oci.Core.NetworkSecurityGroupSecurityRule
Explore with Pulumi AI
This resource provides the Network Security Group Security Rule resource in Oracle Cloud Infrastructure Core service.
Adds up to 25 security rules to the specified network security group. Adding more than 25 rules requires multiple operations.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testNetworkSecurityGroupSecurityRule = new oci.core.NetworkSecurityGroupSecurityRule("test_network_security_group_security_rule", {
networkSecurityGroupId: testNetworkSecurityGroup.id,
direction: networkSecurityGroupSecurityRuleDirection,
protocol: networkSecurityGroupSecurityRuleProtocol,
description: networkSecurityGroupSecurityRuleDescription,
destination: networkSecurityGroupSecurityRuleDestination,
destinationType: networkSecurityGroupSecurityRuleDestinationType,
icmpOptions: {
type: networkSecurityGroupSecurityRuleIcmpOptionsType,
code: networkSecurityGroupSecurityRuleIcmpOptionsCode,
},
source: networkSecurityGroupSecurityRuleSource,
sourceType: networkSecurityGroupSecurityRuleSourceType,
stateless: networkSecurityGroupSecurityRuleStateless,
tcpOptions: {
destinationPortRange: {
max: networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMax,
min: networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMin,
},
sourcePortRange: {
max: networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMax,
min: networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMin,
},
},
udpOptions: {
destinationPortRange: {
max: networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMax,
min: networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMin,
},
sourcePortRange: {
max: networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMax,
min: networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMin,
},
},
});
import pulumi
import pulumi_oci as oci
test_network_security_group_security_rule = oci.core.NetworkSecurityGroupSecurityRule("test_network_security_group_security_rule",
network_security_group_id=test_network_security_group["id"],
direction=network_security_group_security_rule_direction,
protocol=network_security_group_security_rule_protocol,
description=network_security_group_security_rule_description,
destination=network_security_group_security_rule_destination,
destination_type=network_security_group_security_rule_destination_type,
icmp_options={
"type": network_security_group_security_rule_icmp_options_type,
"code": network_security_group_security_rule_icmp_options_code,
},
source=network_security_group_security_rule_source,
source_type=network_security_group_security_rule_source_type,
stateless=network_security_group_security_rule_stateless,
tcp_options={
"destination_port_range": {
"max": network_security_group_security_rule_tcp_options_destination_port_range_max,
"min": network_security_group_security_rule_tcp_options_destination_port_range_min,
},
"source_port_range": {
"max": network_security_group_security_rule_tcp_options_source_port_range_max,
"min": network_security_group_security_rule_tcp_options_source_port_range_min,
},
},
udp_options={
"destination_port_range": {
"max": network_security_group_security_rule_udp_options_destination_port_range_max,
"min": network_security_group_security_rule_udp_options_destination_port_range_min,
},
"source_port_range": {
"max": network_security_group_security_rule_udp_options_source_port_range_max,
"min": network_security_group_security_rule_udp_options_source_port_range_min,
},
})
package main
import (
"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/Core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := Core.NewNetworkSecurityGroupSecurityRule(ctx, "test_network_security_group_security_rule", &Core.NetworkSecurityGroupSecurityRuleArgs{
NetworkSecurityGroupId: pulumi.Any(testNetworkSecurityGroup.Id),
Direction: pulumi.Any(networkSecurityGroupSecurityRuleDirection),
Protocol: pulumi.Any(networkSecurityGroupSecurityRuleProtocol),
Description: pulumi.Any(networkSecurityGroupSecurityRuleDescription),
Destination: pulumi.Any(networkSecurityGroupSecurityRuleDestination),
DestinationType: pulumi.Any(networkSecurityGroupSecurityRuleDestinationType),
IcmpOptions: &core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs{
Type: pulumi.Any(networkSecurityGroupSecurityRuleIcmpOptionsType),
Code: pulumi.Any(networkSecurityGroupSecurityRuleIcmpOptionsCode),
},
Source: pulumi.Any(networkSecurityGroupSecurityRuleSource),
SourceType: pulumi.Any(networkSecurityGroupSecurityRuleSourceType),
Stateless: pulumi.Any(networkSecurityGroupSecurityRuleStateless),
TcpOptions: &core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs{
DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs{
Max: pulumi.Any(networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMax),
Min: pulumi.Any(networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMin),
},
SourcePortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs{
Max: pulumi.Any(networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMax),
Min: pulumi.Any(networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMin),
},
},
UdpOptions: &core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs{
DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs{
Max: pulumi.Any(networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMax),
Min: pulumi.Any(networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMin),
},
SourcePortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs{
Max: pulumi.Any(networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMax),
Min: pulumi.Any(networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMin),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testNetworkSecurityGroupSecurityRule = new Oci.Core.NetworkSecurityGroupSecurityRule("test_network_security_group_security_rule", new()
{
NetworkSecurityGroupId = testNetworkSecurityGroup.Id,
Direction = networkSecurityGroupSecurityRuleDirection,
Protocol = networkSecurityGroupSecurityRuleProtocol,
Description = networkSecurityGroupSecurityRuleDescription,
Destination = networkSecurityGroupSecurityRuleDestination,
DestinationType = networkSecurityGroupSecurityRuleDestinationType,
IcmpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs
{
Type = networkSecurityGroupSecurityRuleIcmpOptionsType,
Code = networkSecurityGroupSecurityRuleIcmpOptionsCode,
},
Source = networkSecurityGroupSecurityRuleSource,
SourceType = networkSecurityGroupSecurityRuleSourceType,
Stateless = networkSecurityGroupSecurityRuleStateless,
TcpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsArgs
{
DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs
{
Max = networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMax,
Min = networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMin,
},
SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs
{
Max = networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMax,
Min = networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMin,
},
},
UdpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsArgs
{
DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs
{
Max = networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMax,
Min = networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMin,
},
SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs
{
Max = networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMax,
Min = networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMin,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Core.NetworkSecurityGroupSecurityRule;
import com.pulumi.oci.Core.NetworkSecurityGroupSecurityRuleArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testNetworkSecurityGroupSecurityRule = new NetworkSecurityGroupSecurityRule("testNetworkSecurityGroupSecurityRule", NetworkSecurityGroupSecurityRuleArgs.builder()
.networkSecurityGroupId(testNetworkSecurityGroup.id())
.direction(networkSecurityGroupSecurityRuleDirection)
.protocol(networkSecurityGroupSecurityRuleProtocol)
.description(networkSecurityGroupSecurityRuleDescription)
.destination(networkSecurityGroupSecurityRuleDestination)
.destinationType(networkSecurityGroupSecurityRuleDestinationType)
.icmpOptions(NetworkSecurityGroupSecurityRuleIcmpOptionsArgs.builder()
.type(networkSecurityGroupSecurityRuleIcmpOptionsType)
.code(networkSecurityGroupSecurityRuleIcmpOptionsCode)
.build())
.source(networkSecurityGroupSecurityRuleSource)
.sourceType(networkSecurityGroupSecurityRuleSourceType)
.stateless(networkSecurityGroupSecurityRuleStateless)
.tcpOptions(NetworkSecurityGroupSecurityRuleTcpOptionsArgs.builder()
.destinationPortRange(NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs.builder()
.max(networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMax)
.min(networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMin)
.build())
.sourcePortRange(NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs.builder()
.max(networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMax)
.min(networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMin)
.build())
.build())
.udpOptions(NetworkSecurityGroupSecurityRuleUdpOptionsArgs.builder()
.destinationPortRange(NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs.builder()
.max(networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMax)
.min(networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMin)
.build())
.sourcePortRange(NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs.builder()
.max(networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMax)
.min(networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMin)
.build())
.build())
.build());
}
}
resources:
testNetworkSecurityGroupSecurityRule:
type: oci:Core:NetworkSecurityGroupSecurityRule
name: test_network_security_group_security_rule
properties:
networkSecurityGroupId: ${testNetworkSecurityGroup.id}
direction: ${networkSecurityGroupSecurityRuleDirection}
protocol: ${networkSecurityGroupSecurityRuleProtocol}
description: ${networkSecurityGroupSecurityRuleDescription}
destination: ${networkSecurityGroupSecurityRuleDestination}
destinationType: ${networkSecurityGroupSecurityRuleDestinationType}
icmpOptions:
type: ${networkSecurityGroupSecurityRuleIcmpOptionsType}
code: ${networkSecurityGroupSecurityRuleIcmpOptionsCode}
source: ${networkSecurityGroupSecurityRuleSource}
sourceType: ${networkSecurityGroupSecurityRuleSourceType}
stateless: ${networkSecurityGroupSecurityRuleStateless}
tcpOptions:
destinationPortRange:
max: ${networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMax}
min: ${networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMin}
sourcePortRange:
max: ${networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMax}
min: ${networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMin}
udpOptions:
destinationPortRange:
max: ${networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMax}
min: ${networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMin}
sourcePortRange:
max: ${networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMax}
min: ${networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMin}
Create NetworkSecurityGroupSecurityRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NetworkSecurityGroupSecurityRule(name: string, args: NetworkSecurityGroupSecurityRuleArgs, opts?: CustomResourceOptions);
@overload
def NetworkSecurityGroupSecurityRule(resource_name: str,
args: NetworkSecurityGroupSecurityRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NetworkSecurityGroupSecurityRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
direction: Optional[str] = None,
network_security_group_id: Optional[str] = None,
protocol: Optional[str] = None,
description: Optional[str] = None,
destination: Optional[str] = None,
destination_type: Optional[str] = None,
icmp_options: Optional[_core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs] = None,
source: Optional[str] = None,
source_type: Optional[str] = None,
stateless: Optional[bool] = None,
tcp_options: Optional[_core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs] = None,
udp_options: Optional[_core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs] = None)
func NewNetworkSecurityGroupSecurityRule(ctx *Context, name string, args NetworkSecurityGroupSecurityRuleArgs, opts ...ResourceOption) (*NetworkSecurityGroupSecurityRule, error)
public NetworkSecurityGroupSecurityRule(string name, NetworkSecurityGroupSecurityRuleArgs args, CustomResourceOptions? opts = null)
public NetworkSecurityGroupSecurityRule(String name, NetworkSecurityGroupSecurityRuleArgs args)
public NetworkSecurityGroupSecurityRule(String name, NetworkSecurityGroupSecurityRuleArgs args, CustomResourceOptions options)
type: oci:Core:NetworkSecurityGroupSecurityRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var networkSecurityGroupSecurityRuleResource = new Oci.Core.NetworkSecurityGroupSecurityRule("networkSecurityGroupSecurityRuleResource", new()
{
Direction = "string",
NetworkSecurityGroupId = "string",
Protocol = "string",
Description = "string",
Destination = "string",
DestinationType = "string",
IcmpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs
{
Type = 0,
Code = 0,
},
Source = "string",
SourceType = "string",
Stateless = false,
TcpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsArgs
{
DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs
{
Max = 0,
Min = 0,
},
SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs
{
Max = 0,
Min = 0,
},
},
UdpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsArgs
{
DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs
{
Max = 0,
Min = 0,
},
SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs
{
Max = 0,
Min = 0,
},
},
});
example, err := Core.NewNetworkSecurityGroupSecurityRule(ctx, "networkSecurityGroupSecurityRuleResource", &Core.NetworkSecurityGroupSecurityRuleArgs{
Direction: pulumi.String("string"),
NetworkSecurityGroupId: pulumi.String("string"),
Protocol: pulumi.String("string"),
Description: pulumi.String("string"),
Destination: pulumi.String("string"),
DestinationType: pulumi.String("string"),
IcmpOptions: &core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs{
Type: pulumi.Int(0),
Code: pulumi.Int(0),
},
Source: pulumi.String("string"),
SourceType: pulumi.String("string"),
Stateless: pulumi.Bool(false),
TcpOptions: &core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs{
DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
SourcePortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
},
UdpOptions: &core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs{
DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
SourcePortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
},
})
var networkSecurityGroupSecurityRuleResource = new NetworkSecurityGroupSecurityRule("networkSecurityGroupSecurityRuleResource", NetworkSecurityGroupSecurityRuleArgs.builder()
.direction("string")
.networkSecurityGroupId("string")
.protocol("string")
.description("string")
.destination("string")
.destinationType("string")
.icmpOptions(NetworkSecurityGroupSecurityRuleIcmpOptionsArgs.builder()
.type(0)
.code(0)
.build())
.source("string")
.sourceType("string")
.stateless(false)
.tcpOptions(NetworkSecurityGroupSecurityRuleTcpOptionsArgs.builder()
.destinationPortRange(NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs.builder()
.max(0)
.min(0)
.build())
.sourcePortRange(NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs.builder()
.max(0)
.min(0)
.build())
.build())
.udpOptions(NetworkSecurityGroupSecurityRuleUdpOptionsArgs.builder()
.destinationPortRange(NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs.builder()
.max(0)
.min(0)
.build())
.sourcePortRange(NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs.builder()
.max(0)
.min(0)
.build())
.build())
.build());
network_security_group_security_rule_resource = oci.core.NetworkSecurityGroupSecurityRule("networkSecurityGroupSecurityRuleResource",
direction="string",
network_security_group_id="string",
protocol="string",
description="string",
destination="string",
destination_type="string",
icmp_options={
"type": 0,
"code": 0,
},
source="string",
source_type="string",
stateless=False,
tcp_options={
"destination_port_range": {
"max": 0,
"min": 0,
},
"source_port_range": {
"max": 0,
"min": 0,
},
},
udp_options={
"destination_port_range": {
"max": 0,
"min": 0,
},
"source_port_range": {
"max": 0,
"min": 0,
},
})
const networkSecurityGroupSecurityRuleResource = new oci.core.NetworkSecurityGroupSecurityRule("networkSecurityGroupSecurityRuleResource", {
direction: "string",
networkSecurityGroupId: "string",
protocol: "string",
description: "string",
destination: "string",
destinationType: "string",
icmpOptions: {
type: 0,
code: 0,
},
source: "string",
sourceType: "string",
stateless: false,
tcpOptions: {
destinationPortRange: {
max: 0,
min: 0,
},
sourcePortRange: {
max: 0,
min: 0,
},
},
udpOptions: {
destinationPortRange: {
max: 0,
min: 0,
},
sourcePortRange: {
max: 0,
min: 0,
},
},
});
type: oci:Core:NetworkSecurityGroupSecurityRule
properties:
description: string
destination: string
destinationType: string
direction: string
icmpOptions:
code: 0
type: 0
networkSecurityGroupId: string
protocol: string
source: string
sourceType: string
stateless: false
tcpOptions:
destinationPortRange:
max: 0
min: 0
sourcePortRange:
max: 0
min: 0
udpOptions:
destinationPortRange:
max: 0
min: 0
sourcePortRange:
max: 0
min: 0
NetworkSecurityGroupSecurityRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NetworkSecurityGroupSecurityRule resource accepts the following input properties:
- Direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - Network
Security stringGroup Id - The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - Description string
- An optional description of your choice for the rule.
- Destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- Destination
Type string - Type of destination for the rule. Required if
direction
=EGRESS
. - Icmp
Options NetworkSecurity Group Security Rule Icmp Options - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- Source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- Source
Type string - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- Tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- Udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- Direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - Network
Security stringGroup Id - The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - Description string
- An optional description of your choice for the rule.
- Destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- Destination
Type string - Type of destination for the rule. Required if
direction
=EGRESS
. - Icmp
Options NetworkSecurity Group Security Rule Icmp Options Args - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- Source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- Source
Type string - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- Tcp
Options NetworkSecurity Group Security Rule Tcp Options Args - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- Udp
Options NetworkSecurity Group Security Rule Udp Options Args - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction String
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - network
Security StringGroup Id - The OCID of the network security group.
