Deleting a rule from a security group
To delete a rule from a security group:
- In the management console
, go to the folder where you need to change the security group. - In the list of services, select Virtual Private Cloud.
- In the left-hand panel, select
Security groups. - Click
next to the security group for which you need to delete a rule and select Edit. - Under Rules, click
in the row of the rule to delete. - In the menu that opens, click Delete.
- In the window that opens, click Delete.
To delete a rule from a group:
-
Get the name or ID of the group to edit:
yc vpc security-groups list
Result:
+----------------------+---------------------------------+------------------------------------+----------------------+ | ID | NAME | DESCRIPTION | NETWORK-ID | +----------------------+---------------------------------+------------------------------------+----------------------+ | enp9bmjge93b******** | default-sg-enp509crtquf******** | Default security group for network | enp509crtquf******** | | enp9rs9u4h6j******** | sg-1 | | enp509crtquf******** | | enp9d8m73d1c******** | sg-2 | | enp509crtquf******** | +----------------------+---------------------------------+------------------------------------+----------------------+
-
Get a list of security group rules by specifying the group name or ID:
yc vpc security-groups get <group_name_or_ID>
Result:
id: enp8rs9i4h6j******** folder_id: b1gaus8l79li******** created_at: "2022-06-24T15:46:31Z" name: sg-1 network_id: enp559cr9quf******** status: ACTIVE rules: - id: enpbbmv8ici******** description: SSH direction: INGRESS ports: from_port: "22" to_port: "22" protocol_name: TCP protocol_number: "6" cidr_blocks: v4_cidr_blocks: - 0.0.0.0/0 ...
-
To delete a rule, specify its ID in the command:
yc vpc security-group update-rules <group_name_or_ID> --delete-rule-id <rule_ID>
Result:
done (12s) id: enp8rs9i4h6j******** folder_id: b1gaus8l79li******** created_at: "2022-06-24T15:46:31Z" name: sg-1 network_id: enp559cr9quf******** status: ACTIVE rules: ...
Terraform
For more information about the provider resources, see the documentation on the Terraform
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
If you don't have Terraform, install it and configure the Yandex Cloud provider.
To delete a rule created with Terraform from a security group:
-
Open the Terraform configuration file and delete the
ingress
oregress
section from the security group description:Sample description of a security group with rules in a Terraform configuration
... resource "yandex_vpc_security_group" "test-sg" { name = "Test security group" description = "Description for security group" network_id = "${yandex_vpc_network.lab-net.id}" ingress { protocol = "TCP" description = "Rule description 1" v4_cidr_blocks = ["10.0.1.0/24", "10.0.2.0/24"] port = 8080 } egress { protocol = "ANY" description = "Rule description 2" v4_cidr_blocks = ["10.0.1.0/24", "10.0.2.0/24"] from_port = 8090 to_port = 8099 } } ...
-
In the command line, go to the directory with the Terraform configuration file.
-
Check the configuration using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can verify the changes to the security group using the management console
or the CLI command below:yc vpc security-group get <security_group_name>
To delete a rule from a security group, use the updateRules REST API method for the SecurityGroup resource or the SecurityGroupService/UpdateRules gRPC API call, and provide the following in the request:
- ID of the security group you want to delete rules from, in the
securityGroupId
parameter. - IDs of the rules to be deleted, in the
deletionRuleIds[]
array.
To get the security group ID, use the list REST API method for the SecurityGroup resource or the SecurityGroup/List gRPC API call and provide the folder ID in the folderId
request parameter.
To learn how to find out the folder ID, see Getting the folder ID.