alicloud_accountalicloud_action_trailalicloud_cas_certificatealicloud_cms_monitor_hostalicloud_cs_kubernetes_clusteralicloud_cs_kubernetes_cluster_nodealicloud_ecs_auto_provisioning_groupalicloud_ecs_autoscaling_groupalicloud_ecs_diskalicloud_ecs_disk_metric_read_iopsalicloud_ecs_disk_metric_read_iops_dailyalicloud_ecs_disk_metric_read_iops_hourlyalicloud_ecs_disk_metric_write_iopsalicloud_ecs_disk_metric_write_iops_dailyalicloud_ecs_disk_metric_write_iops_hourlyalicloud_ecs_imagealicloud_ecs_instancealicloud_ecs_instance_metric_cpu_utilization_dailyalicloud_ecs_instance_metric_cpu_utilization_hourlyalicloud_ecs_key_pairalicloud_ecs_launch_templatealicloud_ecs_network_interfacealicloud_ecs_regionalicloud_ecs_security_groupalicloud_ecs_snapshotalicloud_ecs_zonealicloud_kms_keyalicloud_kms_secretalicloud_oss_bucketalicloud_ram_access_keyalicloud_ram_credential_reportalicloud_ram_groupalicloud_ram_password_policyalicloud_ram_policyalicloud_ram_rolealicloud_ram_security_preferencealicloud_ram_useralicloud_rds_backupalicloud_rds_databasealicloud_rds_instancealicloud_rds_instance_metric_connectionsalicloud_rds_instance_metric_connections_dailyalicloud_rds_instance_metric_cpu_utilizationalicloud_rds_instance_metric_cpu_utilization_dailyalicloud_rds_instance_metric_cpu_utilization_hourlyalicloud_security_center_field_statisticsalicloud_security_center_versionalicloud_slb_load_balanceralicloud_vpcalicloud_vpc_dhcp_options_setalicloud_vpc_eipalicloud_vpc_flow_logalicloud_vpc_nat_gatewayalicloud_vpc_network_aclalicloud_vpc_route_entryalicloud_vpc_route_tablealicloud_vpc_ssl_vpn_client_certalicloud_vpc_ssl_vpn_serveralicloud_vpc_vpn_connectionalicloud_vpc_vpn_customer_gatewayalicloud_vpc_vpn_gatewayalicloud_vpc_vswitch
Table: alicloud_ecs_security_group
A security group is a logically isolated, mutually accessible group of instances within the same region that all share the same security requirements.
Examples
List of security groups where all instances within the security group are isolated from each other
select name, security_group_id, type, inner_access_policyfrom alicloud_ecs_security_groupwhere inner_access_policy = 'drop';
Get the security group rules of each security group
select name, security_group_id, p ->> 'IpProtocol' as ip_protocol_type, p ->> 'PortRange' as port_range, p ->> 'Direction' as direction, p ->> 'SourceCidrIp' as source_cidr_ip, p ->> 'SourcePortRange' as source_port_rangefrom alicloud_ecs_security_group, jsonb_array_elements(permissions) as p;
List of all enterprise security groups
select name, security_group_id, region_id, typefrom alicloud_ecs_security_groupwhere type = 'enterprise';
Count of security groups by VPC ID
select vpc_id, count(*) as countfrom alicloud_ecs_security_groupgroup by vpc_id;
Get the security group rules that allow inbound public access to all tcp or udp ports
select name, security_group_id, p ->> 'IpProtocol' as ip_protocol_type, p ->> 'PortRange' as port_range, p ->> 'Direction' as direction, p ->> 'SourceCidrIp' as source_cidr_ip, p ->> 'SourcePortRange' as source_port_rangefrom alicloud_ecs_security_group, jsonb_array_elements(permissions) as pwhere p ->> 'IpProtocol' in ('TCP', 'UDP', 'ALL') and p ->> 'Direction' = 'ingress' and p ->> 'SourceCidrIp' = '0.0.0.0/0' and ( p ->> 'PortRange' = '-1/-1' or p ->> 'PortRange' = '1/65535' );
Get the security group rules that allow inbound public access to all tcp or udp ports, along with instances attached to them
select i.name, i.instance_id, sg.name, sg.security_group_id, p ->> 'IpProtocol' as ip_protocol_type, p ->> 'PortRange' as port_range, p ->> 'Direction' as direction, p ->> 'SourceCidrIp' as source_cidr_ip, p ->> 'SourcePortRange' as source_port_rangefrom alicloud_ecs_security_group as sg, jsonb_array_elements(permissions) as p, alicloud_ecs_instance as i, jsonb_array_elements_text(i.security_group_ids) as instance_sgwhere p ->> 'IpProtocol' in ('TCP', 'UDP', 'ALL') and p ->> 'Direction' = 'ingress' and p ->> 'SourceCidrIp' = '0.0.0.0/0' and ( p ->> 'PortRange' = '-1/-1' or p ->> 'PortRange' = '1/65535' ) and instance_sg = sg.security_group_id;
Query examples
- ecs_instance_security_groups
- ecs_security_group_by_acount
- ecs_security_group_by_region
- ecs_security_group_by_type
- ecs_security_group_by_vpc
- ecs_security_group_count
- ecs_security_group_egress_rule_sankey
- ecs_security_group_egress_rules
- ecs_security_group_ingress_rule_sankey
- ecs_security_group_ingress_rules
- ecs_security_group_input
- ecs_security_group_overview
- ecs_security_group_tags
- ecs_security_group_unassociated
- ecs_security_group_unassociated_count
- ecs_security_groups_for_rds_instance
- ecs_security_groups_for_vpc
- ecs_security_unrestricted_egress
- ecs_security_unrestricted_egress_count
- ecs_security_unrestricted_ingress
- ecs_security_unrestricted_ingress_count
- vpc_security_groups_detail
- vpc_vpcs_for_ecs_security_group
.inspect alicloud_ecs_security_group
ECS Security Group
Name | Type | Description |
---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
account_id | text | The alicloud Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
arn | text | The Alibaba Cloud Resource Name (ARN) of the ECS security group. |
creation_time | timestamp with time zone | The time when the security group was created. |
description | text | The description of the security group. |
inner_access_policy | text | The description of the security group. |
name | text | The name of the security group. |
permissions | jsonb | Details about the security group rules. |
region | text | The name of the region where the resource belongs. |
resource_group_id | text | The ID of the resource group to which the security group belongs. |
security_group_id | text | The ID of the security group. |
service_id | bigint | The ID of the distributor to which the security group belongs. |
service_managed | boolean | Indicates whether the user is an Alibaba Cloud service or a distributor. |
tags | jsonb | A map of tags for the resource. |
tags_src | jsonb | A list of tags attached with the security group. |
title | text | Title of the resource. |
type | text | The type of the security group. Possible values are: normal, and enterprise. |
vpc_id | text | he ID of the VPC to which the security group belongs. |