We recommend new projects start with resources from the AWS provider.
aws-native.ec2.SecurityGroup
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
Resource Type definition for AWS::EC2::SecurityGroup
Create SecurityGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SecurityGroup(name: string, args: SecurityGroupArgs, opts?: CustomResourceOptions);
@overload
def SecurityGroup(resource_name: str,
args: SecurityGroupArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SecurityGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
group_description: Optional[str] = None,
group_name: Optional[str] = None,
security_group_egress: Optional[Sequence[SecurityGroupEgressArgs]] = None,
security_group_ingress: Optional[Sequence[SecurityGroupIngressArgs]] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
vpc_id: Optional[str] = None)
func NewSecurityGroup(ctx *Context, name string, args SecurityGroupArgs, opts ...ResourceOption) (*SecurityGroup, error)
public SecurityGroup(string name, SecurityGroupArgs args, CustomResourceOptions? opts = null)
public SecurityGroup(String name, SecurityGroupArgs args)
public SecurityGroup(String name, SecurityGroupArgs args, CustomResourceOptions options)
type: aws-native:ec2:SecurityGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SecurityGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecurityGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecurityGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecurityGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecurityGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
SecurityGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SecurityGroup resource accepts the following input properties:
- Group
Description string - A description for the security group.
- Group
Name string - The name of the security group.
- Security
Group List<Pulumi.Egress Aws Native. Ec2. Inputs. Security Group Egress> - [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- Security
Group List<Pulumi.Ingress Aws Native. Ec2. Inputs. Security Group Ingress> - The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- List<Pulumi.
Aws Native. Inputs. Tag> - Any tags assigned to the security group.
- Vpc
Id string - The ID of the VPC for the security group.
- Group
Description string - A description for the security group.
- Group
Name string - The name of the security group.
- Security
Group []SecurityEgress Group Egress Type Args - [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- Security
Group []SecurityIngress Group Ingress Type Args - The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- Tag
Args - Any tags assigned to the security group.
- Vpc
Id string - The ID of the VPC for the security group.
- group
Description String - A description for the security group.
- group
Name String - The name of the security group.
- security
Group List<SecurityEgress Group Egress> - [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- security
Group List<SecurityIngress Group Ingress> - The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- List<Tag>
- Any tags assigned to the security group.
- vpc
Id String - The ID of the VPC for the security group.
- group
Description string - A description for the security group.
- group
Name string - The name of the security group.
- security
Group SecurityEgress Group Egress[] - [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- security
Group SecurityIngress Group Ingress[] - The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- Tag[]
- Any tags assigned to the security group.
- vpc
Id string - The ID of the VPC for the security group.
- group_
description str - A description for the security group.
- group_
name str - The name of the security group.
- security_
group_ Sequence[Securityegress Group Egress Args] - [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- security_
group_ Sequence[Securityingress Group Ingress Args] - The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- Sequence[Tag
Args] - Any tags assigned to the security group.
- vpc_
id str - The ID of the VPC for the security group.
- group
Description String - A description for the security group.
- group
Name String - The name of the security group.
- security
Group List<Property Map>Egress - [VPC only] The outbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- security
Group List<Property Map>Ingress - The inbound rules associated with the security group. There is a short interruption during which you cannot connect to the security group.
- List<Property Map>
- Any tags assigned to the security group.
- vpc
Id String - The ID of the VPC for the security group.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecurityGroup resource produces the following output properties:
Supporting Types
SecurityGroupEgress, SecurityGroupEgressArgs
- Ip
Protocol string The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- Cidr
Ip string The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- Cidr
Ipv6 string The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- Description string
A description for the security group rule.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- Destination
Prefix stringList Id The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- Destination
Security stringGroup Id The ID of the destination VPC security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- From
Port int - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- To
Port int - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- Ip
Protocol string The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- Cidr
Ip string The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- Cidr
Ipv6 string The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- Description string
A description for the security group rule.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- Destination
Prefix stringList Id The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- Destination
Security stringGroup Id The ID of the destination VPC security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- From
Port int - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- To
Port int - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- ip
Protocol String The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- cidr
Ip String The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- cidr
Ipv6 String The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- description String
A description for the security group rule.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- destination
Prefix StringList Id The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- destination
Security StringGroup Id The ID of the destination VPC security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- from
Port Integer - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- to
Port Integer - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- ip
Protocol string The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- cidr
Ip string The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- cidr
Ipv6 string The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- description string
A description for the security group rule.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- destination
Prefix stringList Id The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- destination
Security stringGroup Id The ID of the destination VPC security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- from
Port number - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- to
Port number - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- ip_
protocol str The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- cidr_
ip str The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- cidr_
ipv6 str The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- description str
A description for the security group rule.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- destination_
prefix_ strlist_ id The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- destination_
security_ strgroup_ id The ID of the destination VPC security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- from_
port int - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- to_
port int - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- ip
Protocol String The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- cidr
Ip String The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- cidr
Ipv6 String The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- description String
A description for the security group rule.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- destination
Prefix StringList Id The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- destination
Security StringGroup Id The ID of the destination VPC security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.- from
Port Number - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- to
Port Number - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
SecurityGroupIngress, SecurityGroupIngressArgs
- Ip
Protocol string The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- Cidr
Ip string The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- Cidr
Ipv6 string The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- Description string
Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- From
Port int - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- Source
Prefix stringList Id - The ID of a prefix list.
- Source
Security stringGroup Id - The ID of the security group.
- Source
Security stringGroup Name [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
For security groups in a nondefault VPC, you must specify the group ID.
- Source
Security stringGroup Owner Id [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
If you specify
SourceSecurityGroupName
orSourceSecurityGroupId
and that security group is owned by a different account than the account creating the stack, you must specify theSourceSecurityGroupOwnerId
; otherwise, this property is optional.- To
Port int - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- Ip
Protocol string The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- Cidr
Ip string The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- Cidr
Ipv6 string The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- Description string
Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- From
Port int - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- Source
Prefix stringList Id - The ID of a prefix list.
- Source
Security stringGroup Id - The ID of the security group.
- Source
Security stringGroup Name [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
For security groups in a nondefault VPC, you must specify the group ID.
- Source
Security stringGroup Owner Id [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
If you specify
SourceSecurityGroupName
orSourceSecurityGroupId
and that security group is owned by a different account than the account creating the stack, you must specify theSourceSecurityGroupOwnerId
; otherwise, this property is optional.- To
Port int - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- ip
Protocol String The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- cidr
Ip String The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- cidr
Ipv6 String The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- description String
Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- from
Port Integer - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- source
Prefix StringList Id - The ID of a prefix list.
- source
Security StringGroup Id - The ID of the security group.
- source
Security StringGroup Name [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
For security groups in a nondefault VPC, you must specify the group ID.
- source
Security StringGroup Owner Id [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
If you specify
SourceSecurityGroupName
orSourceSecurityGroupId
and that security group is owned by a different account than the account creating the stack, you must specify theSourceSecurityGroupOwnerId
; otherwise, this property is optional.- to
Port Integer - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- ip
Protocol string The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- cidr
Ip string The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- cidr
Ipv6 string The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- description string
Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- from
Port number - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- source
Prefix stringList Id - The ID of a prefix list.
- source
Security stringGroup Id - The ID of the security group.
- source
Security stringGroup Name [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
For security groups in a nondefault VPC, you must specify the group ID.
- source
Security stringGroup Owner Id [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
If you specify
SourceSecurityGroupName
orSourceSecurityGroupId
and that security group is owned by a different account than the account creating the stack, you must specify theSourceSecurityGroupOwnerId
; otherwise, this property is optional.- to
Port number - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- ip_
protocol str The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- cidr_
ip str The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- cidr_
ipv6 str The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- description str
Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- from_
port int - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- source_
prefix_ strlist_ id - The ID of a prefix list.
- source_
security_ strgroup_ id - The ID of the security group.
- source_
security_ strgroup_ name [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
For security groups in a nondefault VPC, you must specify the group ID.
- source_
security_ strgroup_ owner_ id [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
If you specify
SourceSecurityGroupName
orSourceSecurityGroupId
and that security group is owned by a different account than the account creating the stack, you must specify theSourceSecurityGroupOwnerId
; otherwise, this property is optional.- to_
port int - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- ip
Protocol String The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- cidr
Ip String The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- cidr
Ipv6 String The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- description String
Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- from
Port Number - If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- source
Prefix StringList Id - The ID of a prefix list.
- source
Security StringGroup Id - The ID of the security group.
- source
Security StringGroup Name [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
For security groups in a nondefault VPC, you must specify the group ID.
- source
Security StringGroup Owner Id [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
If you specify
SourceSecurityGroupName
orSourceSecurityGroupId
and that security group is owned by a different account than the account creating the stack, you must specify theSourceSecurityGroupOwnerId
; otherwise, this property is optional.- to
Port Number - If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
Tag, TagArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.