> ## Documentation Index
> Fetch the complete documentation index at: https://docs.nebius.com/llms.txt
> Use this file to discover all available pages before exploring further.

# nebius_vpc_v1_security_rule data source

#### Retrieving the Data Source

This data source can be retrieved by one of ID or name.

##### Retrieve by ID

To retrieve by ID, fill in only the `id` field:

```hcl theme={null}
data ... {
    id = "your-ID"
}
```

##### Retrieve by Name

To retrieve by name, fill in only the `name` and `parent_id` fields:

```hcl theme={null}
data ... {
    name      = "your name"
    parent_id = "data-source-parent-id"
}
```

SecurityRules define rules for controlling network traffic within a network.
These rules specify when traffic is ALLOWED or DENIED based on direction, protocol,
match source, and ports.

## Schema

### Optional

* `id` (String) Identifier for the resource, unique for its resource type.
* `name` (String) Human readable name for the resource.
* `parent_id` (String) Identifier of the parent resource to which the resource belongs.

### Read-Only

* `access` (String) :

  Access action for the rule.
  Required. Determines whether matching traffic is allowed or denied.

  #### Supported values

  Access specifies action on matching traffic: ALLOW or DENY.
  Possible values:

  * `ACCESS_UNSPECIFIED`
  * `ALLOW`
  * `DENY`
* `created_at` (String) :

  Timestamp indicating when the resource was created.

  A string representing a timestamp in [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) format: `YYYY-MM-DDTHH:MM:SSZ` or `YYYY-MM-DDTHH:MM:SS.SSS±HH:MM`
* `egress` (Attributes) :

  #### Inner value description

  Defines match for outgoing traffic.

  *Cannot be set alongside ingress.* (see [below for nested schema](#nestedatt--egress))
* `ingress` (Attributes) :

  #### Inner value description

  Defines match for incoming traffic.

  *Cannot be set alongside egress.* (see [below for nested schema](#nestedatt--ingress))
* `labels` (Map of String) Labels associated with the resource.
* `metadata` (Attributes) :

  `metadata.parent_id` represents the SecurityGroup.

  #### Inner value description

  Common resource metadata. (see [below for nested schema](#nestedatt--metadata))
* `priority` (Number) :

  Priority of the rule. Valid range: 0-1000.
  Optional. If not specified or set to 0, defaults to 500.
  Rules are evaluated in priority order (lower numbers first) using a first-match algorithm:
  only the first matching rule takes effect (ALLOW or DENY), and subsequent rules are skipped.

  When multiple rules share the same priority, DENY rules are evaluated before ALLOW rules.
  The final evaluation order is reflected in 'effective\_priority' (see SecurityRuleStatus).
* `protocol` (String) :

  Protocol used in the rule.
  Supported values: ANY, TCP, UDP, ICMP.

  #### Supported values

  Protocol specifies traffic protocol.
  Possible values:

  * `PROTOCOL_UNSPECIFIED`
  * `ANY`
  * `TCP`
  * `UDP`
  * `ICMP`
* `resource_version` (Number) :

  Version of the resource for safe concurrent modifications and consistent reads.
  Positive and monotonically increases on each resource spec change (but *not* on each change of the
  resource's container(s) or status).
  Service allows zero value or current.
* `status` (Attributes) Current status of the security rule. (see [below for nested schema](#nestedatt--status))
* `type` (String) :

  Type of the rule (STATEFUL or STATELESS)
  Default value is STATEFUL

  #### Supported values

  RuleType specifies whether the security rule is stateful or stateless.
  Possible values:

  * `RULE_TYPE_UNSPECIFIED`
  * `STATEFUL`
  * `STATELESS`
* `updated_at` (String) :

  Timestamp indicating when the resource was last updated.

  A string representing a timestamp in [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) format: `YYYY-MM-DDTHH:MM:SSZ` or `YYYY-MM-DDTHH:MM:SS.SSS±HH:MM`

<a id="nestedatt--egress" />

### Nested Schema for `egress`

Read-Only:

* `destination_cidrs` (List of String) :

  CIDR blocks as the destination.
  Optional. Empty list means any address.
  Must be a valid IPv4.
  Maximum of 8 CIDRs can be specified.
* `destination_ports` (List of Number) :

  List of ports to which the rule applies.
  Optional. Empty list means any port.
  Valid range: 1–65535.
  Maximum of 8 ports can be specified.
* `destination_security_group_id` (String) ID of the referenced Security Group as the destination.

<a id="nestedatt--ingress" />

### Nested Schema for `ingress`

Read-Only:

* `destination_ports` (List of Number) :

  List of destination ports to which the rule applies.
  Optional. Empty list means any port.
  Valid range: 1–65535.
  Maximum of 8 ports can be specified.
* `source_cidrs` (List of String) :

  CIDR blocks as the source.
  Optional. Empty list means any address.
  Must be a valid IPv4
  Maximum of 8 CIDRs can be specified.
* `source_security_group_id` (String) ID of the referenced Security Group as the source.

<a id="nestedatt--metadata" />

### Nested Schema for `metadata`

<a id="nestedatt--status" />

### Nested Schema for `status`

Read-Only:

* `destination` (Attributes) Destination of the traffic that matched the rule. (see [below for nested schema](#nestedatt--status--destination))
* `direction` (String) :

  Direction of traffic affected by the rule.

  #### Supported values

  Direction specifies whether traffic is INGRESS (incoming) or EGRESS (outgoing).
  Possible values:

  * `DIRECTION_UNSPECIFIED`
  * `INGRESS`
  * `EGRESS`
* `effective_priority` (Number) :

  Effective priority used for rule evaluation order, calculated by the system.
  This value is computed from the user-specified 'priority' (SecurityRuleSpec).
  Rules are evaluated in ascending order of effective\_priority using a first-match algorithm.
* `source` (Attributes) Source of the traffic that matched the rule. (see [below for nested schema](#nestedatt--status--source))
* `state` (String) :

  #### Supported values

  State describes lifecycle phases of a security rule.
  Possible values:

  * `STATE_UNSPECIFIED`
  * `CREATING`
  * `READY`
  * `DELETING`

<a id="nestedatt--status--destination" />

### Nested Schema for `status.destination`

Read-Only:

* `cidrs` (List of String) List of CIDR blocks.
* `ports` (List of Number) List of ports.
* `security_group_id` (String) ID of the Security Group.

<a id="nestedatt--status--source" />

### Nested Schema for `status.source`

Read-Only:

* `cidrs` (List of String) List of CIDR blocks.
* `ports` (List of Number) List of ports.
* `security_group_id` (String) ID of the Security Group.
