Yandex Cloud Provider v0.138.0
  • Application Load Balancer (ALB)
  • Audit Trails
  • Beta Resources
  • Certificate Manager
  • Client Config
  • Cloud Backup
  • Cloud Billing
  • Cloud Content Delivery Network (CDN)
  • Cloud Domain Name System (DNS)
  • Cloud Logging
  • Cloud Organization
  • Compute Cloud
  • Container Registry
  • Data Processing
  • Data Transfer
  • Datasphere
  • Identity and Access Management (IAM)
  • IoT Core
  • Key Management Service (KMS)
  • Load Testing
  • Lockbox (Secret Management)
  • Managed Kubernetes (MK8S) Marketplace
  • Managed Service for Apache Airflow
  • Managed Service for Apache Kafka
  • Managed Service for ClickHouse
  • Managed Service for Elasticsearch
  • Managed Service for Greenplum
  • Managed Service for Kubernetes (MK8S)
  • Managed Service for MongoDB
  • Managed Service for MySQL
  • Managed Service for OpenSearch
  • Managed Service for PostgreSQL
  • Managed Service for Redis
  • Managed Service for SQLServer
  • Managed Service for YDB
  • Message Queue
  • Monitoring
  • Network Load Balancer (NLB)
  • Object Storage (S3)
  • Resource Manager
  • Serverless Cloud Functions
  • Serverless Containers
  • Serverless Integrations
  • Smart Captcha
  • Smart Web Security (SWS)
  • Virtual Private Cloud (VPC)
  • Yandex API Gateway

yandex_vpc_security_group_rule (Resource)

Manages Security Group Rule within the Yandex Cloud. For more information, see Documentation.

~> There is another way to manage security group rules by ingress and egress arguments in yandex_vpc_security_group resource. Both ways are similar but not compatible with each other. Using Security Group Rule at the same time with yandex_vpc_security_group resource will cause a conflict of rules configuration and it's not recommended!

~> Either one port argument or both from_port and to_port arguments can be specified.

~> If port or from_port/to_port aren't specified or set by -1, ANY port will be sent.
~> Can't use specified port if protocol is one of ICMP or IPV6_ICMP.

~> One of arguments v4_cidr_blocks/v6_cidr_blocks or predefined_target or security_group_id must be specified.

Example usage

//
// Create a new VPC Security Group Rule.
//
resource "yandex_vpc_security_group" "group1" {
  name        = "My security group"
  description = "description for my security group"
  network_id  = yandex_vpc_network.lab-net.id

  labels = {
    my-label = "my-label-value"
  }
}

resource "yandex_vpc_security_group_rule" "rule1" {
  security_group_binding = yandex_vpc_security_group.group1.id
  direction              = "ingress"
  description            = "rule1 description"
  v4_cidr_blocks         = ["10.0.1.0/24", "10.0.2.0/24"]
  port                   = 8080
  protocol               = "TCP"
}

resource "yandex_vpc_security_group_rule" "rule2" {
  security_group_binding = yandex_vpc_security_group.group1.id
  direction              = "egress"
  description            = "rule2 description"
  v4_cidr_blocks         = ["10.0.1.0/24"]
  from_port              = 8090
  to_port                = 8099
  protocol               = "UDP"
}

// Auxiliary resources
resource "yandex_vpc_network" "lab-net" {
  name = "lab-network"
}

Schema

Required

  • direction (String) Direction of the Security group rule. Can be ingress (inbound network traffic to the VPC network) or egress (outbound network traffic from the VPC network).
  • security_group_binding (String) The id of target security group which rule belongs to.

Optional

  • description (String) The resource description.
  • from_port (Number) Minimum port number. Applicable for TCP and UDP protocols.
  • labels (Map of String) A set of key/value label pairs which assigned to resource.
  • port (Number) Port number (if applied to a single port).
  • predefined_target (String) Special-purpose targets. The self_security_group target refers to this particular security group. The loadbalancer_healthchecks target represents NLB health check nodes.
  • protocol (String) Specific network protocol. Can be one of ANY, TCP, UDP, ICMP, IPV6_ICMP.
  • security_group_id (String) Target security group ID for this Security group rule.
  • timeouts (Block, Optional) (see below for nested schema)
  • to_port (Number) Maximum port number. Applicable for TCP and UDP protocols.
  • v4_cidr_blocks (List of String) The list of IPv4 CIDR prefixes for this Security group rule.
  • v6_cidr_blocks (List of String) The list of IPv6 CIDR prefixes for this Security group rule. Not supported yet.

Read-Only

  • id (String) The resource identifier.

Nested Schema for timeouts

Optional:

  • create (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
  • delete (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
  • update (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

Import

The resource can be imported by using their resource ID. For getting the resource ID you can use Yandex Cloud Web Console or YC CLI.

# terraform import yandex_vpc_security_group.<resource Name> <resource Id>
terraform import yandex_vpc_security_group_rule.myrule enphq**********cjsw4
Предыдущая
vpc_security_group
Следующая
vpc_subnet
В этой статье: