The alicloud_security_group_rules
data source provides a collection of security permissions of a specific security group.
Each collection item represents a single ingress
or egress
permission rule.
The ID of the security group can be provided via a variable or the result from the other data source alicloud_security_groups
.
The following example shows how to obtain details about a security group rule and how to pass its data to an instance at launch time.
# Get the security group id from a variable
variable "security_group_id" {}
# Or get it from the alicloud_security_groups data source.
# Please note that the data source arguments must be enough to filter results to one security group.
data "alicloud_security_groups" "groups_ds" {
name_regex = "api"
}
# Filter the security group rule by group
data "alicloud_security_group_rules" "ingress_rules_ds" {
group_id = "${data.alicloud_security_groups.groups_ds.groups.0.id}" # or ${var.security_group_id}
nic_type = "internet"
direction = "ingress"
ip_protocol = "tcp"
}
# Pass port_range to the backend service
resource "alicloud_instance" "backend" {
# ...
user_data = "config_service.sh --portrange=${data.alicloud_security_group_rules.ingress_rules_ds.rules.0.port_range}"
}
The following arguments are supported:
group_id
- (Required) The ID of the security group that owns the rules.nic_type
- (Optional) Refers to the network type. Can be either internet
or intranet
. The default value is internet
.direction
- (Optional) Authorization direction. Valid values are: ingress
or egress
.ip_protocol
- (Optional) The IP protocol. Valid values are: tcp
, udp
, icmp
, gre
and all
.policy
- (Optional) Authorization policy. Can be either accept
or drop
. The default value is accept
.output_file
- (Optional) File name where to save data source results (after running terraform plan
).The following attributes are exported in addition to the arguments listed above:
group_name
- The name of the security group that owns the rules.group_desc
- The description of the security group that owns the rules.rules
- A list of security group rules. Each element contains the following attributes:
ip_protocol
- The protocol. Can be tcp
, udp
, icmp
, gre
or all
.port_range
- The range of port numbers.source_cidr_ip
- Source IP address segment for ingress authorization.source_group_id
- Source security group ID for ingress authorization.source_group_owner_account
- Alibaba Cloud account of the source security group.dest_cidr_ip
- Target IP address segment for egress authorization.dest_group_id
- Target security group id for ingress authorization.dest_group_owner_account
- Alibaba Cloud account of the target security group.policy
- Authorization policy. Can be either accept
or drop
.nic_type
- Network type, internet
or intranet
.priority
- Rule priority.direction
- Authorization direction, ingress
or egress
.description
- The description of the rule.