github.com/jmbataller/terraform@v0.6.8-0.20151125192640-b7a12e3a580c/website/source/docs/providers/azure/r/security_group_rule.html.markdown (about) 1 --- 2 layout: "azure" 3 page_title: "Azure: azure_security_group_rule" 4 sidebar_current: "docs-azure-resource-security-group-rule" 5 description: |- 6 Creates a new network security rule to be associated with a given security group. 7 --- 8 9 # azure\_security\_group\_rule 10 11 Creates a new network Security Group Rule to be associated with a number of 12 given Security Groups. 13 14 ~> **NOTE on Security Group Rules**: for usability purposes; Terraform allows the 15 addition of a single Security Group Rule to multiple Security Groups, despite 16 it having to define each rule individually per Security Group on Azure. As a 17 result; in the event that one of the Rules on one of the Groups is modified by 18 external factors, Terraform cannot reason as to whether or not that change 19 should be propagated to the others; let alone choose one changed Rule 20 configuration over another in case of a conflic. As such; `terraform refresh` 21 only checks that the rule is still defined for each of the specified 22 `security_group_names`; ignoring the actual parameters of the Rule and **not** 23 updating the state with regards to them. 24 25 ## Example Usage 26 27 ``` 28 resource "azure_security_group" "web" { 29 ... 30 } 31 32 resource "azure_security_group" "apps" { 33 ... 34 } 35 36 resource "azure_security_group_rule" "ssh_access" { 37 name = "ssh-access-rule" 38 security_group_names = ["${azure_security_group.web.name}", "${azure_security_group.apps.name}"] 39 type = "Inbound" 40 action = "Allow" 41 priority = 200 42 source_address_prefix = "100.0.0.0/32" 43 source_port_range = "*" 44 destination_address_prefix = "10.0.0.0/32" 45 destination_port_range = "22" 46 protocol = "TCP" 47 } 48 ``` 49 50 ## Argument Reference 51 52 The following arguments are supported: 53 * `name` - (Required) The name of the security group rule. 54 55 * `security_group_names` - (Required) A list of the names of the security groups 56 the rule should be applied to. 57 Changing this list forces the creation of a new resource. 58 59 * `type` - (Required) The type of the security rule. Valid options are: 60 `Inbound` and `Outbound`. 61 62 * `priority` - (Required) The priority of the network security rule. Rules with 63 lower priority are evaluated first. This value can be between 100 and 4096. 64 65 * `action` - (Optional) The action that is performed when the security rule is 66 matched. Valid options are: `Allow` and `Deny`. 67 68 * `source_address_prefix` - (Required) The address prefix of packet sources that 69 that should be subjected to the rule. An asterisk (\*) can also be used to 70 match all source IPs. 71 72 * `source_port_range` - (Required) The source port or range. This value can be 73 between 0 and 65535. An asterisk (\*) can also be used to match all ports. 74 75 * `destination_address_prefix` - (Required) The address prefix of packet 76 destinations that should be subjected to the rule. An asterisk 77 (\*) can also be used to match all destination IPs. 78 79 * `destination_port_range` - (Required) The destination port or range. This value 80 can be between 0 and 65535. An asterisk (\*) can also be used to match all 81 ports. 82 83 * `protocol` - (Optional) The protocol of the security rule. Valid options are: 84 `TCP`, `UDP` and `*`. 85 86 The following attributes are exported: 87 88 * `id` - The security group rule ID. Coincides with its given `name`.