Skip to content

security_group_rule.md

Latest commit

 

History

History
87 lines (64 loc) · 3.48 KB

security_group_rule.md

File metadata and controls

87 lines (64 loc) · 3.48 KB
page_title subcategory description
stackit_security_group_rule Resource - stackit
Security group rule resource schema. Must have a region specified in the provider configuration.

stackit_security_group_rule (Resource)

Security group rule resource schema. Must have a region specified in the provider configuration.

Example Usage

resource "stackit_security_group_rule" "example" {
  project_id        = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  security_group_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  direction         = "ingress"
  icmp_parameters = {
    code = 0
    type = 8
  }
  protocol = {
    name = "icmp"
  }
}

# Only use the import statement, if you want to import an existing security group rule
# Note: There will be a conflict which needs to be resolved manually.
# Attribute "protocol.number" cannot be specified when "protocol.name" is specified.
import {
  to = stackit_security_group_rule.import-example
  id = "${var.project_id},${var.security_group_id},${var.security_group_rule_id}"
}

Schema

Required

  • direction (String) The direction of the traffic which the rule should match. Some of the possible values are: Possible values are: ingress, egress.
  • project_id (String) STACKIT project ID to which the security group rule is associated.
  • security_group_id (String) The security group ID.

Optional

  • description (String) The rule description.
  • ether_type (String) The ethertype which the rule should match.
  • icmp_parameters (Attributes) ICMP Parameters. These parameters should only be provided if the protocol is ICMP. (see below for nested schema)
  • ip_range (String) The remote IP range which the rule should match.
  • port_range (Attributes) The range of ports. This should only be provided if the protocol is not ICMP. (see below for nested schema)
  • protocol (Attributes) The internet protocol which the rule should match. (see below for nested schema)
  • region (String) The resource region. If not defined, the provider region is used.
  • remote_security_group_id (String) The remote security group which the rule should match.

Read-Only

  • id (String) Terraform's internal resource ID. It is structured as "project_id,region,security_group_id,security_group_rule_id".
  • security_group_rule_id (String) The security group rule ID.

Nested Schema for icmp_parameters

Required:

  • code (Number) ICMP code. Can be set if the protocol is ICMP.
  • type (Number) ICMP type. Can be set if the protocol is ICMP.

Nested Schema for port_range

Required:

  • max (Number) The maximum port number. Should be greater or equal to the minimum.
  • min (Number) The minimum port number. Should be less or equal to the maximum.

Nested Schema for protocol

Optional:

  • name (String) The protocol name which the rule should match. Either name or number must be provided. Possible values are: ah, dccp, egp, esp, gre, icmp, igmp, ipip, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp.
  • number (Number) The protocol number which the rule should match. Either name or number must be provided.