AWS Native v0.109.0, Jun 26 24

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.ec2.SecurityGroupEgress

Explore with Pulumi AI

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi

pulumi/pulumi-aws-native

Adds the specified outbound (egress) rule to a security group. An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see Security group rules. You must specify exactly one of the following destinations: an IPv4 address range, an IPv6 address range, a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1. Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.

Create SecurityGroupEgress Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SecurityGroupEgress(name: string, args: SecurityGroupEgressArgs, opts?: CustomResourceOptions);

@overload
def SecurityGroupEgress(resource_name: str,
                        args: SecurityGroupEgressInitArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def SecurityGroupEgress(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        group_id: Optional[str] = None,
                        ip_protocol: Optional[str] = None,
                        cidr_ip: Optional[str] = None,
                        cidr_ipv6: Optional[str] = None,
                        description: Optional[str] = None,
                        destination_prefix_list_id: Optional[str] = None,
                        destination_security_group_id: Optional[str] = None,
                        from_port: Optional[int] = None,
                        to_port: Optional[int] = None)

func NewSecurityGroupEgress(ctx *Context, name string, args SecurityGroupEgressArgs, opts ...ResourceOption) (*SecurityGroupEgress, error)

public SecurityGroupEgress(string name, SecurityGroupEgressArgs args, CustomResourceOptions? opts = null)

public SecurityGroupEgress(String name, SecurityGroupEgressArgs args)
public SecurityGroupEgress(String name, SecurityGroupEgressArgs args, CustomResourceOptions options)

type: aws-native:ec2:SecurityGroupEgress
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SecurityGroupEgressArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SecurityGroupEgressInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecurityGroupEgressArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecurityGroupEgressArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SecurityGroupEgressArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

SecurityGroupEgress Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SecurityGroupEgress resource accepts the following input properties:

GroupId string: The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
IpProtocol string: The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers). Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
CidrIp string: The IPv4 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
CidrIpv6 string: The IPv6 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
Description string: The description of an egress (outbound) security group rule. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
DestinationPrefixListId string: The prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
DestinationSecurityGroupId string: The ID of the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
FromPort int: If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
ToPort int: If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

GroupId string: The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
IpProtocol string: The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers). Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
CidrIp string: The IPv4 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
CidrIpv6 string: The IPv6 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
Description string: The description of an egress (outbound) security group rule. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
DestinationPrefixListId string: The prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
DestinationSecurityGroupId string: The ID of the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
FromPort int: If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
ToPort int: If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

groupId String: The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
ipProtocol String: The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers). Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
cidrIp String: The IPv4 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
cidrIpv6 String: The IPv6 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
description String: The description of an egress (outbound) security group rule. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
destinationPrefixListId String: The prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
destinationSecurityGroupId String: The ID of the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
fromPort Integer: If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
toPort Integer: If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

groupId string: The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
ipProtocol string: The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers). Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
cidrIp string: The IPv4 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
cidrIpv6 string: The IPv6 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
description string: The description of an egress (outbound) security group rule. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
destinationPrefixListId string: The prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
destinationSecurityGroupId string: The ID of the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
fromPort number: If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
toPort number: If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

group_id str: The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
ip_protocol str: The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers). Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
cidr_ip str: The IPv4 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
cidr_ipv6 str: The IPv6 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
description str: The description of an egress (outbound) security group rule. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
destination_prefix_list_id str: The prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
destination_security_group_id str: The ID of the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
from_port int: If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
to_port int: If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

groupId String: The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
ipProtocol String: The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers). Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
cidrIp String: The IPv4 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
cidrIpv6 String: The IPv6 address range, in CIDR format. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the User Guide.
description String: The description of an egress (outbound) security group rule. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
destinationPrefixListId String: The prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
destinationSecurityGroupId String: The ID of the security group. You must specify exactly one of the following: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.
fromPort Number: If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
toPort Number: If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityGroupEgress resource produces the following output properties:

AwsId string
Id string: The provider-assigned unique ID for this managed resource.

AwsId string
Id string: The provider-assigned unique ID for this managed resource.

awsId String
id String: The provider-assigned unique ID for this managed resource.

awsId string
id string: The provider-assigned unique ID for this managed resource.

aws_id str
id str: The provider-assigned unique ID for this managed resource.

awsId String
id String: The provider-assigned unique ID for this managed resource.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.ec2.SecurityGroupEgress

On this page

On this page

Create SecurityGroupEgress Resource

Constructor syntax

Parameters

SecurityGroupEgress Resource Properties

Inputs

Outputs

Package Details

On this page

On this page