The alicloud_security_group_rules
data source provides a collection of security permissions of a specific security group. Each collection item represents a single ingress
or egress
permission rule. The id of the security group can be provided via variable or filtered by another data source alicloud_security_groups
.
The following example shows how to obtain details of the security group rule and passing the data to the instance at launch.
# accept a security group id as a variable variable "security_group_id" {} # or filter using data source # note the filter must select only one specific group data "alicloud_security_groups" "api" { name_regex = "api" } # filter the rule data "alicloud_security_group_rules" "ingress" { id = "${alicloud_security_groups.api.0.id}" # or ${var.security_group_id} nic_type = "internet" direction = "ingress" ip_protocol = "TCP" } # pass port_range to the backend service resource "alicloud_instance" "backend" { ... user_data = "config_service.sh --portrange=${data.alicloud_security_group_rules.ingress.0.port_range}" }
The following arguments are supported:
group_id
- (Required) The id of security group wich owns the rules. nic_type
- (Optional) Refers to the network type. Can be either internet
or intranet
. The default value is internet
. direction
- (Optional) Authorization direction, ingress
or egress
. ip_protocol
- (Optional) The protocol. Can be tcp
, udp
, icmp
, gre
or all
. policy
- (Optional) Authorization policy. Can be either accept
or drop
. The default value is accept
. output_file
- (Optional) The name of file that can save security group rules after running terraform plan
. The following attributes are exported in addition to the arguments listed above:
group_name
- The name of the security group which owns the rules. group_desc
- The description of the security group which owns the rules. rules
- A list of security group rules. Its every element contains the following attributes: ip_protocol
- The protocol. Can be tcp
, udp
, icmp
, gre
or all
. port_range
- The range of port numbers. source_cidr_ip
- Source ip address segment for ingress authorization. source_security_group_id
- Source security group id for ingress authorization. source_group_owner_account
- Alibaba Cloud account of the source security group. dest_cidr_ip
- Target ip address segment for egress authorization. dest_security_group_id
- Target security group id for ingress authorization. dest_group_owner_account
- Alibaba Cloud account of the target security group. policy
- Authorization policy. Can be either accept
or drop
. nic_type
- Network type, internet
or intranet
. priority
- Rule priority. direction
- Authorization direction, ingress
or egress
. description
- The description of the rule.
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/alicloud/d/security_group_rules.html