- What's New
- Service Overview
- User Guide
- Template Reference
-
API Reference
- Before You Start
-
API
- Calling APIs
-
Stacks
- Listing Events of a Stack
- Obtaining Stack Metadata
- Listing Stacks
- Creating a Stack
- Obtaining a Stack Template
- Listing Stack Resources
- Listing Stack Outputs
- Continuing to Deploy a Stack
- Deploying a Stack
- Deleting a Stack
- Updating a Stack
- Deleting a Stack with Conditions
- Continuing to Roll Back a Stack
- Execution Plans
- Template Analysis
- Template Management
-
Stack Sets
- Listing Stack Sets
- Creating a Stack Set
- Obtaining a Stack Set Template
- Listing Stack Set Operations
- Obtaining Metadata of a Stack Set
- Listing Stack Instances
- Creating Stack Instances
- Deleting Stack Instance Deprecated
- Updating Stack Instances
- Deleting Stack Instances
- Deploying a Stack Set
- Deleting a Stack Set
- Updating a Stack Set
- Obtaining Metadata of a Stack Set Operation
- Obtaining a Stack Instance
- Customized Providers
- Resource Formation - Hook
- Resource Formation - Module Management
- Permissions and Supported Actions
- Appendix
- Change History
- FAQs
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Stack Management
- CTS
-
Template Reference
- Template Introduction
-
List of Elements
- Resource Indexes
- AOS.Stack
- CCE.Addon.AutoScaler
- CCE.Cluster
- CCE.HelmRelease
- CCE.NodePool
- CCE.Pod
- CCE.Storage.OBS
- CCE.Storage.SFS
- DCS.Redis
- ECS.CloudServer
- ECS.KeyPair
- NAT.Instance
- NAT.SNatRule
- OBS.Bucket
- RDS.MySQL
- SFS.FileSystem
- ULB.Healthmonitor
- ULB.Listener
- ULB.LoadBalancer
- ULB.Member
- ULB.Pool
- VPC.EIP
- VPC.SecurityGroup
- VPC.SecurityGroupRule
- VPC.Subnet
- VPC.VPC
-
Data Structure
- AOS.BatchItem
- Basic.KeyValuePair
- Basic.Label
- Basic.LabelSelector
- Basic.NameAndSecretValue
- Basic.NameKeyPair
- Basic.NameValuePair
- CCE.Addon.AutoScaler.Node
- CCE.DataVolume
- CCE.HelmChart
- CCE.Labels
- CCE.NodePool
- CCE.PublicIP
- DCS.InstanceBackupPolicy
- DCS.PeriodicalBackupPlan
- ECS.DataVolume
- ECS.EIP
- ECS.ExtendParam
- ECS.MountedVolumes
- ECS.NICS
- ECS.Personality
- ECS.PublicIP
- ECS.RootVolume
- ECS.SecurityGroup
- ECS.ServerTags
- ECS.VolumeExtendParam
- K8S.PodSecurityContext
- K8S.SecurityContext.SeLinuxOptions
- MySQL.DBUser
- MySQL.DataBase
- MySQL.DataStore
- RDS.BackupStrategy
- RDS.HA.Mysql
- RDS.Volume
- ULB.StickySession
- VPC.BandWidth
- VPC.PublicIP
- Appendix
- FAQs
- Change History
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- API Overview
- Calling APIs
-
API
- Creating a Template
- Querying a Template List
- Updating a Template
- Deleting a Template
- Downloading a Template
- Querying a Template
- Querying the Input Parameters of a Template
- Creating a Stack
- Deleting a Stack
- Executing a Stack Lifecycle
- Querying a Stack List
- Querying a Stack
- Querying a Stack Element List
- Querying a Stack Element
- Querying a Stack Output
- Querying Stack Input
- Querying the Execution Record of a Stack
- Querying a Stack Execution Record List
- Appendix
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
-
API
- Calling APIs
-
Stacks
- Listing Events of a Stack
- Obtaining Stack Metadata
- Listing Stacks
- Creating a Stack
- Obtaining a Stack Template
- Listing Stack Resources
- Listing Stack Outputs
- Continuing to Deploy a Stack
- Deploying a Stack
- Deleting a Stack
- Updating a Stack
- Deleting a Stack with Conditions
- Continuing to Roll Back a Stack
- Execution Plans
- Template Analysis
- Template Management
-
Stack Sets
- Listing Stack Sets
- Creating a Stack Set
- Obtaining a Stack Set Template
- Listing Stack Set Operations
- Obtaining Metadata of a Stack Set
- Listing Stack Instances
- Creating Stack Instances
- Deleting Stack Instance Deprecated
- Updating Stack Instances
- Deploying a Stack Set
- Deleting Stack Instances
- Deleting a Stack Set
- Updating a Stack Set
- Obtaining Metadata of a Stack Set Operation
- Obtaining a Stack Instance
- Appendix
- Change History
- User Guide (Kuala Lumpur Region)
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
VPC.SecurityGroupRule
Element Description
A security group rule is an access policy added for an ECS to implement access control.
