1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. ec2
  5. SecurityGroup

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.ec2.SecurityGroup

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    Resource Type definition for AWS::EC2::SecurityGroup

    Create SecurityGroup Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new SecurityGroup(name: string, args: SecurityGroupArgs, opts?: CustomResourceOptions);
    @overload
    def SecurityGroup(resource_name: str,
                      args: SecurityGroupArgs,
                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def SecurityGroup(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      group_description: Optional[str] = None,
                      group_name: Optional[str] = None,
                      security_group_egress: Optional[Sequence[SecurityGroupEgressArgs]] = None,
                      security_group_ingress: Optional[Sequence[SecurityGroupIngressArgs]] = None,
                      tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
                      vpc_id: Optional[str] = None)
    func NewSecurityGroup(ctx *Context, name string, args SecurityGroupArgs, opts ...ResourceOption) (*SecurityGroup, error)
    public SecurityGroup(string name, SecurityGroupArgs args, CustomResourceOptions? opts = null)
    public SecurityGroup(String name, SecurityGroupArgs args)
    public SecurityGroup(String name, SecurityGroupArgs args, CustomResourceOptions options)
    
    type: aws-native:ec2:SecurityGroup
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SecurityGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecurityGroupArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecurityGroupArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecurityGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecurityGroupArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SecurityGroup Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The SecurityGroup resource accepts the following input properties:

    GroupDescription string
    A description for the security group.
    GroupName string
    The name of the security group.
    SecurityGroupEgress List<Pulumi.AwsNative.Ec2.Inputs.SecurityGroupEgress>
    [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    SecurityGroupIngress List<Pulumi.AwsNative.Ec2.Inputs.SecurityGroupIngress>
    The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    Any tags assigned to the security group.
    VpcId string
    The ID of the VPC for the security group.
    GroupDescription string
    A description for the security group.
    GroupName string
    The name of the security group.
    SecurityGroupEgress []SecurityGroupEgressTypeArgs
    [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    SecurityGroupIngress []SecurityGroupIngressTypeArgs
    The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    Tags TagArgs
    Any tags assigned to the security group.
    VpcId string
    The ID of the VPC for the security group.
    groupDescription String
    A description for the security group.
    groupName String
    The name of the security group.
    securityGroupEgress List<SecurityGroupEgress>
    [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    securityGroupIngress List<SecurityGroupIngress>
    The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    tags List<Tag>
    Any tags assigned to the security group.
    vpcId String
    The ID of the VPC for the security group.
    groupDescription string
    A description for the security group.
    groupName string
    The name of the security group.
    securityGroupEgress SecurityGroupEgress[]
    [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    securityGroupIngress SecurityGroupIngress[]
    The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    tags Tag[]
    Any tags assigned to the security group.
    vpcId string
    The ID of the VPC for the security group.
    group_description str
    A description for the security group.
    group_name str
    The name of the security group.
    security_group_egress Sequence[SecurityGroupEgressArgs]
    [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    security_group_ingress Sequence[SecurityGroupIngressArgs]
    The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    tags Sequence[TagArgs]
    Any tags assigned to the security group.
    vpc_id str
    The ID of the VPC for the security group.
    groupDescription String
    A description for the security group.
    groupName String
    The name of the security group.
    securityGroupEgress List<Property Map>
    [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    securityGroupIngress List<Property Map>
    The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
    tags List<Property Map>
    Any tags assigned to the security group.
    vpcId String
    The ID of the VPC for the security group.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecurityGroup resource produces the following output properties:

    AwsId string
    The group name or group ID depending on whether the SG is created in default or specific VPC
    GroupId string
    The group ID of the specified security group.
    Id string
    The provider-assigned unique ID for this managed resource.
    AwsId string
    The group name or group ID depending on whether the SG is created in default or specific VPC
    GroupId string
    The group ID of the specified security group.
    Id string
    The provider-assigned unique ID for this managed resource.
    awsId String
    The group name or group ID depending on whether the SG is created in default or specific VPC
    groupId String
    The group ID of the specified security group.
    id String
    The provider-assigned unique ID for this managed resource.
    awsId string
    The group name or group ID depending on whether the SG is created in default or specific VPC
    groupId string
    The group ID of the specified security group.
    id string
    The provider-assigned unique ID for this managed resource.
    aws_id str
    The group name or group ID depending on whether the SG is created in default or specific VPC
    group_id str
    The group ID of the specified security group.
    id str
    The provider-assigned unique ID for this managed resource.
    awsId String
    The group name or group ID depending on whether the SG is created in default or specific VPC
    groupId String
    The group ID of the specified security group.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    SecurityGroupEgress, SecurityGroupEgressArgs

    IpProtocol string

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    CidrIp string

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    CidrIpv6 string

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    Description string

    A description for the security group rule.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    DestinationPrefixListId string

    The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    DestinationSecurityGroupId string

    The ID of the destination VPC security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    FromPort int
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    ToPort int
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
    IpProtocol string

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    CidrIp string

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    CidrIpv6 string

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    Description string

    A description for the security group rule.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    DestinationPrefixListId string

    The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    DestinationSecurityGroupId string

    The ID of the destination VPC security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    FromPort int
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    ToPort int
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
    ipProtocol String

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    cidrIp String

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    cidrIpv6 String

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    description String

    A description for the security group rule.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    destinationPrefixListId String

    The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    destinationSecurityGroupId String

    The ID of the destination VPC security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    fromPort Integer
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    toPort Integer
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
    ipProtocol string

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    cidrIp string

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    cidrIpv6 string

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    description string

    A description for the security group rule.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    destinationPrefixListId string

    The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    destinationSecurityGroupId string

    The ID of the destination VPC security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    fromPort number
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    toPort number
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
    ip_protocol str

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    cidr_ip str

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    cidr_ipv6 str

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    description str

    A description for the security group rule.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    destination_prefix_list_id str

    The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    destination_security_group_id str

    The ID of the destination VPC security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    from_port int
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    to_port int
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
    ipProtocol String

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    cidrIp String

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    cidrIpv6 String

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    description String

    A description for the security group rule.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    destinationPrefixListId String

    The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    destinationSecurityGroupId String

    The ID of the destination VPC security group.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

    fromPort Number
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    toPort Number
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

    SecurityGroupIngress, SecurityGroupIngressArgs

    IpProtocol string

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    CidrIp string

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    CidrIpv6 string

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    Description string

    Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    FromPort int
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    SourcePrefixListId string
    The ID of a prefix list.
    SourceSecurityGroupId string
    The ID of the security group.
    SourceSecurityGroupName string

    [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    For security groups in a nondefault VPC, you must specify the group ID.

    SourceSecurityGroupOwnerId string

    [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId ; otherwise, this property is optional.

    ToPort int
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
    IpProtocol string

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    CidrIp string

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    CidrIpv6 string

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    Description string

    Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    FromPort int
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    SourcePrefixListId string
    The ID of a prefix list.
    SourceSecurityGroupId string
    The ID of the security group.
    SourceSecurityGroupName string

    [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    For security groups in a nondefault VPC, you must specify the group ID.

    SourceSecurityGroupOwnerId string

    [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId ; otherwise, this property is optional.

    ToPort int
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
    ipProtocol String

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    cidrIp String

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    cidrIpv6 String

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    description String

    Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    fromPort Integer
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    sourcePrefixListId String
    The ID of a prefix list.
    sourceSecurityGroupId String
    The ID of the security group.
    sourceSecurityGroupName String

    [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    For security groups in a nondefault VPC, you must specify the group ID.

    sourceSecurityGroupOwnerId String

    [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId ; otherwise, this property is optional.

    toPort Integer
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
    ipProtocol string

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    cidrIp string

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    cidrIpv6 string

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    description string

    Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    fromPort number
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    sourcePrefixListId string
    The ID of a prefix list.
    sourceSecurityGroupId string
    The ID of the security group.
    sourceSecurityGroupName string

    [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    For security groups in a nondefault VPC, you must specify the group ID.

    sourceSecurityGroupOwnerId string

    [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId ; otherwise, this property is optional.

    toPort number
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
    ip_protocol str

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    cidr_ip str

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    cidr_ipv6 str

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    description str

    Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    from_port int
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    source_prefix_list_id str
    The ID of a prefix list.
    source_security_group_id str
    The ID of the security group.
    source_security_group_name str

    [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    For security groups in a nondefault VPC, you must specify the group ID.

    source_security_group_owner_id str

    [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId ; otherwise, this property is optional.

    to_port int
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
    ipProtocol String

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

    Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

    cidrIp String

    The IPv4 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    cidrIpv6 String

    The IPv6 address range, in CIDR format.

    You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

    For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

    description String

    Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

    Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

    fromPort Number
    If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
    sourcePrefixListId String
    The ID of a prefix list.
    sourceSecurityGroupId String
    The ID of the security group.
    sourceSecurityGroupName String

    [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    For security groups in a nondefault VPC, you must specify the group ID.

    sourceSecurityGroupOwnerId String

    [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

    If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId ; otherwise, this property is optional.

    toPort Number
    If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi