com/pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud