The alicloud_security_group_rules data source provides a collection of security permissions of a specific security group. Each collection item represents a single ingress or egress permission rule. The id of the security group can be provided via variable or filtered by another data source alicloud_security_groups.

Example Usage

The following example shows how to obtain details of the security group rule and passing the data to the instance at launch.

# accept a security group id as a variable

variable "security_group_id" {}

# or filter using data source
# note the filter must select only one specific group

data "alicloud_security_groups" "api" {
  name_regex = "api"

# filter the rule

data "alicloud_security_group_rules" "ingress" {
  id          = "${alicloud_security_groups.api.0.id}"
                # or ${var.security_group_id}
  nic_type    = "internet"
  direction   = "ingress"
  ip_protocol = "TCP"

# pass port_range to the backend service

resource "alicloud_instance" "backend" {
  user_data = "config_service.sh --portrange=${data.alicloud_security_group_rules.ingress.0.port_range}"

Argument Reference

The following arguments are supported:

  • group_id - (Required) The id of security group wich owns the rules.
  • nic_type - (Optional) Refers to the network type. Can be either internet or intranet. The default value is internet.
  • direction - (Optional) Authorization direction, ingress or egress.
  • ip_protocol - (Optional) The protocol. Can be tcp, udp, icmp, gre or all.
  • policy - (Optional) Authorization policy. Can be either accept or drop. The default value is accept.
  • output_file - (Optional) The name of file that can save security group rules after running terraform plan.

Attributes Reference

The following attributes are exported in addition to the arguments listed above:

© 2018 HashiCorpLicensed under the MPL 2.0 License.