1. Docs
  2. Reference
  3. API
  4. AWS
  5. ec2
  6. SecurityGroup

SecurityGroup

Provides a security group resource.

NOTE on Security Groups and Security Group Rules: This provider currently provides both a standalone Security Group Rule resource (a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.

NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.

Example Usage

Basic Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var allowTls = new Aws.Ec2.SecurityGroup("allowTls", new Aws.Ec2.SecurityGroupArgs
        {
            Description = "Allow TLS inbound traffic",
            VpcId = aws_vpc.Main.Id,
            Ingress = 
            {
                new Aws.Ec2.Inputs.SecurityGroupIngressArgs
                {
                    Description = "TLS from VPC",
                    FromPort = 443,
                    ToPort = 443,
                    Protocol = "tcp",
                    CidrBlocks = 
                    {
                        aws_vpc.Main.Cidr_block,
                    },
                    Ipv6CidrBlocks = 
                    {
                        aws_vpc.Main.Ipv6_cidr_block,
                    },
                },
            },
            Egress = 
            {
                new Aws.Ec2.Inputs.SecurityGroupEgressArgs
                {
                    FromPort = 0,
                    ToPort = 0,
                    Protocol = "-1",
                    CidrBlocks = 
                    {
                        "0.0.0.0/0",
                    },
                    Ipv6CidrBlocks = 
                    {
                        "::/0",
                    },
                },
            },
            Tags = 
            {
                { "Name", "allow_tls" },
            },
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewSecurityGroup(ctx, "allowTls", &ec2.SecurityGroupArgs{
			Description: pulumi.String("Allow TLS inbound traffic"),
			VpcId:       pulumi.Any(aws_vpc.Main.Id),
			Ingress: ec2.SecurityGroupIngressArray{
				&ec2.SecurityGroupIngressArgs{
					Description: pulumi.String("TLS from VPC"),
					FromPort:    pulumi.Int(443),
					ToPort:      pulumi.Int(443),
					Protocol:    pulumi.String("tcp"),
					CidrBlocks: pulumi.StringArray{
						pulumi.Any(aws_vpc.Main.Cidr_block),
					},
					Ipv6CidrBlocks: pulumi.StringArray{
						pulumi.Any(aws_vpc.Main.Ipv6_cidr_block),
					},
				},
			},
			Egress: ec2.SecurityGroupEgressArray{
				&ec2.SecurityGroupEgressArgs{
					FromPort: pulumi.Int(0),
					ToPort:   pulumi.Int(0),
					Protocol: pulumi.String("-1"),
					CidrBlocks: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
					},
					Ipv6CidrBlocks: pulumi.StringArray{
						pulumi.String("::/0"),
					},
				},
			},
			Tags: pulumi.StringMap{
				"Name": pulumi.String("allow_tls"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

import pulumi
import pulumi_aws as aws

allow_tls = aws.ec2.SecurityGroup("allowTls",
    description="Allow TLS inbound traffic",
    vpc_id=aws_vpc["main"]["id"],
    ingress=[aws.ec2.SecurityGroupIngressArgs(
        description="TLS from VPC",
        from_port=443,
        to_port=443,
        protocol="tcp",
        cidr_blocks=[aws_vpc["main"]["cidr_block"]],
        ipv6_cidr_blocks=[aws_vpc["main"]["ipv6_cidr_block"]],
    )],
    egress=[aws.ec2.SecurityGroupEgressArgs(
        from_port=0,
        to_port=0,
        protocol="-1",
        cidr_blocks=["0.0.0.0/0"],
        ipv6_cidr_blocks=["::/0"],
    )],
    tags={
        "Name": "allow_tls",
    })

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const allowTls = new aws.ec2.SecurityGroup("allowTls", {
    description: "Allow TLS inbound traffic",
    vpcId: aws_vpc.main.id,
    ingress: [{
        description: "TLS from VPC",
        fromPort: 443,
        toPort: 443,
        protocol: "tcp",
        cidrBlocks: [aws_vpc.main.cidr_block],
        ipv6CidrBlocks: [aws_vpc.main.ipv6_cidr_block],
    }],
    egress: [{
        fromPort: 0,
        toPort: 0,
        protocol: "-1",
        cidrBlocks: ["0.0.0.0/0"],
        ipv6CidrBlocks: ["::/0"],
    }],
    tags: {
        Name: "allow_tls",
    },
});

Usage With Prefix List IDs

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var myEndpoint = new Aws.Ec2.VpcEndpoint("myEndpoint", new Aws.Ec2.VpcEndpointArgs
        {
        });
        // ... other configuration ...
        // ... other configuration ...
        var example = new Aws.Ec2.SecurityGroup("example", new Aws.Ec2.SecurityGroupArgs
        {
            Egress = 
            {
                new Aws.Ec2.Inputs.SecurityGroupEgressArgs
                {
                    FromPort = 0,
                    ToPort = 0,
                    Protocol = "-1",
                    PrefixListIds = 
                    {
                        myEndpoint.PrefixListId,
                    },
                },
            },
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myEndpoint, err := ec2.NewVpcEndpoint(ctx, "myEndpoint", nil)
		if err != nil {
			return err
		}
		_, err = ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{
			Egress: ec2.SecurityGroupEgressArray{
				&ec2.SecurityGroupEgressArgs{
					FromPort: pulumi.Int(0),
					ToPort:   pulumi.Int(0),
					Protocol: pulumi.String("-1"),
					PrefixListIds: pulumi.StringArray{
						myEndpoint.PrefixListId,
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

import pulumi
import pulumi_aws as aws

my_endpoint = aws.ec2.VpcEndpoint("myEndpoint")
# ... other configuration ...
# ... other configuration ...
example = aws.ec2.SecurityGroup("example", egress=[aws.ec2.SecurityGroupEgressArgs(
    from_port=0,
    to_port=0,
    protocol="-1",
    prefix_list_ids=[my_endpoint.prefix_list_id],
)])

