alicloud_security_group_rules

The alicloud_security_group_rules data source provides a collection of security permissions of a specific security group. Each collection item represents a single ingress or egress permission rule. The ID of the security group can be provided via a variable or the result from the other data source alicloud_security_groups.

Example Usage

The following example shows how to obtain details about a security group rule and how to pass its data to an instance at launch time.

# Get the security group id from a variable
variable "security_group_id" {}

# Or get it from the alicloud_security_groups data source.
# Please note that the data source arguments must be enough to filter results to one security group.
data "alicloud_security_groups" "groups_ds" {
  name_regex = "api"
}

# Filter the security group rule by group
data "alicloud_security_group_rules" "ingress_rules_ds" {
  group_id    = "${data.alicloud_security_groups.groups_ds.groups.0.id}" # or ${var.security_group_id}
  nic_type    = "internet"
  direction   = "ingress"
  ip_protocol = "tcp"
}

# Pass port_range to the backend service
resource "alicloud_instance" "backend" {
  # ...
  user_data = "config_service.sh --portrange=${data.alicloud_security_group_rules.ingress_rules_ds.rules.0.port_range}"
}

Argument Reference

The following arguments are supported:

Attributes Reference

The following attributes are exported in addition to the arguments listed above: