Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Deleting a rule from a security group

Written by
Updated at April 22, 2025

To delete a rule from a security group:

  1. In the management console, go to the folder where you need to change the security group.
  2. In the list of services, select Virtual Private Cloud.
  3. In the left-hand panel, select Security groups.
  4. Click in the row of the security group you need to delete a rule from and select Edit.
  5. Under Rules, click in the row of the rule you need to delete.
  6. In the menu that opens, click Delete.
  7. In the window that opens, click Delete.

To delete a rule from a group:

  1. Get the name or ID of the group to edit:

    yc vpc security-groups list

    Result:

    +----------------------+---------------------------------+------------------------------------+----------------------+
|          ID          |              NAME               |          DESCRIPTION               |      NETWORK-ID      |
+----------------------+---------------------------------+------------------------------------+----------------------+
| enp9bmjge93b******** | default-sg-enp509crtquf******** | Default security group for network | enp509crtquf******** |
| enp9rs9u4h6j******** | sg-1                            |                                    | enp509crtquf******** |
| enp9d8m73d1c******** | sg-2                            |                                    | enp509crtquf******** |
+----------------------+---------------------------------+------------------------------------+----------------------+

  2. Get a list of security group rules by specifying the group name or ID:

    yc vpc security-groups get <group_name_or_ID>

    Result:

    id: enp8rs9i4h6j********
folder_id: b1gaus8l79li********
created_at: "2022-06-24T15:46:31Z"
name: sg-1
network_id: enp559cr9quf********
status: ACTIVE
rules:
  - id: enpbbmv8ici********
    description: SSH
    direction: INGRESS
    ports:
      from_port: "22"
      to_port: "22"
    protocol_name: TCP
    protocol_number: "6"
    cidr_blocks:
      v4_cidr_blocks:
        - 0.0.0.0/0
...

  3. To delete a rule, specify its ID in the command:

    yc vpc security-group update-rules <group_name_or_ID> --delete-rule-id <rule_ID>

    Result:

    done (12s)
id: enp8rs9i4h6j********
folder_id: b1gaus8l79li********
created_at: "2022-06-24T15:46:31Z"
name: sg-1
network_id: enp559cr9quf********
status: ACTIVE
rules:
...

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

To delete a rule created with Terraform from a security group:

  1. Open the Terraform configuration file and delete the ingress or egress section from the security group description:

    Example of a description of a security group with rules in the Terraform configuration
    ...
resource "yandex_vpc_security_group" "test-sg" {
  name        = "Test security group"
  description = "Description for security group"
  network_id  = "${yandex_vpc_network.lab-net.id}"

  ingress {
    protocol       = "TCP"
    description    = "Rule description 1"
    v4_cidr_blocks = ["10.0.1.0/24", "10.0.2.0/24"]
    port           = 8080
  }

  egress {
    protocol       = "ANY"
    description    = "Rule description 2"
    v4_cidr_blocks = ["10.0.1.0/24", "10.0.2.0/24"]
    from_port      = 8090
    to_port        = 8099
  }
}
...

  2. In the command line, go to the directory with the Terraform configuration file.

  3. Check the configuration using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  4. Run this command:

    terraform plan

    The terminal will display a list of resources with their parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.

  5. Apply the configuration changes:

    terraform apply

  6. Confirm the changes: type yes into the terminal and press Enter.

    You can check the security group update using the management console or this CLI command:

    yc vpc security-group get <security_group_name>

To delete a rule from a security group, use the updateRules REST API method for the SecurityGroup resource or the SecurityGroupService/UpdateRules gRPC API call, and provide the following in the request:

  • ID of the security group to delete the rules from, in the securityGroupId parameter.
  • IDs of the rules to delete, in the deletionRuleIds[] array.

To get the security group ID, use the list REST API method for the SecurityGroup resource or the SecurityGroupService/List gRPC API call and provide the folder ID in the folderId request parameter.

To learn how to find out the folder ID, see Getting the folder ID.

Previous
Getting information about a security group
Next
Moving a security group between folders