yandex_vpc_security_group_rule (Resource)

Manages Security Group Rule within the Yandex Cloud. For more information, see Documentation.

Example usageExample usage

//
// Create a new VPC Security Group Rule.
//
resource "yandex_vpc_security_group" "group1" {
  name        = "My security group"
  description = "description for my security group"
  network_id  = yandex_vpc_network.lab-net.id

  labels = {
    my-label = "my-label-value"
  }
}

resource "yandex_vpc_security_group_rule" "rule1" {
  security_group_binding = yandex_vpc_security_group.group1.id
  direction              = "ingress"
  description            = "rule1 description"
  v4_cidr_blocks         = ["10.0.1.0/24", "10.0.2.0/24"]
  port                   = 8080
  protocol               = "TCP"
}

resource "yandex_vpc_security_group_rule" "rule2" {
  security_group_binding = yandex_vpc_security_group.group1.id
  direction              = "egress"
  description            = "rule2 description"
  v4_cidr_blocks         = ["10.0.1.0/24"]
  from_port              = 8090
  to_port                = 8099
  protocol               = "UDP"
}

// Auxiliary resources
resource "yandex_vpc_network" "lab-net" {
  name = "lab-network"
}

SchemaSchema

RequiredRequired

• direction (String) Direction of the Security group rule. Can be ingress (inbound network traffic to the VPC network) or egress (outbound network traffic from the VPC network).
• security_group_binding (String) The id of target security group which rule belongs to.

OptionalOptional

• description (String) The resource description.
• from_port (Number) Minimum port number. Applicable for TCP and UDP protocols.
• labels (Map of String) A set of key/value label pairs which assigned to resource.
• port (Number) Port number (if applied to a single port).
• predefined_target (String) Special-purpose targets. The self_security_group target refers to this particular security group. The loadbalancer_healthchecks target represents NLB health check nodes.
• protocol (String) Specific network protocol. Can be one of ANY, TCP, UDP, ICMP, IPV6_ICMP.
• security_group_id (String) Target security group ID for this Security group rule.
• timeouts (Block, Optional) (see below for nested schema)
• to_port (Number) Maximum port number. Applicable for TCP and UDP protocols.
• v4_cidr_blocks (List of String) The list of IPv4 CIDR prefixes for this Security group rule.
• v6_cidr_blocks (List of String) The list of IPv6 CIDR prefixes for this Security group rule. Not supported yet.

Read-OnlyRead-Only

• id (String) The resource identifier.

Nested Schema for Nested Schema for timeouts

Optional:

• create (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
• delete (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
• update (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

ImportImport

The resource can be imported by using their security_group ID and resource ID. For getting the security group ID and resource ID you can use Yandex Cloud Web Console or YC CLI.

# terraform import yandex_vpc_security_group_rule.<resource Name> <security_group ID>:<resource Id>
terraform import yandex_vpc_security_group_rule.myrule enphq**********cjsw4:enp2h**********7akj7