Azure Native v3.1.0, Apr 8 25

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi

azure-native.network.SecurityRule

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi

Other available API versions: 2018-06-01, 2018-07-01, 2018-08-01, 2018-10-01, 2018-11-01, 2018-12-01, 2019-02-01, 2019-04-01, 2019-06-01, 2019-07-01, 2019-08-01, 2019-09-01, 2019-11-01, 2019-12-01, 2020-03-01, 2020-04-01, 2020-05-01, 2020-06-01, 2020-07-01, 2020-08-01, 2020-11-01, 2021-02-01, 2021-03-01, 2021-05-01, 2021-08-01, 2022-01-01, 2022-05-01, 2022-07-01, 2022-09-01, 2022-11-01, 2023-02-01, 2023-04-01, 2023-05-01, 2023-06-01, 2023-09-01, 2023-11-01, 2024-01-01, 2024-03-01. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native network [ApiVersion]. See the version guide for details.

Create security rule

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var securityRule = new AzureNative.Network.SecurityRule("securityRule", new()
    {
        Access = AzureNative.Network.SecurityRuleAccess.Deny,
        DestinationAddressPrefix = "11.0.0.0/8",
        DestinationPortRange = "8080",
        Direction = AzureNative.Network.SecurityRuleDirection.Outbound,
        NetworkSecurityGroupName = "testnsg",
        Priority = 100,
        Protocol = AzureNative.Network.SecurityRuleProtocol.Asterisk,
        ResourceGroupName = "rg1",
        SecurityRuleName = "rule1",
        SourceAddressPrefix = "10.0.0.0/8",
        SourcePortRange = "*",
    });

});

package main

import (
	network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewSecurityRule(ctx, "securityRule", &network.SecurityRuleArgs{
			Access:                   pulumi.String(network.SecurityRuleAccessDeny),
			DestinationAddressPrefix: pulumi.String("11.0.0.0/8"),
			DestinationPortRange:     pulumi.String("8080"),
			Direction:                pulumi.String(network.SecurityRuleDirectionOutbound),
			NetworkSecurityGroupName: pulumi.String("testnsg"),
			Priority:                 pulumi.Int(100),
			Protocol:                 pulumi.String(network.SecurityRuleProtocolAsterisk),
			ResourceGroupName:        pulumi.String("rg1"),
			SecurityRuleName:         pulumi.String("rule1"),
			SourceAddressPrefix:      pulumi.String("10.0.0.0/8"),
			SourcePortRange:          pulumi.String("*"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.SecurityRule;
import com.pulumi.azurenative.network.SecurityRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var securityRule = new SecurityRule("securityRule", SecurityRuleArgs.builder()
            .access("Deny")
            .destinationAddressPrefix("11.0.0.0/8")
            .destinationPortRange("8080")
            .direction("Outbound")
            .networkSecurityGroupName("testnsg")
            .priority(100)
            .protocol("*")
            .resourceGroupName("rg1")
            .securityRuleName("rule1")
            .sourceAddressPrefix("10.0.0.0/8")
            .sourcePortRange("*")
            .build());

    }
}

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const securityRule = new azure_native.network.SecurityRule("securityRule", {
    access: azure_native.network.SecurityRuleAccess.Deny,
    destinationAddressPrefix: "11.0.0.0/8",
    destinationPortRange: "8080",
    direction: azure_native.network.SecurityRuleDirection.Outbound,
    networkSecurityGroupName: "testnsg",
    priority: 100,
    protocol: azure_native.network.SecurityRuleProtocol.Asterisk,
    resourceGroupName: "rg1",
    securityRuleName: "rule1",
    sourceAddressPrefix: "10.0.0.0/8",
    sourcePortRange: "*",
});

import pulumi
import pulumi_azure_native as azure_native

security_rule = azure_native.network.SecurityRule("securityRule",
    access=azure_native.network.SecurityRuleAccess.DENY,
    destination_address_prefix="11.0.0.0/8",
    destination_port_range="8080",
    direction=azure_native.network.SecurityRuleDirection.OUTBOUND,
    network_security_group_name="testnsg",
    priority=100,
    protocol=azure_native.network.SecurityRuleProtocol.ASTERISK,
    resource_group_name="rg1",
    security_rule_name="rule1",
    source_address_prefix="10.0.0.0/8",
    source_port_range="*")

resources:
  securityRule:
    type: azure-native:network:SecurityRule
    properties:
      access: Deny
      destinationAddressPrefix: 11.0.0.0/8
      destinationPortRange: '8080'
      direction: Outbound
      networkSecurityGroupName: testnsg
      priority: 100
      protocol: '*'
      resourceGroupName: rg1
      securityRuleName: rule1
      sourceAddressPrefix: 10.0.0.0/8
      sourcePortRange: '*'

Create SecurityRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new SecurityRule(name: string, args: SecurityRuleArgs, opts?: CustomResourceOptions);

@overload
def SecurityRule(resource_name: str,
                 args: SecurityRuleInitArgs,
                 opts: Optional[ResourceOptions] = None)

@overload
def SecurityRule(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 direction: Optional[Union[str, SecurityRuleDirection]] = None,
                 resource_group_name: Optional[str] = None,
                 protocol: Optional[Union[str, SecurityRuleProtocol]] = None,
                 priority: Optional[int] = None,
                 network_security_group_name: Optional[str] = None,
                 access: Optional[Union[str, SecurityRuleAccess]] = None,
                 destination_port_range: Optional[str] = None,
                 description: Optional[str] = None,
                 id: Optional[str] = None,
                 name: Optional[str] = None,
                 destination_application_security_groups: Optional[Sequence[ApplicationSecurityGroupArgs]] = None,
                 destination_address_prefixes: Optional[Sequence[str]] = None,
                 destination_address_prefix: Optional[str] = None,
                 destination_port_ranges: Optional[Sequence[str]] = None,
                 security_rule_name: Optional[str] = None,
                 source_address_prefix: Optional[str] = None,
                 source_address_prefixes: Optional[Sequence[str]] = None,
                 source_application_security_groups: Optional[Sequence[ApplicationSecurityGroupArgs]] = None,
                 source_port_range: Optional[str] = None,
                 source_port_ranges: Optional[Sequence[str]] = None,
                 type: Optional[str] = None)

func NewSecurityRule(ctx *Context, name string, args SecurityRuleArgs, opts ...ResourceOption) (*SecurityRule, error)

public SecurityRule(string name, SecurityRuleArgs args, CustomResourceOptions? opts = null)

public SecurityRule(String name, SecurityRuleArgs args)
public SecurityRule(String name, SecurityRuleArgs args, CustomResourceOptions options)

type: azure-native:network:SecurityRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecurityRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecurityRuleInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecurityRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecurityRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecurityRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var azure_nativeSecurityRuleResource = new AzureNative.Network.SecurityRule("azure-nativeSecurityRuleResource", new()
{
    Direction = "string",
    ResourceGroupName = "string",
    Protocol = "string",
    Priority = 0,
    NetworkSecurityGroupName = "string",
    Access = "string",
    DestinationPortRange = "string",
    Description = "string",
    Id = "string",
    Name = "string",
    DestinationApplicationSecurityGroups = new[]
    {
        new AzureNative.Network.Inputs.ApplicationSecurityGroupArgs
        {
            Id = "string",
            Location = "string",
            Tags = 
            {
                { "string", "string" },
            },
        },
    },
    DestinationAddressPrefixes = new[]
    {
        "string",
    },
    DestinationAddressPrefix = "string",
    DestinationPortRanges = new[]
    {
        "string",
    },
    SecurityRuleName = "string",
    SourceAddressPrefix = "string",
    SourceAddressPrefixes = new[]
    {
        "string",
    },
    SourceApplicationSecurityGroups = new[]
    {
        new AzureNative.Network.Inputs.ApplicationSecurityGroupArgs
        {
            Id = "string",
            Location = "string",
            Tags = 
            {
                { "string", "string" },
            },
        },
    },
    SourcePortRange = "string",
    SourcePortRanges = new[]
    {
        "string",
    },
    Type = "string",
});

example, err := network.NewSecurityRule(ctx, "azure-nativeSecurityRuleResource", &network.SecurityRuleArgs{
	Direction:                pulumi.String("string"),
	ResourceGroupName:        pulumi.String("string"),
	Protocol:                 pulumi.String("string"),
	Priority:                 pulumi.Int(0),
	NetworkSecurityGroupName: pulumi.String("string"),
	Access:                   pulumi.String("string"),
	DestinationPortRange:     pulumi.String("string"),
	Description:              pulumi.String("string"),
	Id:                       pulumi.String("string"),
	Name:                     pulumi.String("string"),
	DestinationApplicationSecurityGroups: network.ApplicationSecurityGroupTypeArray{
		&network.ApplicationSecurityGroupTypeArgs{
			Id:       pulumi.String("string"),
			Location: pulumi.String("string"),
			Tags: pulumi.StringMap{
				"string": pulumi.String("string"),
			},
		},
	},
	DestinationAddressPrefixes: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestinationAddressPrefix: pulumi.String("string"),
	DestinationPortRanges: pulumi.StringArray{
		pulumi.String("string"),
	},
	SecurityRuleName:    pulumi.String("string"),
	SourceAddressPrefix: pulumi.String("string"),
	SourceAddressPrefixes: pulumi.StringArray{
		pulumi.String("string"),
	},
	SourceApplicationSecurityGroups: network.ApplicationSecurityGroupTypeArray{
		&network.ApplicationSecurityGroupTypeArgs{
			Id:       pulumi.String("string"),
			Location: pulumi.String("string"),
			Tags: pulumi.StringMap{
				"string": pulumi.String("string"),
			},
		},
	},
	SourcePortRange: pulumi.String("string"),
	SourcePortRanges: pulumi.StringArray{
		pulumi.String("string"),
	},
	Type: pulumi.String("string"),
})

var azure_nativeSecurityRuleResource = new SecurityRule("azure-nativeSecurityRuleResource", SecurityRuleArgs.builder()
    .direction("string")
    .resourceGroupName("string")
    .protocol("string")
    .priority(0)
    .networkSecurityGroupName("string")
    .access("string")
    .destinationPortRange("string")
    .description("string")
    .id("string")
    .name("string")
    .destinationApplicationSecurityGroups(ApplicationSecurityGroupArgs.builder()
        .id("string")
        .location("string")
        .tags(Map.of("string", "string"))
        .build())
    .destinationAddressPrefixes("string")
    .destinationAddressPrefix("string")
    .destinationPortRanges("string")
    .securityRuleName("string")
    .sourceAddressPrefix("string")
    .sourceAddressPrefixes("string")
    .sourceApplicationSecurityGroups(ApplicationSecurityGroupArgs.builder()
        .id("string")
        .location("string")
        .tags(Map.of("string", "string"))
        .build())
    .sourcePortRange("string")
    .sourcePortRanges("string")
    .type("string")
    .build());

azure_native_security_rule_resource = azure_native.network.SecurityRule("azure-nativeSecurityRuleResource",
    direction="string",
    resource_group_name="string",
    protocol="string",
    priority=0,
    network_security_group_name="string",
    access="string",
    destination_port_range="string",
    description="string",
    id="string",
    name="string",
    destination_application_security_groups=[{
        "id": "string",
        "location": "string",
        "tags": {
            "string": "string",
        },
    }],
    destination_address_prefixes=["string"],
    destination_address_prefix="string",
    destination_port_ranges=["string"],
    security_rule_name="string",
    source_address_prefix="string",
    source_address_prefixes=["string"],
    source_application_security_groups=[{
        "id": "string",
        "location": "string",
        "tags": {
            "string": "string",
        },
    }],
    source_port_range="string",
    source_port_ranges=["string"],
    type="string")