Element Properties
Property |
Mandatory |
Descripiton |
---|---|---|
direction |
Yes |
Ingress or egress control direction (that is, ingress or egress) Type: string Value Description: The options are egress and ingress. Default: ingress Value Constraint: {u'valid_values': [u'egress', u'ingress']} |
protocol |
No |
Protocol type Type: string Value Description: The options are ICMP, TCP, and UDP. If this property is left blank, all protocols are supported. Value constraint: {u'valid_values': [u'ICMP', u'TCP', u'UDP']} |
remoteSecurityGroupId |
No |
Peer security group ID Type: Cloud.VPC.SecurityGroup.Id Value Description: Obtain the security group ID from the VPC service or automatically generate it through VPC.SecurityGroup. Value Constraint: The value of this parameter and the value of remoteIpPrefix are mutually exclusive. Suggestion: It is advised to obtain the ID of a SecurityGroup object using get_input or get_reference. |
ethertype |
No |
Protocol type of the IP address Type: string Value Description: Set it to IPv4. Default: IPv4 Value constraint: {u'valid_values': [u'IPv4']} |
securityGroupId |
Yes |
ID of the security group the resource belongs Type: Cloud.VPC.SecurityGroup.Id Value Description: Obtain the security group ID from the VPC service or connects to the VPC.SecurityGroup to automatically generate a security group ID. Value Constraint: The value must meet the UUID generation rule and be the ID of an existing security group of the tenant. Suggestion: You are advised to use the get_input function to obtain the value, or connect the SecurityGroup object and use the get_reference function to automatically generate the value. |
remoteIpPrefix |
No |
Remote IP address Type: string Value Description: When the direction is egress, it is the address of the terminal that accesses the VM. When the direction is ingress, it is the address of the to-be-accessed VM. Value Constraint: The value can be in the CIDR format or an IP address. The value of this parameter and the value of remoteSecurityGroup are mutually exclusive. |
maxPort |
No |
Destination port number Type: integer Value Description: Customize the value. The value ranges from 1 to 65535. Value Constraint: {u'in_range': [1, 65535]} Suggestion: If the protocol is not ICMP, the value cannot be smaller than the value of minPort. When minPort and maxPort are left blank, all port numbers are supported. |
minPort |
No |
Start port number Type: integer Value Description: Customize the value. The value ranges from 1 to 65535. Value Constraint: {u'in_range': [1, 65535]} Suggestion: The value cannot be greater than the value of maxPort. When minPort and maxPort are left blank, all port numbers are supported. |
Relationships Between Elements
Description |
Target |
---|---|
Inclusion |
Return Value
Property |
Type |
Description |
---|---|---|
refName |
string |
Security group rule name |
refID |
string |
Security group rule ID |
Blueprint Example
tosca_definitions_version: cloud_tosca_version_1_0 inputs: sg-id: type: Cloud.VPC.SecurityGroup.Id direction: default: ingress type: string ethertype: default: IPv4 type: string protocol: default: TCP type: string minPort: default: 80 type: integer maxPort: default: 80 type: integer remoteSecurityGroup: type: Cloud.VPC.SecurityGroup.Id node_templates: my-rule: type: Cloud.VPC.SecurityGroupRule properties: securityGroupId: {get_input: sg-id} direction: {get_input: direction} ethertype: {get_input: ethertype} protocol: {get_input: protocol} minPort: {get_input: minPort} maxPort: {get_input: maxPort} remoteSecurityGroup: {get_input: remoteSecurityGroup} outputs: rule-id: value: get_attribute: [my-rule, refID]
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot