oci.Core.NetworkSecurityGroupSecurityRule
Explore with Pulumi AI
This resource provides the Network Security Group Security Rule resource in Oracle Cloud Infrastructure Core service.
Adds up to 25 security rules to the specified network security group. Adding more than 25 rules requires multiple operations.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testNetworkSecurityGroupSecurityRule = new oci.core.NetworkSecurityGroupSecurityRule("test_network_security_group_security_rule", {
    networkSecurityGroupId: testNetworkSecurityGroup.id,
    direction: networkSecurityGroupSecurityRuleDirection,
    protocol: networkSecurityGroupSecurityRuleProtocol,
    description: networkSecurityGroupSecurityRuleDescription,
    destination: networkSecurityGroupSecurityRuleDestination,
    destinationType: networkSecurityGroupSecurityRuleDestinationType,
    icmpOptions: {
        type: networkSecurityGroupSecurityRuleIcmpOptionsType,
        code: networkSecurityGroupSecurityRuleIcmpOptionsCode,
    },
    source: networkSecurityGroupSecurityRuleSource,
    sourceType: networkSecurityGroupSecurityRuleSourceType,
    stateless: networkSecurityGroupSecurityRuleStateless,
    tcpOptions: {
        destinationPortRange: {
            max: networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMax,
            min: networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMin,
        },
        sourcePortRange: {
            max: networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMax,
            min: networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMin,
        },
    },
    udpOptions: {
        destinationPortRange: {
            max: networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMax,
            min: networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMin,
        },
        sourcePortRange: {
            max: networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMax,
            min: networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMin,
        },
    },
});
import pulumi
import pulumi_oci as oci
test_network_security_group_security_rule = oci.core.NetworkSecurityGroupSecurityRule("test_network_security_group_security_rule",
    network_security_group_id=test_network_security_group["id"],
    direction=network_security_group_security_rule_direction,
    protocol=network_security_group_security_rule_protocol,
    description=network_security_group_security_rule_description,
    destination=network_security_group_security_rule_destination,
    destination_type=network_security_group_security_rule_destination_type,
    icmp_options={
        "type": network_security_group_security_rule_icmp_options_type,
        "code": network_security_group_security_rule_icmp_options_code,
    },
    source=network_security_group_security_rule_source,
    source_type=network_security_group_security_rule_source_type,
    stateless=network_security_group_security_rule_stateless,
    tcp_options={
        "destination_port_range": {
            "max": network_security_group_security_rule_tcp_options_destination_port_range_max,
            "min": network_security_group_security_rule_tcp_options_destination_port_range_min,
        },
        "source_port_range": {
            "max": network_security_group_security_rule_tcp_options_source_port_range_max,
            "min": network_security_group_security_rule_tcp_options_source_port_range_min,
        },
    },
    udp_options={
        "destination_port_range": {
            "max": network_security_group_security_rule_udp_options_destination_port_range_max,
            "min": network_security_group_security_rule_udp_options_destination_port_range_min,
        },
        "source_port_range": {
            "max": network_security_group_security_rule_udp_options_source_port_range_max,
            "min": network_security_group_security_rule_udp_options_source_port_range_min,
        },
    })
package main
import (
	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/core"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := core.NewNetworkSecurityGroupSecurityRule(ctx, "test_network_security_group_security_rule", &core.NetworkSecurityGroupSecurityRuleArgs{
			NetworkSecurityGroupId: pulumi.Any(testNetworkSecurityGroup.Id),
			Direction:              pulumi.Any(networkSecurityGroupSecurityRuleDirection),
			Protocol:               pulumi.Any(networkSecurityGroupSecurityRuleProtocol),
			Description:            pulumi.Any(networkSecurityGroupSecurityRuleDescription),
			Destination:            pulumi.Any(networkSecurityGroupSecurityRuleDestination),
			DestinationType:        pulumi.Any(networkSecurityGroupSecurityRuleDestinationType),
			IcmpOptions: &core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs{
				Type: pulumi.Any(networkSecurityGroupSecurityRuleIcmpOptionsType),
				Code: pulumi.Any(networkSecurityGroupSecurityRuleIcmpOptionsCode),
			},
			Source:     pulumi.Any(networkSecurityGroupSecurityRuleSource),
			SourceType: pulumi.Any(networkSecurityGroupSecurityRuleSourceType),
			Stateless:  pulumi.Any(networkSecurityGroupSecurityRuleStateless),
			TcpOptions: &core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs{
				DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs{
					Max: pulumi.Any(networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMax),
					Min: pulumi.Any(networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMin),
				},
				SourcePortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs{
					Max: pulumi.Any(networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMax),
					Min: pulumi.Any(networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMin),
				},
			},
			UdpOptions: &core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs{
				DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs{
					Max: pulumi.Any(networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMax),
					Min: pulumi.Any(networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMin),
				},
				SourcePortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs{
					Max: pulumi.Any(networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMax),
					Min: pulumi.Any(networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMin),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() => 
{
    var testNetworkSecurityGroupSecurityRule = new Oci.Core.NetworkSecurityGroupSecurityRule("test_network_security_group_security_rule", new()
    {
        NetworkSecurityGroupId = testNetworkSecurityGroup.Id,
        Direction = networkSecurityGroupSecurityRuleDirection,
        Protocol = networkSecurityGroupSecurityRuleProtocol,
        Description = networkSecurityGroupSecurityRuleDescription,
        Destination = networkSecurityGroupSecurityRuleDestination,
        DestinationType = networkSecurityGroupSecurityRuleDestinationType,
        IcmpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs
        {
            Type = networkSecurityGroupSecurityRuleIcmpOptionsType,
            Code = networkSecurityGroupSecurityRuleIcmpOptionsCode,
        },
        Source = networkSecurityGroupSecurityRuleSource,
        SourceType = networkSecurityGroupSecurityRuleSourceType,
        Stateless = networkSecurityGroupSecurityRuleStateless,
        TcpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsArgs
        {
            DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs
            {
                Max = networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMax,
                Min = networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMin,
            },
            SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs
            {
                Max = networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMax,
                Min = networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMin,
            },
        },
        UdpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsArgs
        {
            DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs
            {
                Max = networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMax,
                Min = networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMin,
            },
            SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs
            {
                Max = networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMax,
                Min = networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMin,
            },
        },
    });
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Core.NetworkSecurityGroupSecurityRule;
import com.pulumi.oci.Core.NetworkSecurityGroupSecurityRuleArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs;
import com.pulumi.oci.Core.inputs.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var testNetworkSecurityGroupSecurityRule = new NetworkSecurityGroupSecurityRule("testNetworkSecurityGroupSecurityRule", NetworkSecurityGroupSecurityRuleArgs.builder()
            .networkSecurityGroupId(testNetworkSecurityGroup.id())
            .direction(networkSecurityGroupSecurityRuleDirection)
            .protocol(networkSecurityGroupSecurityRuleProtocol)
            .description(networkSecurityGroupSecurityRuleDescription)
            .destination(networkSecurityGroupSecurityRuleDestination)
            .destinationType(networkSecurityGroupSecurityRuleDestinationType)
            .icmpOptions(NetworkSecurityGroupSecurityRuleIcmpOptionsArgs.builder()
                .type(networkSecurityGroupSecurityRuleIcmpOptionsType)
                .code(networkSecurityGroupSecurityRuleIcmpOptionsCode)
                .build())
            .source(networkSecurityGroupSecurityRuleSource)
            .sourceType(networkSecurityGroupSecurityRuleSourceType)
            .stateless(networkSecurityGroupSecurityRuleStateless)
            .tcpOptions(NetworkSecurityGroupSecurityRuleTcpOptionsArgs.builder()
                .destinationPortRange(NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs.builder()
                    .max(networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMax)
                    .min(networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMin)
                    .build())
                .sourcePortRange(NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs.builder()
                    .max(networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMax)
                    .min(networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMin)
                    .build())
                .build())
            .udpOptions(NetworkSecurityGroupSecurityRuleUdpOptionsArgs.builder()
                .destinationPortRange(NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs.builder()
                    .max(networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMax)
                    .min(networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMin)
                    .build())
                .sourcePortRange(NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs.builder()
                    .max(networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMax)
                    .min(networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMin)
                    .build())
                .build())
            .build());
    }
}
resources:
  testNetworkSecurityGroupSecurityRule:
    type: oci:Core:NetworkSecurityGroupSecurityRule
    name: test_network_security_group_security_rule
    properties:
      networkSecurityGroupId: ${testNetworkSecurityGroup.id}
      direction: ${networkSecurityGroupSecurityRuleDirection}
      protocol: ${networkSecurityGroupSecurityRuleProtocol}
      description: ${networkSecurityGroupSecurityRuleDescription}
      destination: ${networkSecurityGroupSecurityRuleDestination}
      destinationType: ${networkSecurityGroupSecurityRuleDestinationType}
      icmpOptions:
        type: ${networkSecurityGroupSecurityRuleIcmpOptionsType}
        code: ${networkSecurityGroupSecurityRuleIcmpOptionsCode}
      source: ${networkSecurityGroupSecurityRuleSource}
      sourceType: ${networkSecurityGroupSecurityRuleSourceType}
      stateless: ${networkSecurityGroupSecurityRuleStateless}
      tcpOptions:
        destinationPortRange:
          max: ${networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMax}
          min: ${networkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeMin}
        sourcePortRange:
          max: ${networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMax}
          min: ${networkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeMin}
      udpOptions:
        destinationPortRange:
          max: ${networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMax}
          min: ${networkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeMin}
        sourcePortRange:
          max: ${networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMax}
          min: ${networkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeMin}
Create NetworkSecurityGroupSecurityRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NetworkSecurityGroupSecurityRule(name: string, args: NetworkSecurityGroupSecurityRuleArgs, opts?: CustomResourceOptions);@overload
def NetworkSecurityGroupSecurityRule(resource_name: str,
                                     args: NetworkSecurityGroupSecurityRuleArgs,
                                     opts: Optional[ResourceOptions] = None)
@overload
def NetworkSecurityGroupSecurityRule(resource_name: str,
                                     opts: Optional[ResourceOptions] = None,
                                     direction: Optional[str] = None,
                                     network_security_group_id: Optional[str] = None,
                                     protocol: Optional[str] = None,
                                     description: Optional[str] = None,
                                     destination: Optional[str] = None,
                                     destination_type: Optional[str] = None,
                                     icmp_options: Optional[NetworkSecurityGroupSecurityRuleIcmpOptionsArgs] = None,
                                     source: Optional[str] = None,
                                     source_type: Optional[str] = None,
                                     stateless: Optional[bool] = None,
                                     tcp_options: Optional[NetworkSecurityGroupSecurityRuleTcpOptionsArgs] = None,
                                     udp_options: Optional[NetworkSecurityGroupSecurityRuleUdpOptionsArgs] = None)func NewNetworkSecurityGroupSecurityRule(ctx *Context, name string, args NetworkSecurityGroupSecurityRuleArgs, opts ...ResourceOption) (*NetworkSecurityGroupSecurityRule, error)public NetworkSecurityGroupSecurityRule(string name, NetworkSecurityGroupSecurityRuleArgs args, CustomResourceOptions? opts = null)
public NetworkSecurityGroupSecurityRule(String name, NetworkSecurityGroupSecurityRuleArgs args)
public NetworkSecurityGroupSecurityRule(String name, NetworkSecurityGroupSecurityRuleArgs args, CustomResourceOptions options)
type: oci:Core:NetworkSecurityGroupSecurityRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NetworkSecurityGroupSecurityRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var networkSecurityGroupSecurityRuleResource = new Oci.Core.NetworkSecurityGroupSecurityRule("networkSecurityGroupSecurityRuleResource", new()
{
    Direction = "string",
    NetworkSecurityGroupId = "string",
    Protocol = "string",
    Description = "string",
    Destination = "string",
    DestinationType = "string",
    IcmpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs
    {
        Type = 0,
        Code = 0,
    },
    Source = "string",
    SourceType = "string",
    Stateless = false,
    TcpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsArgs
    {
        DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs
        {
            Max = 0,
            Min = 0,
        },
        SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs
        {
            Max = 0,
            Min = 0,
        },
    },
    UdpOptions = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsArgs
    {
        DestinationPortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs
        {
            Max = 0,
            Min = 0,
        },
        SourcePortRange = new Oci.Core.Inputs.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs
        {
            Max = 0,
            Min = 0,
        },
    },
});
example, err := core.NewNetworkSecurityGroupSecurityRule(ctx, "networkSecurityGroupSecurityRuleResource", &core.NetworkSecurityGroupSecurityRuleArgs{
	Direction:              pulumi.String("string"),
	NetworkSecurityGroupId: pulumi.String("string"),
	Protocol:               pulumi.String("string"),
	Description:            pulumi.String("string"),
	Destination:            pulumi.String("string"),
	DestinationType:        pulumi.String("string"),
	IcmpOptions: &core.NetworkSecurityGroupSecurityRuleIcmpOptionsArgs{
		Type: pulumi.Int(0),
		Code: pulumi.Int(0),
	},
	Source:     pulumi.String("string"),
	SourceType: pulumi.String("string"),
	Stateless:  pulumi.Bool(false),
	TcpOptions: &core.NetworkSecurityGroupSecurityRuleTcpOptionsArgs{
		DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs{
			Max: pulumi.Int(0),
			Min: pulumi.Int(0),
		},
		SourcePortRange: &core.NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs{
			Max: pulumi.Int(0),
			Min: pulumi.Int(0),
		},
	},
	UdpOptions: &core.NetworkSecurityGroupSecurityRuleUdpOptionsArgs{
		DestinationPortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs{
			Max: pulumi.Int(0),
			Min: pulumi.Int(0),
		},
		SourcePortRange: &core.NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs{
			Max: pulumi.Int(0),
			Min: pulumi.Int(0),
		},
	},
})
var networkSecurityGroupSecurityRuleResource = new NetworkSecurityGroupSecurityRule("networkSecurityGroupSecurityRuleResource", NetworkSecurityGroupSecurityRuleArgs.builder()
    .direction("string")
    .networkSecurityGroupId("string")
    .protocol("string")
    .description("string")
    .destination("string")
    .destinationType("string")
    .icmpOptions(NetworkSecurityGroupSecurityRuleIcmpOptionsArgs.builder()
        .type(0)
        .code(0)
        .build())
    .source("string")
    .sourceType("string")
    .stateless(false)
    .tcpOptions(NetworkSecurityGroupSecurityRuleTcpOptionsArgs.builder()
        .destinationPortRange(NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs.builder()
            .max(0)
            .min(0)
            .build())
        .sourcePortRange(NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs.builder()
            .max(0)
            .min(0)
            .build())
        .build())
    .udpOptions(NetworkSecurityGroupSecurityRuleUdpOptionsArgs.builder()
        .destinationPortRange(NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs.builder()
            .max(0)
            .min(0)
            .build())
        .sourcePortRange(NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs.builder()
            .max(0)
            .min(0)
            .build())
        .build())
    .build());
network_security_group_security_rule_resource = oci.core.NetworkSecurityGroupSecurityRule("networkSecurityGroupSecurityRuleResource",
    direction="string",
    network_security_group_id="string",
    protocol="string",
    description="string",
    destination="string",
    destination_type="string",
    icmp_options={
        "type": 0,
        "code": 0,
    },
    source="string",
    source_type="string",
    stateless=False,
    tcp_options={
        "destination_port_range": {
            "max": 0,
            "min": 0,
        },
        "source_port_range": {
            "max": 0,
            "min": 0,
        },
    },
    udp_options={
        "destination_port_range": {
            "max": 0,
            "min": 0,
        },
        "source_port_range": {
            "max": 0,
            "min": 0,
        },
    })
const networkSecurityGroupSecurityRuleResource = new oci.core.NetworkSecurityGroupSecurityRule("networkSecurityGroupSecurityRuleResource", {
    direction: "string",
    networkSecurityGroupId: "string",
    protocol: "string",
    description: "string",
    destination: "string",
    destinationType: "string",
    icmpOptions: {
        type: 0,
        code: 0,
    },
    source: "string",
    sourceType: "string",
    stateless: false,
    tcpOptions: {
        destinationPortRange: {
            max: 0,
            min: 0,
        },
        sourcePortRange: {
            max: 0,
            min: 0,
        },
    },
    udpOptions: {
        destinationPortRange: {
            max: 0,
            min: 0,
        },
        sourcePortRange: {
            max: 0,
            min: 0,
        },
    },
});
type: oci:Core:NetworkSecurityGroupSecurityRule
properties:
    description: string
    destination: string
    destinationType: string
    direction: string
    icmpOptions:
        code: 0
        type: 0
    networkSecurityGroupId: string
    protocol: string
    source: string
    sourceType: string
    stateless: false
    tcpOptions:
        destinationPortRange:
            max: 0
            min: 0
        sourcePortRange:
            max: 0
            min: 0
    udpOptions:
        destinationPortRange:
            max: 0
            min: 0
        sourcePortRange:
            max: 0
            min: 0
NetworkSecurityGroupSecurityRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NetworkSecurityGroupSecurityRule resource accepts the following input properties:
- Direction string
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- NetworkSecurity stringGroup Id 
- The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- Description string
- An optional description of your choice for the rule.
- Destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- DestinationType string
- Type of destination for the rule. Required if direction=EGRESS.
- IcmpOptions NetworkSecurity Group Security Rule Icmp Options 
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- Source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- SourceType string
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- TcpOptions NetworkSecurity Group Security Rule Tcp Options 
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- UdpOptions NetworkSecurity Group Security Rule Udp Options 
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- Direction string
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- NetworkSecurity stringGroup Id 
- The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- Description string
- An optional description of your choice for the rule.
- Destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- DestinationType string
- Type of destination for the rule. Required if direction=EGRESS.
- IcmpOptions NetworkSecurity Group Security Rule Icmp Options Args 
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- Source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- SourceType string
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- TcpOptions NetworkSecurity Group Security Rule Tcp Options Args 
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- UdpOptions NetworkSecurity Group Security Rule Udp Options Args 
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction String
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- networkSecurity StringGroup Id 
- The OCID of the network security group.
- protocol String
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- description String
- An optional description of your choice for the rule.
- destination String
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destinationType String
- Type of destination for the rule. Required if direction=EGRESS.
- icmpOptions NetworkSecurity Group Security Rule Icmp Options 
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- source String
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- sourceType String
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcpOptions NetworkSecurity Group Security Rule Tcp Options 
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udpOptions NetworkSecurity Group Security Rule Udp Options 
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction string
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- networkSecurity stringGroup Id 
- The OCID of the network security group.
- protocol string
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- description string
- An optional description of your choice for the rule.
- destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destinationType string
- Type of destination for the rule. Required if direction=EGRESS.
- icmpOptions NetworkSecurity Group Security Rule Icmp Options 
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- sourceType string
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- stateless boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcpOptions NetworkSecurity Group Security Rule Tcp Options 
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udpOptions NetworkSecurity Group Security Rule Udp Options 
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction str
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- network_security_ strgroup_ id 
- The OCID of the network security group.
- protocol str
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- description str
- An optional description of your choice for the rule.
- destination str
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destination_type str
- Type of destination for the rule. Required if direction=EGRESS.
- icmp_options NetworkSecurity Group Security Rule Icmp Options Args 
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- source str
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- source_type str
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp_options NetworkSecurity Group Security Rule Tcp Options Args 
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udp_options NetworkSecurity Group Security Rule Udp Options Args 
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- direction String
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- networkSecurity StringGroup Id 
- The OCID of the network security group.
- protocol String
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- description String
- An optional description of your choice for the rule.
- destination String
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destinationType String
- Type of destination for the rule. Required if direction=EGRESS.
- icmpOptions Property Map
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- source String
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- sourceType String
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcpOptions Property Map
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- udpOptions Property Map
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
Outputs
All input properties are implicitly available as output properties. Additionally, the NetworkSecurityGroupSecurityRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- IsValid bool
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- TimeCreated string
- The date and time the security rule was created. Format defined by RFC3339.
- Id string
- The provider-assigned unique ID for this managed resource.
- IsValid bool
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- TimeCreated string
- The date and time the security rule was created. Format defined by RFC3339.
- id String
- The provider-assigned unique ID for this managed resource.
- isValid Boolean
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- timeCreated String
- The date and time the security rule was created. Format defined by RFC3339.
- id string
- The provider-assigned unique ID for this managed resource.
- isValid boolean
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- timeCreated string
- The date and time the security rule was created. Format defined by RFC3339.
- id str
- The provider-assigned unique ID for this managed resource.
- is_valid bool
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- time_created str
- The date and time the security rule was created. Format defined by RFC3339.
- id String
- The provider-assigned unique ID for this managed resource.
- isValid Boolean
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- timeCreated String
- The date and time the security rule was created. Format defined by RFC3339.
Look up Existing NetworkSecurityGroupSecurityRule Resource
Get an existing NetworkSecurityGroupSecurityRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NetworkSecurityGroupSecurityRuleState, opts?: CustomResourceOptions): NetworkSecurityGroupSecurityRule@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        destination: Optional[str] = None,
        destination_type: Optional[str] = None,
        direction: Optional[str] = None,
        icmp_options: Optional[NetworkSecurityGroupSecurityRuleIcmpOptionsArgs] = None,
        is_valid: Optional[bool] = None,
        network_security_group_id: Optional[str] = None,
        protocol: Optional[str] = None,
        source: Optional[str] = None,
        source_type: Optional[str] = None,
        stateless: Optional[bool] = None,
        tcp_options: Optional[NetworkSecurityGroupSecurityRuleTcpOptionsArgs] = None,
        time_created: Optional[str] = None,
        udp_options: Optional[NetworkSecurityGroupSecurityRuleUdpOptionsArgs] = None) -> NetworkSecurityGroupSecurityRulefunc GetNetworkSecurityGroupSecurityRule(ctx *Context, name string, id IDInput, state *NetworkSecurityGroupSecurityRuleState, opts ...ResourceOption) (*NetworkSecurityGroupSecurityRule, error)public static NetworkSecurityGroupSecurityRule Get(string name, Input<string> id, NetworkSecurityGroupSecurityRuleState? state, CustomResourceOptions? opts = null)public static NetworkSecurityGroupSecurityRule get(String name, Output<String> id, NetworkSecurityGroupSecurityRuleState state, CustomResourceOptions options)resources:  _:    type: oci:Core:NetworkSecurityGroupSecurityRule    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- An optional description of your choice for the rule.
- Destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- DestinationType string
- Type of destination for the rule. Required if direction=EGRESS.
- Direction string
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- IcmpOptions NetworkSecurity Group Security Rule Icmp Options 
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- IsValid bool
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- NetworkSecurity stringGroup Id 
- The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- Source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- SourceType string
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- TcpOptions NetworkSecurity Group Security Rule Tcp Options 
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- TimeCreated string
- The date and time the security rule was created. Format defined by RFC3339.
- UdpOptions NetworkSecurity Group Security Rule Udp Options 
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- Description string
- An optional description of your choice for the rule.
- Destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- DestinationType string
- Type of destination for the rule. Required if direction=EGRESS.
- Direction string
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- IcmpOptions NetworkSecurity Group Security Rule Icmp Options Args 
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- IsValid bool
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- NetworkSecurity stringGroup Id 
- The OCID of the network security group.
- Protocol string
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- Source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- SourceType string
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- Stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- TcpOptions NetworkSecurity Group Security Rule Tcp Options Args 
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- TimeCreated string
- The date and time the security rule was created. Format defined by RFC3339.
- UdpOptions NetworkSecurity Group Security Rule Udp Options Args 
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description String
- An optional description of your choice for the rule.
- destination String
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destinationType String
- Type of destination for the rule. Required if direction=EGRESS.
- direction String
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- icmpOptions NetworkSecurity Group Security Rule Icmp Options 
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- isValid Boolean
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- networkSecurity StringGroup Id 
- The OCID of the network security group.
- protocol String
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- source String
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- sourceType String
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcpOptions NetworkSecurity Group Security Rule Tcp Options 
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- timeCreated String
- The date and time the security rule was created. Format defined by RFC3339.
- udpOptions NetworkSecurity Group Security Rule Udp Options 
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description string
- An optional description of your choice for the rule.
- destination string
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destinationType string
- Type of destination for the rule. Required if direction=EGRESS.
- direction string
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- icmpOptions NetworkSecurity Group Security Rule Icmp Options 
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- isValid boolean
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- networkSecurity stringGroup Id 
- The OCID of the network security group.
- protocol string
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- source string
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- sourceType string
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- stateless boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcpOptions NetworkSecurity Group Security Rule Tcp Options 
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- timeCreated string
- The date and time the security rule was created. Format defined by RFC3339.
- udpOptions NetworkSecurity Group Security Rule Udp Options 
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description str
- An optional description of your choice for the rule.
- destination str
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destination_type str
- Type of destination for the rule. Required if direction=EGRESS.
- direction str
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- icmp_options NetworkSecurity Group Security Rule Icmp Options Args 
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- is_valid bool
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- network_security_ strgroup_ id 
- The OCID of the network security group.
- protocol str
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- source str
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- source_type str
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- stateless bool
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcp_options NetworkSecurity Group Security Rule Tcp Options Args 
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- time_created str
- The date and time the security rule was created. Format defined by RFC3339.
- udp_options NetworkSecurity Group Security Rule Udp Options Args 
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
- description String
- An optional description of your choice for the rule.
- destination String
- Conceptually, this is the range of IP addresses that a packet originating from the instance can go to.
- destinationType String
- Type of destination for the rule. Required if direction=EGRESS.
- direction String
- Direction of the security rule. Set to EGRESSfor rules to allow outbound IP packets, orINGRESSfor rules to allow inbound IP packets.
- icmpOptions Property Map
- Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in:
- isValid Boolean
- Whether the rule is valid. The value is Truewhen the rule is first created. If the rule'ssourceordestinationis a network security group, the value changes toFalseif that network security group is deleted.
- networkSecurity StringGroup Id 
- The OCID of the network security group.
- protocol String
- The transport protocol. Specify either allor an IPv4 protocol number as defined in Protocol Numbers. Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
- source String
- Conceptually, this is the range of IP addresses that a packet coming into the instance can come from.
- sourceType String
- Type of source for the rule. Required if direction=INGRESS.- CIDR_BLOCK: If the rule's- sourceis an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's- sourceis the- cidrBlockvalue for a Service (the rule is for traffic coming from a particular- Servicethrough a service gateway).
- NETWORK_SECURITY_GROUP: If the rule's- sourceis the OCID of a NetworkSecurityGroup.
 
- stateless Boolean
- A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
- tcpOptions Property Map
- Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
- timeCreated String
- The date and time the security rule was created. Format defined by RFC3339.
- udpOptions Property Map
- Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
Supporting Types
NetworkSecurityGroupSecurityRuleIcmpOptions, NetworkSecurityGroupSecurityRuleIcmpOptionsArgs              
NetworkSecurityGroupSecurityRuleTcpOptions, NetworkSecurityGroupSecurityRuleTcpOptionsArgs              
NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRange, NetworkSecurityGroupSecurityRuleTcpOptionsDestinationPortRangeArgs                    
NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRange, NetworkSecurityGroupSecurityRuleTcpOptionsSourcePortRangeArgs                    
NetworkSecurityGroupSecurityRuleUdpOptions, NetworkSecurityGroupSecurityRuleUdpOptionsArgs              
NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRange, NetworkSecurityGroupSecurityRuleUdpOptionsDestinationPortRangeArgs                    
NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRange, NetworkSecurityGroupSecurityRuleUdpOptionsSourcePortRangeArgs                    
Import
NetworkSecurityGroupSecurityRule can be imported using the id, e.g.
$ pulumi import oci:Core/networkSecurityGroupSecurityRule:NetworkSecurityGroupSecurityRule test_network_security_group_security_rule "networkSecurityGroups/{networkSecurityGroupId}/securityRules/{securityRuleId}"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the ociTerraform Provider.