VPC.SecurityGroupRule
Element Description
A security group rule is an access policy added for an ECS to implement access control.
Element Properties
|
Property |
Required |
Descripiton |
|---|---|---|
|
direction |
Yes |
Ingress or egress control direction (that is, ingress or egress) Type: string Value Description: Supports egress or ingress. Default: ingress |
|
protocol |
No |
Protocol type (TCP or UDP) Type: string Value Description: Supports ICMP, TCP, and UDP. When this property is left blank, all protocols are supported. |
|
remoteSecurityGroupId |
No |
Peer security group ID Type: HuaweiCloud.VPC.SecurityGroup.Id Value Description: Get the security group ID to the VPC service or automatically generate it through VPC.SecurityGroup Value Constraint: The value conflicts with remoteIpPrefix. Suggestion: It is recommended to obtain SecurityGroup object IDS by Get_input function input or by get_reference method |
|
ethertype |
No |
Protocol type of the IP address Type: string Value Description: Supports IPv4. Default: IPv4 |
|
securityGroupId |
Yes |
ID of the security group Type: HuaweiCloud.VPC.SecurityGroup.Id Value Description: Obtains the security group ID from the VPC service or connects to the VPC.SecurityGroup to automatically generate the security group ID. Value Constraint: The value must meet the UUID generation rule and be the ID of an existing security group of the tenant. Suggestion: You are advised to use the get_input function to obtain the value, or connect the SecurityGroup object and use the get_reference function to automatically generate the value. |
|
remoteIpPrefix |
No |
Remote IP address Type: string Value Description: Indicates the address of the terminal that accesses the VM when the direction is egress, or indicates the address of the to-be-accessed VM when the direction is ingress. Value Constraint: The value can be in the CIDR format or an IP address.The value conflicts with remoteSecurityGroup. |
|
maxPort |
No |
Destination port number Type: integer Value Description: Supports customization. The value ranges from 1 to 65535. Suggestion: If the protocol is not ICMP, the value cannot be smaller than the value of minPort. When minPort and maxPort are left blank, all port numbers are supported.If the protocol field is ICMP, set the value range by referring to https://support.huaweicloud.com/intl/en-us/api-vpc/vpc_api_0009.html. |
|
minPort |
No |
Start port number Type: integer Value Description: Supports customization. The value ranges from 1 to 65535. Suggestion: The value cannot be greater than the value of maxPort. When minPort and maxPort are left blank, all port numbers are supported. If the protocol field is ICMP, set the value range by referring to https://support.huaweicloud.com/intl/en-us/api-vpc/vpc_api_0009.html. |
|
Description |
Target |
|---|---|
|
ContainedIn |
Return Value
|
Property |
Type |
Description |
|---|---|---|
|
refName |
string |
Security group rule name |
|
refID |
string |
Security group rule ID |
Blueprint Example
tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
sg-id:
type: HuaweiCloud.VPC.SecurityGroup.Id
direction:
default: ingress
type: string
ethertype:
default: IPv4
type: string
protocol:
default: TCP
type: string
minPort:
default: 80
type: integer
maxPort:
default: 80
type: integer
remoteSecurityGroup:
type: HuaweiCloud.VPC.SecurityGroup.Id
node_templates:
my-rule:
type: HuaweiCloud.VPC.SecurityGroupRule
properties:
securityGroupId: {get_input: sg-id}
direction: {get_input: direction}
ethertype: {get_input: ethertype}
protocol: {get_input: protocol}
minPort: {get_input: minPort}
maxPort: {get_input: maxPort}
remoteSecurityGroup: {get_input: remoteSecurityGroup}
outputs:
rule-id:
value:
get_attribute: [my-rule, refID]
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
