Up-to-date reference of API arguments for VPC security group rule you can get at documentation portal
opentelekomcloud_vpc_secgroup_rule_v3¶
Manages a VPC security group rule v3 resource within OpenTelekomCloud.
Example Usage¶
variable "security_group_id" {}
resource "opentelekomcloud_vpc_secgroup_rule_v3" "rule_1" {
security_group_id = var.security_group_id
description = "some basic security rule"
direction = "ingress"
protocol = "tcp"
action = "allow"
priority = 1
multi_port = "8080"
remote_ip_prefix = "10.10.0.0/16"
}
Argument Reference¶
The following arguments are supported:
security_group_id
- (Required, String, ForceNew) Specifies the ID of the security group to which the security group rule belongs.description
- (Optional, String, ForceNew) Provides supplementary information about the security group rule.direction
- (Required, String, ForceNew) Specifies inbound or outbound direction of a security group rule. Supported values:ingress
(inbound direction),egress
(outbound direction).ether_type
- (Required, String, ForceNew) Specifies the IP version. Supported values:IPv4
,IPv6
. Default:IPv4
.protocol
- (Optional, String, ForceNew) Specifies the protocol type. The value can beicmp
,tcp
,udp
,icmpv6
or anIP number (0 to 255)
. If the parameter is left blank, all protocols are supported. When the protocol isicmpv6
, IP version should beIPv6
. When the protocol isicmp
, IP version should beIPv4
.multiport
- (Optional, String, ForceNew) Specifies the port or port range. The value can be a single port, e.g.80
, a port range, e.g.1-30
, or inconsecutive ports separated by commas, e.g.22,3389,80
.remote_ip_prefix
- (Optional, String, ForceNew) Specifies the remote IP address. Ifdirection
is set toegress
, the parameter specifies the source IP address. Ifdirection
is set toingress
, the parameter specifies the destination IP address. The value is anIP address
or aCIDR block
. The parameter is mutually exclusive with parameterremote_group_id
. If this parameter is left blank, the remote IP address is not limited, and the traffic from all remote IP addresses is allowed or rejected.remote_group_id
- (Optional, String, ForceNew) Specifies the ID of the remote security group, which allows or denies traffic to and from the security group. The value has to be the ID of an existing security group. The parameter is mutually exclusive with parameterremote_ip_prefix
.action
- (Optional, String, ForceNew) Specifies the action of the security group rule. Supported values:allow
,deny
. Default value:allow
.priority
- (Optional, Integer, ForceNew) Specifies the rule priority in a security group. The value is from 1 to 100. The value 1 indicates the highest priority. Default value:1
.
Attributes Reference¶
In addition to the arguments mentioned above, the following attributes are exported:
id
- Security Group Rule ID.project_id
- Indicates the project ID.created_at
- Indicates the time when the security group rule was created. It is a UTC time in yyyy-MM-ddTHH:mm:ssZ format.updated_at
- Indicates the time when the security group rule was updated. It is a UTC time in yyyy-MM-ddTHH:mm:ssZ format.remote_address_group_id
- Indicates the ID of the remote IP address group. The parameter value is mutually exclusive with parametersremote_ip_prefix
andremote_group_id
.
Import¶
VPC Security Group Rule V3 can be imported using the id
, e.g.
terraform import opentelekomcloud_vpc_secgroup_rule_v3.secgroup_rule_1 <id>