github.com/pmcatominey/terraform@v0.7.0-rc2.0.20160708105029-1401a52a5cc5/website/source/docs/providers/aws/r/security_group_rule.html.markdown

github.com/pmcatominey/terraform@v0.7.0-rc2.0.20160708105029-1401a52a5cc5/website/source/docs/providers/aws/r/security_group_rule.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_security_group_rule"
     4  sidebar_current: "docs-aws-resource-security-group-rule"
     5  description: |-
     6    Provides an security group rule resource.
     7  ---
     8  
     9  # aws\_security\_group\_rule
    10  
    11  Provides a security group rule resource. Represents a single `ingress` or
    12  `egress` group rule, which can be added to external Security Groups.
    13  
    14  ~> **NOTE on Security Groups and Security Group Rules:** Terraform currently
    15  provides both a standalone Security Group Rule resource (a single `ingress` or
    16  `egress` rule), and a [Security Group resource](security_group.html) with `ingress` and `egress` rules
    17  defined in-line. At this time you cannot use a Security Group with in-line rules
    18  in conjunction with any Security Group Rule resources. Doing so will cause
    19  a conflict of rule settings and will overwrite rules.
    20  
    21  ## Example Usage
    22  
    23  Basic usage
    24  
    25  ```
    26  resource "aws_security_group_rule" "allow_all" {
    27      type = "ingress"
    28      from_port = 0
    29      to_port = 65535
    30      protocol = "tcp"
    31      cidr_blocks = ["0.0.0.0/0"]
    32      prefix_list_ids = ["pl-12c4e678"]
    33  
    34      security_group_id = "sg-123456"
    35  }
    36  ```
    37  
    38  ## Argument Reference
    39  
    40  The following arguments are supported:
    41  
    42  * `type` - (Required) The type of rule being created. Valid options are `ingress` (inbound)
    43  or `egress` (outbound).
    44  * `cidr_blocks` - (Optional) List of CIDR blocks. Cannot be specified with `source_security_group_id`.
    45  * `prefix_list_ids` - (Optional) List of prefix list IDs (for allowing access to VPC endpoints).
    46  Only valid with `egress`.
    47  * `from_port` - (Required) The start port (or ICMP type number if protocol is "icmp").
    48  * `protocol` - (Required) The protocol.
    49  * `security_group_id` - (Required) The security group to apply this rule to.
    50  * `source_security_group_id` - (Optional) The security group id to allow access to/from,
    51       depending on the `type`. Cannot be specified with `cidr_blocks`.
    52  * `self` - (Optional) If true, the security group itself will be added as
    53       a source to this ingress rule.
    54  * `to_port` - (Required) The end range port.
    55  
    56  ## Usage with prefix list IDs
    57  
    58  Prefix list IDs are manged by AWS internally. Prefix list IDs
    59  are associated with a prefix list name, or service name, that is linked to a specific region.
    60  Prefix list IDs are exported on VPC Endpoints, so you can use this format:
    61  
    62  ```
    63  resource "aws_security_group_rule" "allow_all" {
    64      type = "egress"
    65      to_port = 0
    66      protocol = "-1"
    67      prefix_list_ids = ["${aws_vpc_endpoint.my_endpoint.prefix_list_id}"]
    68      from_port = 0
    69      security_group_id = "sg-123456"
    70  }
    71  ...
    72  resource "aws_vpc_endpoint" "my_endpoint" {
    73    ...
    74  }
    75  ```
    76  
    77  ## Attributes Reference
    78  
    79  The following attributes are exported:
    80  
    81  * `id` - The ID of the security group rule
    82  * `type` - The type of rule, `ingress` or `egress`
    83  * `from_port` - The source port
    84  * `to_port` - The destination port
    85  * `protocol` – The protocol used