arvancloud_iaas_security_group_rule (Resource)
Manages an IaaS security group rule. Rules define ingress and egress traffic policies for security groups.
Example Usage
terraform {
required_providers {
arvancloud = {
source = "ArvanCloud/arvancloud"
}
}
}
# Create a security group first
resource "arvancloud_iaas_security_group" "web" {
name = "web-servers"
description = "Security group for web servers"
availability_zone = "ir-central1-a"
}
# Allow inbound HTTP traffic from anywhere
resource "arvancloud_iaas_security_group_rule" "http" {
security_group_id = arvancloud_iaas_security_group.web.id
direction = "ingress"
ether_type = "IPv4"
protocol = "tcp"
port_range_min = 80
port_range_max = 80
remote_ip_prefix = "0.0.0.0/0"
description = "Allow HTTP from anywhere"
}
# Allow inbound HTTPS traffic from anywhere
resource "arvancloud_iaas_security_group_rule" "https" {
security_group_id = arvancloud_iaas_security_group.web.id
direction = "ingress"
ether_type = "IPv4"
protocol = "tcp"
port_range_min = 443
port_range_max = 443
remote_ip_prefix = "0.0.0.0/0"
description = "Allow HTTPS from anywhere"
}
# Allow SSH from a specific subnet
resource "arvancloud_iaas_security_group_rule" "ssh" {
security_group_id = arvancloud_iaas_security_group.web.id
direction = "ingress"
ether_type = "IPv4"
protocol = "tcp"
port_range_min = 22
port_range_max = 22
remote_ip_prefix = "192.168.1.0/24"
description = "Allow SSH from office network"
}
# Allow all outbound traffic
resource "arvancloud_iaas_security_group_rule" "egress_all" {
security_group_id = arvancloud_iaas_security_group.web.id
direction = "egress"
ether_type = "IPv4"
protocol = ""
remote_ip_prefix = "0.0.0.0/0"
description = "Allow all outbound traffic"
}
# Allow ICMP ping
resource "arvancloud_iaas_security_group_rule" "icmp" {
security_group_id = arvancloud_iaas_security_group.web.id
direction = "ingress"
ether_type = "IPv4"
protocol = "icmp"
remote_ip_prefix = "0.0.0.0/0"
description = "Allow ICMP ping"
}
# Create another security group for database servers
resource "arvancloud_iaas_security_group" "db" {
name = "database-servers"
description = "Security group for database servers"
availability_zone = "ir-central1-a"
}
# Allow database access from web servers security group
resource "arvancloud_iaas_security_group_rule" "db_from_web" {
security_group_id = arvancloud_iaas_security_group.db.id
direction = "ingress"
ether_type = "IPv4"
protocol = "tcp"
port_range_min = 3306
port_range_max = 3306
remote_group_id = arvancloud_iaas_security_group.web.id
description = "Allow MySQL from web servers"
}
# IPv6 example - allow all IPv6 outbound
resource "arvancloud_iaas_security_group_rule" "egress_ipv6" {
security_group_id = arvancloud_iaas_security_group.web.id
direction = "egress"
ether_type = "IPv6"
protocol = ""
remote_ip_prefix = "::/0"
description = "Allow all IPv6 outbound traffic"
}
# Output rule IDs
output "http_rule_id" {
value = arvancloud_iaas_security_group_rule.http.id
}
output "https_rule_id" {
value = arvancloud_iaas_security_group_rule.https.id
}
output "ssh_rule_id" {
value = arvancloud_iaas_security_group_rule.ssh.id
}
Schema
Required
direction(String) Direction of traffic (ingressoregress).ether_type(String) Ether type (IPv4orIPv6).security_group_id(String) ID of the security group this rule belongs to.
Optional
description(String) Description of the rule.port_range_max(Number) Maximum port number (1-65535). Required for TCP/UDP protocols.port_range_min(Number) Minimum port number (1-65535). Required for TCP/UDP protocols.protocol(String) IP protocol (tcp,udp,icmp, or empty for any).remote_group_id(String) ID of the remote security group. Mutually exclusive withremote_ip_prefix.remote_ip_prefix(String) Remote IP address or CIDR range (e.g.,0.0.0.0/0,192.168.1.0/24). Mutually exclusive withremote_group_id.
Read-Only
id(String) Unique identifier of the rule assigned by the API.
Import
Import is supported using the following syntax:
terraform import arvancloud_iaas_security_group_rule.example "4c5d6e7f-8a9b-0c1d-2e3f-4a5b6c7d8e9f:9e8f7a6b-5c4d-3e2f-1a0b-9c8d7e6f5a4b"