const azure_nativeSecurityRuleResource = new azure_native.network.SecurityRule("azure-nativeSecurityRuleResource", {
    direction: "string",
    resourceGroupName: "string",
    protocol: "string",
    priority: 0,
    networkSecurityGroupName: "string",
    access: "string",
    destinationPortRange: "string",
    description: "string",
    id: "string",
    name: "string",
    destinationApplicationSecurityGroups: [{
        id: "string",
        location: "string",
        tags: {
            string: "string",
        },
    }],
    destinationAddressPrefixes: ["string"],
    destinationAddressPrefix: "string",
    destinationPortRanges: ["string"],
    securityRuleName: "string",
    sourceAddressPrefix: "string",
    sourceAddressPrefixes: ["string"],
    sourceApplicationSecurityGroups: [{
        id: "string",
        location: "string",
        tags: {
            string: "string",
        },
    }],
    sourcePortRange: "string",
    sourcePortRanges: ["string"],
    type: "string",
});

type: azure-native:network:SecurityRule
properties:
    access: string
    description: string
    destinationAddressPrefix: string
    destinationAddressPrefixes:
        - string
    destinationApplicationSecurityGroups:
        - id: string
          location: string
          tags:
            string: string
    destinationPortRange: string
    destinationPortRanges:
        - string
    direction: string
    id: string
    name: string
    networkSecurityGroupName: string
    priority: 0
    protocol: string
    resourceGroupName: string
    securityRuleName: string
    sourceAddressPrefix: string
    sourceAddressPrefixes:
        - string
    sourceApplicationSecurityGroups:
        - id: string
          location: string
          tags:
            string: string
    sourcePortRange: string
    sourcePortRanges:
        - string
    type: string

SecurityRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SecurityRule resource accepts the following input properties:

Access string | Pulumi.AzureNative.Network.SecurityRuleAccess: The network traffic is allowed or denied.
Direction string | Pulumi.AzureNative.Network.SecurityRuleDirection: The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.
NetworkSecurityGroupName string: The name of the network security group.
Priority int: The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
Protocol string | Pulumi.AzureNative.Network.SecurityRuleProtocol: Network protocol this rule applies to.
ResourceGroupName string: The name of the resource group.
Description string: A description for this rule. Restricted to 140 chars.
DestinationAddressPrefix string: The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.
DestinationAddressPrefixes List<string>: The destination address prefixes. CIDR or destination IP ranges.
DestinationApplicationSecurityGroups List<Pulumi.AzureNative.Network.Inputs.ApplicationSecurityGroup>: The application security group specified as destination.
DestinationPortRange string: The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
DestinationPortRanges List<string>: The destination port ranges.
Id string: Resource ID.
Name string: The name of the resource that is unique within a resource group. This name can be used to access the resource.
SecurityRuleName string: The name of the security rule.
SourceAddressPrefix string: The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.
SourceAddressPrefixes List<string>: The CIDR or source IP ranges.
SourceApplicationSecurityGroups List<Pulumi.AzureNative.Network.Inputs.ApplicationSecurityGroup>: The application security group specified as source.
SourcePortRange string: The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
SourcePortRanges List<string>: The source port ranges.
Type string: The type of the resource.

Access string | SecurityRuleAccess: The network traffic is allowed or denied.
Direction string | SecurityRuleDirection: The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.
NetworkSecurityGroupName string: The name of the network security group.
Priority int: The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
Protocol string | SecurityRuleProtocol: Network protocol this rule applies to.
ResourceGroupName string: The name of the resource group.
Description string: A description for this rule. Restricted to 140 chars.
DestinationAddressPrefix string: The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.
DestinationAddressPrefixes []string: The destination address prefixes. CIDR or destination IP ranges.
DestinationApplicationSecurityGroups []ApplicationSecurityGroupTypeArgs: The application security group specified as destination.
DestinationPortRange string: The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
DestinationPortRanges []string: The destination port ranges.
Id string: Resource ID.
Name string: The name of the resource that is unique within a resource group. This name can be used to access the resource.
SecurityRuleName string: The name of the security rule.
SourceAddressPrefix string: The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.
SourceAddressPrefixes []string: The CIDR or source IP ranges.
SourceApplicationSecurityGroups []ApplicationSecurityGroupTypeArgs: The application security group specified as source.
SourcePortRange string: The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
SourcePortRanges []string: The source port ranges.
Type string: The type of the resource.

access String | SecurityRuleAccess: The network traffic is allowed or denied.
direction String | SecurityRuleDirection: The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.
networkSecurityGroupName String: The name of the network security group.
priority Integer: The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
protocol String | SecurityRuleProtocol: Network protocol this rule applies to.
resourceGroupName String: The name of the resource group.
description String: A description for this rule. Restricted to 140 chars.
destinationAddressPrefix String: The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.
destinationAddressPrefixes List<String>: The destination address prefixes. CIDR or destination IP ranges.
destinationApplicationSecurityGroups List<ApplicationSecurityGroup>: The application security group specified as destination.
destinationPortRange String: The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
destinationPortRanges List<String>: The destination port ranges.
id String: Resource ID.
name String: The name of the resource that is unique within a resource group. This name can be used to access the resource.
securityRuleName String: The name of the security rule.
sourceAddressPrefix String: The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.
sourceAddressPrefixes List<String>: The CIDR or source IP ranges.
sourceApplicationSecurityGroups List<ApplicationSecurityGroup>: The application security group specified as source.
sourcePortRange String: The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
sourcePortRanges List<String>: The source port ranges.
type String: The type of the resource.

access string | SecurityRuleAccess: The network traffic is allowed or denied.
direction string | SecurityRuleDirection: The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.
networkSecurityGroupName string: The name of the network security group.
priority number: The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
protocol string | SecurityRuleProtocol: Network protocol this rule applies to.
resourceGroupName string: The name of the resource group.
description string: A description for this rule. Restricted to 140 chars.
destinationAddressPrefix string: The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.
destinationAddressPrefixes string[]: The destination address prefixes. CIDR or destination IP ranges.
destinationApplicationSecurityGroups ApplicationSecurityGroup[]: The application security group specified as destination.
destinationPortRange string: The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
destinationPortRanges string[]: The destination port ranges.
id string: Resource ID.
name string: The name of the resource that is unique within a resource group. This name can be used to access the resource.
securityRuleName string: The name of the security rule.
sourceAddressPrefix string: The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.
sourceAddressPrefixes string[]: The CIDR or source IP ranges.
sourceApplicationSecurityGroups ApplicationSecurityGroup[]: The application security group specified as source.
sourcePortRange string: The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
sourcePortRanges string[]: The source port ranges.
type string: The type of the resource.

access str | SecurityRuleAccess: The network traffic is allowed or denied.
direction str | SecurityRuleDirection: The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.
network_security_group_name str: The name of the network security group.
priority int: The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
protocol str | SecurityRuleProtocol: Network protocol this rule applies to.
resource_group_name str: The name of the resource group.
description str: A description for this rule. Restricted to 140 chars.
destination_address_prefix str: The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.
destination_address_prefixes Sequence[str]: The destination address prefixes. CIDR or destination IP ranges.
destination_application_security_groups Sequence[ApplicationSecurityGroupArgs]: The application security group specified as destination.
destination_port_range str: The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
destination_port_ranges Sequence[str]: The destination port ranges.
id str: Resource ID.
name str: The name of the resource that is unique within a resource group. This name can be used to access the resource.
security_rule_name str: The name of the security rule.
source_address_prefix str: The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.
source_address_prefixes Sequence[str]: The CIDR or source IP ranges.
source_application_security_groups Sequence[ApplicationSecurityGroupArgs]: The application security group specified as source.
source_port_range str: The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
source_port_ranges Sequence[str]: The source port ranges.
type str: The type of the resource.

access String | "Allow" | "Deny": The network traffic is allowed or denied.
direction String | "Inbound" | "Outbound": The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.
networkSecurityGroupName String: The name of the network security group.
priority Number: The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
protocol String | "Tcp" | "Udp" | "Icmp" | "Esp" | "*" | "Ah": Network protocol this rule applies to.
resourceGroupName String: The name of the resource group.
description String: A description for this rule. Restricted to 140 chars.
destinationAddressPrefix String: The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.
destinationAddressPrefixes List<String>: The destination address prefixes. CIDR or destination IP ranges.
destinationApplicationSecurityGroups List<Property Map>: The application security group specified as destination.
destinationPortRange String: The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
destinationPortRanges List<String>: The destination port ranges.
id String: Resource ID.
name String: The name of the resource that is unique within a resource group. This name can be used to access the resource.
securityRuleName String: The name of the security rule.
sourceAddressPrefix String: The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.
sourceAddressPrefixes List<String>: The CIDR or source IP ranges.
sourceApplicationSecurityGroups List<Property Map>: The application security group specified as source.
sourcePortRange String: The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
sourcePortRanges List<String>: The source port ranges.
type String: The type of the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityRule resource produces the following output properties:

AzureApiVersion string: The Azure API version of the resource.
Etag string: A unique read-only string that changes whenever the resource is updated.
Id string: The provider-assigned unique ID for this managed resource.
ProvisioningState string: The provisioning state of the security rule resource.

AzureApiVersion string: The Azure API version of the resource.
Etag string: A unique read-only string that changes whenever the resource is updated.
Id string: The provider-assigned unique ID for this managed resource.
ProvisioningState string: The provisioning state of the security rule resource.

azureApiVersion String: The Azure API version of the resource.
etag String: A unique read-only string that changes whenever the resource is updated.
id String: The provider-assigned unique ID for this managed resource.
provisioningState String: The provisioning state of the security rule resource.

azureApiVersion string: The Azure API version of the resource.
etag string: A unique read-only string that changes whenever the resource is updated.
id string: The provider-assigned unique ID for this managed resource.
provisioningState string: The provisioning state of the security rule resource.

azure_api_version str: The Azure API version of the resource.
etag str: A unique read-only string that changes whenever the resource is updated.
id str: The provider-assigned unique ID for this managed resource.
provisioning_state str: The provisioning state of the security rule resource.

azureApiVersion String: The Azure API version of the resource.
etag String: A unique read-only string that changes whenever the resource is updated.
id String: The provider-assigned unique ID for this managed resource.
provisioningState String: The provisioning state of the security rule resource.

Supporting Types

ApplicationSecurityGroup
, ApplicationSecurityGroupArgs

Id string: Resource ID.
Location string: Resource location.
Tags Dictionary<string, string>: Resource tags.

Id string: Resource ID.
Location string: Resource location.
Tags map[string]string: Resource tags.

id String: Resource ID.
location String: Resource location.
tags Map<String,String>: Resource tags.

id string: Resource ID.
location string: Resource location.
tags {[key: string]: string}: Resource tags.

id str: Resource ID.
location str: Resource location.
tags Mapping[str, str]: Resource tags.

id String: Resource ID.
location String: Resource location.
tags Map<String>: Resource tags.

ApplicationSecurityGroupResponse
, ApplicationSecurityGroupResponseArgs

Etag string: A unique read-only string that changes whenever the resource is updated.
Name string: Resource name.
ProvisioningState string: The provisioning state of the application security group resource.
ResourceGuid string: The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups.
Type string: Resource type.
Id string: Resource ID.
Location string: Resource location.
Tags Dictionary<string, string>: Resource tags.

Etag string: A unique read-only string that changes whenever the resource is updated.
Name string: Resource name.
ProvisioningState string: The provisioning state of the application security group resource.
ResourceGuid string: The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups.
Type string: Resource type.
Id string: Resource ID.
Location string: Resource location.
Tags map[string]string: Resource tags.

etag String: A unique read-only string that changes whenever the resource is updated.
name String: Resource name.
provisioningState String: The provisioning state of the application security group resource.
resourceGuid String: The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups.
type String: Resource type.
id String: Resource ID.
location String: Resource location.
tags Map<String,String>: Resource tags.

etag string: A unique read-only string that changes whenever the resource is updated.
name string: Resource name.
provisioningState string: The provisioning state of the application security group resource.
resourceGuid string: The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups.
type string: Resource type.
id string: Resource ID.
location string: Resource location.
tags {[key: string]: string}: Resource tags.

etag str: A unique read-only string that changes whenever the resource is updated.
name str: Resource name.
provisioning_state str: The provisioning state of the application security group resource.
resource_guid str: The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups.
type str: Resource type.
id str: Resource ID.
location str: Resource location.
tags Mapping[str, str]: Resource tags.

etag String: A unique read-only string that changes whenever the resource is updated.
name String: Resource name.
provisioningState String: The provisioning state of the application security group resource.
resourceGuid String: The resource GUID property of the application security group resource. It uniquely identifies a resource, even if the user changes its name or migrate the resource across subscriptions or resource groups.
type String: Resource type.
id String: Resource ID.
location String: Resource location.
tags Map<String>: Resource tags.

SecurityRuleAccess
, SecurityRuleAccessArgs

Allow: Allow
Deny: Deny

SecurityRuleAccessAllow: Allow
SecurityRuleAccessDeny: Deny

Allow: Allow
Deny: Deny

Allow: Allow
Deny: Deny

ALLOW: Allow
DENY: Deny

"Allow": Allow
"Deny": Deny

SecurityRuleDirection
, SecurityRuleDirectionArgs

Inbound: Inbound
Outbound: Outbound

SecurityRuleDirectionInbound: Inbound
SecurityRuleDirectionOutbound: Outbound

Inbound: Inbound
Outbound: Outbound

Inbound: Inbound
Outbound: Outbound

INBOUND: Inbound
OUTBOUND: Outbound

"Inbound": Inbound
"Outbound": Outbound

SecurityRuleProtocol
, SecurityRuleProtocolArgs

Tcp: Tcp
Udp: Udp
Icmp: Icmp
Esp: Esp
Asterisk: *
Ah: Ah

SecurityRuleProtocolTcp: Tcp
SecurityRuleProtocolUdp: Udp
SecurityRuleProtocolIcmp: Icmp
SecurityRuleProtocolEsp: Esp
SecurityRuleProtocolAsterisk: *
SecurityRuleProtocolAh: Ah

Tcp: Tcp
Udp: Udp
Icmp: Icmp
Esp: Esp
Asterisk: *
Ah: Ah

Tcp: Tcp
Udp: Udp
Icmp: Icmp
Esp: Esp
Asterisk: *
Ah: Ah

TCP: Tcp
UDP: Udp
ICMP: Icmp
ESP: Esp
ASTERISK: *
AH: Ah

"Tcp": Tcp
"Udp": Udp
"Icmp": Icmp
"Esp": Esp
"*": *
"Ah": Ah

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:network:SecurityRule rule1 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityGroups/{networkSecurityGroupName}/securityRules/{securityRuleName}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.network.SecurityRule

On this page

On this page

Example Usage

Create security rule

Create SecurityRule Resource

Constructor syntax

Parameters

Constructor example

SecurityRule Resource Properties

Inputs

Outputs

Supporting Types

ApplicationSecurityGroup
, ApplicationSecurityGroupArgs

ApplicationSecurityGroupResponse
, ApplicationSecurityGroupResponseArgs

SecurityRuleAccess
, SecurityRuleAccessArgs

SecurityRuleDirection
, SecurityRuleDirectionArgs

SecurityRuleProtocol
, SecurityRuleProtocolArgs

Import

Package Details

On this page

On this page

azure-native.network.SecurityRule

On this page

On this page

Example Usage

Create security rule

Create SecurityRule Resource

Constructor syntax

Parameters

Constructor example

SecurityRule Resource Properties

Inputs

Outputs

Supporting Types

ApplicationSecurityGroup, ApplicationSecurityGroupArgs

ApplicationSecurityGroupResponse, ApplicationSecurityGroupResponseArgs

SecurityRuleAccess, SecurityRuleAccessArgs

SecurityRuleDirection, SecurityRuleDirectionArgs

SecurityRuleProtocol, SecurityRuleProtocolArgs

Import

Package Details

On this page

On this page

ApplicationSecurityGroup
, ApplicationSecurityGroupArgs

ApplicationSecurityGroupResponse
, ApplicationSecurityGroupResponseArgs

SecurityRuleAccess
, SecurityRuleAccessArgs

SecurityRuleDirection
, SecurityRuleDirectionArgs

SecurityRuleProtocol
, SecurityRuleProtocolArgs