Up-to-date reference of API arguments for VPC security group rule you can get at documentation portal

opentelekomcloud_networking_secgroup_rule_v2

Manages a V2 neutron security group rule resource within OpenTelekomCloud. Unlike Nova security groups, neutron separates the group from the rules and also allows an admin to target a specific tenant_id.

Example Usage

resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
  name        = "secgroup_1"
  description = "My neutron security group"
}

resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = 22
  port_range_max    = 22
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
}

Example ICMP

ICMP port codes you can get at: https://docs.otc.t-systems.com/virtual-private-cloud/api-ref/appendix/icmp-port_range_relationship_table.html.

But for Any values must be:

  • port_range_min = 0

  • port_range_max = 255

Echo

resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
  name        = "secgroup_1"
  description = "My neutron security group"
}

resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_icmp_echo_reply" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "icmp"
  port_range_min    = 0
  port_range_max    = 0
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
}

Any

resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
  name        = "secgroup_1"
  description = "My neutron security group"
}

resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_icmp_any" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "icmp"
  port_range_min    = 0
  port_range_max    = 255
  remote_ip_prefix  = "0.0.0.0/0"
  security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
}

Ipv6

resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
  name        = "secgroup_1"
  description = "My neutron security group"
}

resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_v6" {
  direction         = "ingress"
  ethertype         = "IPv6"
  port_range_max    = 8080
  port_range_min    = 8080
  protocol          = "tcp"
  remote_group_id   = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
  security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_2.id
}

Argument Reference

The following arguments are supported:

  • description - (Optional) A description of the rule. Changing this creates a new security group rule.

  • direction - (Required) The direction of the rule, valid values are ingress or egress. Changing this creates a new security group rule.

  • ethertype - (Required) The layer 3 protocol type, valid values are IPv4 or IPv6. Changing this creates a new security group rule.

  • protocol - (Optional) The layer 4 protocol type, valid values are following. Changing this creates a new security group rule. This is required if you want to specify a port range.

    • tcp, udp, icmp, ah, dccp, egp, esp, gre, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, udplite, vrrp

  • port_range_min - (Optional) The lower part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule. When ICMP is used, the value is the ICMP code (The value ranges from 0 to 255 when it indicates the code).

  • port_range_max - (Optional) The higher part of the allowed port range, valid integer value needs to be between 1 and 65535. Changing this creates a new security group rule. When ICMP is used, the value is the ICMP code (The value ranges from 0 to 255 when it indicates the code).

  • remote_ip_prefix - (Optional) The remote CIDR, the value needs to be a valid CIDR (i.e. 192.168.0.0/16). Changing this creates a new security group rule.

  • remote_group_id - (Optional) The remote group id, the value needs to be an OpenTelekomCloud ID of a security group in the same tenant. Changing this creates a new security group rule.

  • security_group_id - (Required) The security group id the rule should belong to, the value needs to be an OpenTelekomCloud ID of a security group in the same tenant. Changing this creates a new security group rule.

  • tenant_id - (Optional) The owner of the security group. Required if admin wants to create a port for another tenant. Changing this creates a new security group rule.

Attributes Reference

The following attributes are exported:

  • description - See Argument Reference above.

  • direction - See Argument Reference above.

  • ethertype - See Argument Reference above.

  • protocol - See Argument Reference above.

  • port_range_min - See Argument Reference above.

  • port_range_max - See Argument Reference above.

  • remote_ip_prefix - See Argument Reference above.

  • remote_group_id - See Argument Reference above.

  • security_group_id - See Argument Reference above.

  • tenant_id - See Argument Reference above.

Import

Security Group Rules can be imported using the id, e.g.

terraform import opentelekomcloud_networking_secgroup_rule_v2.secgroup_rule_1 aeb68ee3-6e9d-4256-955c-9584a6212745
last updated: UTC - commit: