VPC.SecurityGroupRule
Element Description
A security group rule is an access policy added for an ECS to implement access control.
Element Properties
|
Property |
Mandatory |
Descripiton |
|---|---|---|
|
direction |
Yes |
Ingress or egress control direction (that is, ingress or egress) Type: string Value Description: The options are egress and ingress. Default: ingress Value Constraint: {u'valid_values': [u'egress', u'ingress']} |
|
protocol |
No |
Protocol type Type: string Value Description: The options are ICMP, TCP, and UDP. If this property is left blank, all protocols are supported. Value constraint: {u'valid_values': [u'ICMP', u'TCP', u'UDP']} |
|
remoteSecurityGroupId |
No |
Peer security group ID Type: Cloud.VPC.SecurityGroup.Id Value Description: Obtain the security group ID from the VPC service or automatically generate it through VPC.SecurityGroup. Value Constraint: The value of this parameter and the value of remoteIpPrefix are mutually exclusive. Suggestion: It is advised to obtain the ID of a SecurityGroup object using get_input or get_reference. |
|
ethertype |
No |
Protocol type of the IP address Type: string Value Description: Set it to IPv4. Default: IPv4 Value constraint: {u'valid_values': [u'IPv4']} |
|
securityGroupId |
Yes |
ID of the security group the resource belongs Type: Cloud.VPC.SecurityGroup.Id Value Description: Obtain the security group ID from the VPC service or connects to the VPC.SecurityGroup to automatically generate a security group ID. Value Constraint: The value must meet the UUID generation rule and be the ID of an existing security group of the tenant. Suggestion: You are advised to use the get_input function to obtain the value, or connect the SecurityGroup object and use the get_reference function to automatically generate the value. |
|
remoteIpPrefix |
No |
Remote IP address Type: string Value Description: When the direction is egress, it is the address of the terminal that accesses the VM. When the direction is ingress, it is the address of the to-be-accessed VM. Value Constraint: The value can be in the CIDR format or an IP address. The value of this parameter and the value of remoteSecurityGroup are mutually exclusive. |
|
maxPort |
No |
Destination port number Type: integer Value Description: Customize the value. The value ranges from 1 to 65535. Value Constraint: {u'in_range': [1, 65535]} Suggestion: If the protocol is not ICMP, the value cannot be smaller than the value of minPort. When minPort and maxPort are left blank, all port numbers are supported. |
|
minPort |
No |
Start port number Type: integer Value Description: Customize the value. The value ranges from 1 to 65535. Value Constraint: {u'in_range': [1, 65535]} Suggestion: The value cannot be greater than the value of maxPort. When minPort and maxPort are left blank, all port numbers are supported. |
Relationships Between Elements
|
Description |
Target |
|---|---|
|
Inclusion |
Return Value
|
Property |
Type |
Description |
|---|---|---|
|
refName |
string |
Security group rule name |
|
refID |
string |
Security group rule ID |
Blueprint Example
tosca_definitions_version: cloud_tosca_version_1_0
inputs:
sg-id:
type: Cloud.VPC.SecurityGroup.Id
direction:
default: ingress
type: string
ethertype:
default: IPv4
type: string
protocol:
default: TCP
type: string
minPort:
default: 80
type: integer
maxPort:
default: 80
type: integer
remoteSecurityGroup:
type: Cloud.VPC.SecurityGroup.Id
node_templates:
my-rule:
type: Cloud.VPC.SecurityGroupRule
properties:
securityGroupId: {get_input: sg-id}
direction: {get_input: direction}
ethertype: {get_input: ethertype}
protocol: {get_input: protocol}
minPort: {get_input: minPort}
maxPort: {get_input: maxPort}
remoteSecurityGroup: {get_input: remoteSecurityGroup}
outputs:
rule-id:
value:
get_attribute: [my-rule, refID]
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
