ionoscloud_nsg_firewallrule

Creates and manages IonosCloud Network Security Group Firewall Rule.

Manages a Network Security Group Rule on IonosCloud.

Example Usage

resource "ionoscloud_datacenter" "example" {
  name            = "Datacenter NSG Example"
  location        = "de/txl"
}

resource "ionoscloud_nsg" "example" {
  name              = "Example NSG"
  description       = "Example NSG Description"
  datacenter_id     = ionoscloud_datacenter.example.id
}

resource "ionoscloud_nsg_firewallrule" "example" {
  nsg_id            = ionoscloud_nsg.example.id
  datacenter_id     = ionoscloud_datacenter.example.id
  protocol          = "TCP"
  name              = "SG Rule"
  source_mac        = "00:0a:95:9d:68:15"
  source_ip         = "22.231.113.11"
  target_ip         = "22.231.113.75"
  type              = "EGRESS"
}

Argument Reference

The following arguments are supported:

nsg_id - (Required)[string] The ID of a Network Security Group.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
name - (Optional)[string] The name of the Network Security Group.
protocol - (Required)[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests).
name - (Optional)[string] The name of the firewall rule.
source_mac - (Optional)[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff.
source_ip - (Optional)(computed)[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs.
target_ip - (Optional)(Computed)[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs.
port_range_start - (Optional)[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
port_range_end - (Optional)[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type - (Optional)[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
icmp_code - (Optional)[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type - (Optional)(Computed)[string] The type of firewall rule. If is not specified, it will take the default value INGRESS.

Import

A Network Security Group firewall rule can be imported using the datacenter id, nsg id and firewall rule id, e.g.

terraform import ionoscloud_nsg_firewallrule.mynsg_firewallrule datacenter_uuid/nsg_uuid/firewall_uuid

Or by using an import block.

import {
  to = ionoscloud_nsg_firewallrule.imported
  id = "datacenter_uuid/nsg_uuid/firewall_uuid"
}
  
resource "ionoscloud_nsg_firewallrule" "imported" {
  nsg_id            = ionoscloud_nsg.example.id
  datacenter_id     = ionoscloud_datacenter.example.id
  protocol          = protocol of the imported rule
}

Previousionoscloud_nsg Nextionoscloud_object_storage_accesskey

Last updated 8 days ago

hashtagExample Usage

hashtagArgument Reference

hashtagImport

Example Usage

Argument Reference

Import