Resource Type: oci_core_network_security_group

Defined in:
lib/puppet/type/oci_core_network_security_group.rb
Providers:
sdk

Overview

A *network security group* (NSG) provides virtual firewall rules for a specific set of Vnic in a VCN. Compare NSGs with SecurityList, which provide virtual firewall rules to all the VNICs in a subnet.

A network security group consists of two items:

* The set of {Vnic} that all have the same security rule needs (for
  example, a group of Compute instances all running the same application)
* A set of NSG {SecurityRule} that apply to the VNICs in the group

After creating an NSG, you can add VNICs and security rules to it. For example, when you create an instance, you can specify one or more NSGs to add the instance to (see create_vnic_details). Or you can add an existing instance to an NSG with update_vnic.

To add security rules to an NSG, see add_network_security_group_security_rules.

To list the VNICs in an NSG, see list_network_security_group_vnics.

To list the security rules in an NSG, see list_network_security_group_security_rules.

For more information about network security groups, see [Network Security Groups](docs.cloud.oracle.com/iaas/Content/Network/Concepts/networksecuritygroups.htm).

Important: Oracle Cloud Infrastructure Compute service images automatically include firewall rules (for example, Linux iptables, Windows firewall). If there are issues with some type of access to an instance, make sure all of the following are set correctly:

* Any security rules in any NSGs the instance's VNIC belongs to
* Any {SecurityList} associated with the instance's subnet
* The instance's OS firewall rules

To use any of the API operations, you must be authorized in an IAM policy. If you’re not authorized, talk to an administrator. If you’re an administrator who needs to write policies to give users access, see [Getting Started with Policies](docs.cloud.oracle.com/Content/Identity/Concepts/policygetstarted.htm).

Warning: Oracle recommends that you avoid using any confidential information when you supply string values using the API.

Here is an example on how to use this:

  oci_core_network_security_group { 'tenant (root)/my_security_group':
    ensure      => 'present',
    vcn         => 'my_compartment/my_vcn',
  }

This documentation is generated from the [Ruby OCI SDK](https://github.com/oracle/oci-ruby-sdk).

Properties

  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent

Parameters

  • provider

    The specific backend to use for this ‘oci_core_network_security_group` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.