- protocol String
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - description String
- An optional description of your choice for the rule.
- destination String
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destination
Type String - Type of destination for the rule. Required if
direction
=EGRESS
. - icmp
Options NetworkSecurity Group Security Rule Icmp Options - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- source String
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- source
Type String - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - network
Security stringGroup Id - The OCID of the network security group.
- protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - description string
- An optional description of your choice for the rule.
- destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destination
Type string - Type of destination for the rule. Required if
direction
=EGRESS
. - icmp
Options NetworkSecurity Group Security Rule Icmp Options - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- source
Type string - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- stateless boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction str
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - network_
security_ strgroup_ id - The OCID of the network security group.
- protocol str
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - description str
- An optional description of your choice for the rule.
- destination str
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destination_
type str - Type of destination for the rule. Required if
direction
=EGRESS
. - icmp_
options core.Network Security Group Security Rule Icmp Options Args - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- source str
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- source_
type str - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp_
options core.Network Security Group Security Rule Tcp Options Args - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udp_
options core.Network Security Group Security Rule Udp Options Args - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction String
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - network
Security StringGroup Id - The OCID of the network security group.
- protocol String
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - description String
- An optional description of your choice for the rule.
- destination String
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destination
Type String - Type of destination for the rule. Required if
direction
=EGRESS
. - icmp
Options Property Map - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- source String
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- source
Type String - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options Property Map - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udp
Options Property Map - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
Outputs
All input properties are implicitly available as output properties. Additionally, the NetworkSecurityGroupSecurityRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Is
Valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - Time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- Id string
- The provider-assigned unique ID for this managed resource.
- Is
Valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - Time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- id String
- The provider-assigned unique ID for this managed resource.
- is
Valid Boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - time
Created String - The date and time the security rule was created. Format defined by RFC3339.
- id string
- The provider-assigned unique ID for this managed resource.
- is
Valid boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- id str
- The provider-assigned unique ID for this managed resource.
- is_
valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - time_
created str - The date and time the security rule was created. Format defined by RFC3339.
- id String
- The provider-assigned unique ID for this managed resource.
- is
Valid Boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - time
Created String - The date and time the security rule was created. Format defined by RFC3339.
Look up Existing NetworkSecurityGroupSecurityRule Resource
Get an existing NetworkSecurityGroupSecurityRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NetworkSecurityGroupSecurityRuleState, opts?: CustomResourceOptions): NetworkSecurityGroupSecurityRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
destination: Optional[str] = None,
destination_type: Optional[str] = None,
direction: Optional[str] = None,
icmp_options: Optional[_core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs] = None,
is_valid: Optional[bool] = None,
network_security_group_id: Optional[str] = None,
protocol: Optional[str] = None,
source: Optional[str] = None,
source_type: Optional[str] = None,
stateless: Optional[bool] = None,
tcp_options: Optional[_core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs] = None,
time_created: Optional[str] = None,
udp_options: Optional[_core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs] = None) -> NetworkSecurityGroupSecurityRule
func GetNetworkSecurityGroupSecurityRule(ctx *Context, name string, id IDInput, state *NetworkSecurityGroupSecurityRuleState, opts ...ResourceOption) (*NetworkSecurityGroupSecurityRule, error)
public static NetworkSecurityGroupSecurityRule Get(string name, Input<string> id, NetworkSecurityGroupSecurityRuleState? state, CustomResourceOptions? opts = null)
public static NetworkSecurityGroupSecurityRule get(String name, Output<String> id, NetworkSecurityGroupSecurityRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- An optional description of your choice for the rule.
- Destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- Destination
Type string - Type of destination for the rule. Required if
direction
=EGRESS
. - Direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - Icmp
Options NetworkSecurity Group Security Rule Icmp Options - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- Is
Valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - Network
Security stringGroup Id - The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - Source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- Source
Type string - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- Tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- Time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- Udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- Description string
- An optional description of your choice for the rule.
- Destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- Destination
Type string - Type of destination for the rule. Required if
direction
=EGRESS
. - Direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - Icmp
Options NetworkSecurity Group Security Rule Icmp Options Args - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- Is
Valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - Network
Security stringGroup Id - The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - Source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- Source
Type string - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- Tcp
Options NetworkSecurity Group Security Rule Tcp Options Args - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- Time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- Udp
Options NetworkSecurity Group Security Rule Udp Options Args - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description String
- An optional description of your choice for the rule.
- destination String
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destination
Type String - Type of destination for the rule. Required if
direction
=EGRESS
. - direction String
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - icmp
Options NetworkSecurity Group Security Rule Icmp Options - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- is
Valid Boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - network
Security StringGroup Id - The OCID of the network security group.
- protocol String
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - source String
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- source
Type String - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- time
Created String - The date and time the security rule was created. Format defined by RFC3339.
- udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description string
- An optional description of your choice for the rule.
- destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destination
Type string - Type of destination for the rule. Required if
direction
=EGRESS
. - direction string
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - icmp
Options NetworkSecurity Group Security Rule Icmp Options - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- is
Valid boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - network
Security stringGroup Id - The OCID of the network security group.
- protocol string
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- source
Type string - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- stateless boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options NetworkSecurity Group Security Rule Tcp Options - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- time
Created string - The date and time the security rule was created. Format defined by RFC3339.
- udp
Options NetworkSecurity Group Security Rule Udp Options - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description str
- An optional description of your choice for the rule.
- destination str
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destination_
type str - Type of destination for the rule. Required if
direction
=EGRESS
. - direction str
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - icmp_
options core.Network Security Group Security Rule Icmp Options Args - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- is_
valid bool - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - network_
security_ strgroup_ id - The OCID of the network security group.
- protocol str
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - source str
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- source_
type str - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp_
options core.Network Security Group Security Rule Tcp Options Args - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- time_
created str - The date and time the security rule was created. Format defined by RFC3339.
- udp_
options core.Network Security Group Security Rule Udp Options Args - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description String
- An optional description of your choice for the rule.
- destination String
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destination
Type String - Type of destination for the rule. Required if
direction
=EGRESS
. - direction String
- Direction of the security rule. Set to
EGRESS
for rules to allow outbound IP packets, orINGRESS
for rules to allow inbound IP packets. - icmp
Options Property Map - Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- is
Valid Boolean - Whether the rule is valid. The value is
True
when the rule is first created. If the rule'ssource
ordestination
is a network security group, the value changes toFalse
if that network security group is deleted. - network
Security StringGroup Id - The OCID of the network security group.
- protocol String
- The transport protocol. Specify either
all
or an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58"). - source String
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- source
Type String - Type of source for the rule. Required if
direction
=INGRESS
.CIDR_BLOCK
: If the rule'ssource
is an IP address range in CIDR notation.SERVICE_CIDR_BLOCK
: If the rule'ssource
is thecidrBlock
value for a Service (the rule is for traffic coming from a particularService
through a service gateway).NETWORK_SECURITY_GROUP
: If the rule'ssource
is the OCID of a NetworkSecurityGroup.
- stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp
Options Property Map - Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- time
Created String - The date and time the security rule was created. Format defined by RFC3339.
- udp
Options Property Map - Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
Supporting Types
NetworkSecurityGroupSecurityRuleIcmpOptions, NetworkSecurityGroupSecurityRuleIcmpOptionsArgs
NetworkSecurityGroupSecurityRuleTcpOptions, NetworkSecurityGroupSecurityRuleTcpOptionsArgs
NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRange, NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs
NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRange, NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs
NetworkSecurityGroupSecurityRuleUdpOptions, NetworkSecurityGroupSecurityRuleUdpOptionsArgs
NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRange, NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs
NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRange, NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs
Import
NetworkSecurityGroupSecurityRule can be imported using the id
, e.g.
$ pulumi import oci:Core/networkSecurityGroupSecurityRule:NetworkSecurityGroupSecurityRule test_network_security_group_security_rule "networkSecurityGroups/{networkSecurityGroupId}/securityRules/{securityRuleId}"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oci
Terraform Provider.