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const myEndpoint = new aws.ec2.VpcEndpoint("myEndpoint", {});
// ... other configuration ...
// ... other configuration ...
const example = new aws.ec2.SecurityGroup("example", {egress: [{
    fromPort: 0,
    toPort: 0,
    protocol: "-1",
    prefixListIds: [myEndpoint.prefixListId],
}]});

Create a SecurityGroup Resource

new SecurityGroup(name: string, args?: SecurityGroupArgs, opts?: CustomResourceOptions);
@overload
def SecurityGroup(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  description: Optional[str] = None,
                  egress: Optional[Sequence[SecurityGroupEgressArgs]] = None,
                  ingress: Optional[Sequence[SecurityGroupIngressArgs]] = None,
                  name: Optional[str] = None,
                  name_prefix: Optional[str] = None,
                  revoke_rules_on_delete: Optional[bool] = None,
                  tags: Optional[Mapping[str, str]] = None,
                  vpc_id: Optional[str] = None)
@overload
def SecurityGroup(resource_name: str,
                  args: Optional[SecurityGroupArgs] = None,
                  opts: Optional[ResourceOptions] = None)
func NewSecurityGroup(ctx *Context, name string, args *SecurityGroupArgs, opts ...ResourceOption) (*SecurityGroup, error)
public SecurityGroup(string name, SecurityGroupArgs? args = null, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args SecurityGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args SecurityGroupArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args SecurityGroupArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args SecurityGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

SecurityGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SecurityGroup resource accepts the following input properties:

Description string
Description of this egress rule.
Egress List<SecurityGroupEgressArgs>
Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
Ingress List<SecurityGroupIngressArgs>
Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
Name string
Name of the security group. If omitted, this provider will assign a random, unique name.
NamePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
RevokeRulesOnDelete bool
Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.
Tags Dictionary<string, string>
Map of tags to assign to the resource.
VpcId string
VPC ID.
Description string
Description of this egress rule.
Egress []SecurityGroupEgressArgs
Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
Ingress []SecurityGroupIngressArgs
Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
Name string
Name of the security group. If omitted, this provider will assign a random, unique name.
NamePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
RevokeRulesOnDelete bool
Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.
Tags map[string]string
Map of tags to assign to the resource.
VpcId string
VPC ID.
description string
Description of this egress rule.
egress SecurityGroupEgressArgs[]
Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
ingress SecurityGroupIngressArgs[]
Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
name string
Name of the security group. If omitted, this provider will assign a random, unique name.
namePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
revokeRulesOnDelete boolean
Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.
tags {[key: string]: string}
Map of tags to assign to the resource.
vpcId string
VPC ID.
description str
Description of this egress rule.
egress Sequence[SecurityGroupEgressArgs]
Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
ingress Sequence[SecurityGroupIngressArgs]
Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
name str
Name of the security group. If omitted, this provider will assign a random, unique name.
name_prefix str
Creates a unique name beginning with the specified prefix. Conflicts with name.
revoke_rules_on_delete bool
Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.
tags Mapping[str, str]
Map of tags to assign to the resource.
vpc_id str
VPC ID.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecurityGroup resource produces the following output properties:

Arn string
ARN of the security group.
Id string
The provider-assigned unique ID for this managed resource.
OwnerId string
Owner ID.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
Arn string
ARN of the security group.
Id string
The provider-assigned unique ID for this managed resource.
OwnerId string
Owner ID.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
arn string
ARN of the security group.
id string
The provider-assigned unique ID for this managed resource.
ownerId string
Owner ID.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
arn str
ARN of the security group.
id str
The provider-assigned unique ID for this managed resource.
owner_id str
Owner ID.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .

Look up an Existing SecurityGroup Resource

Get an existing SecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecurityGroupState, opts?: CustomResourceOptions): SecurityGroup
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        description: Optional[str] = None,
        egress: Optional[Sequence[SecurityGroupEgressArgs]] = None,
        ingress: Optional[Sequence[SecurityGroupIngressArgs]] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        owner_id: Optional[str] = None,
        revoke_rules_on_delete: Optional[bool] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        vpc_id: Optional[str] = None) -> SecurityGroup
func GetSecurityGroup(ctx *Context, name string, id IDInput, state *SecurityGroupState, opts ...ResourceOption) (*SecurityGroup, error)
public static SecurityGroup Get(string name, Input<string> id, SecurityGroupState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string
ARN of the security group.
Description string
Description of this egress rule.
Egress List<SecurityGroupEgressArgs>
Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
Ingress List<SecurityGroupIngressArgs>
Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
Name string
Name of the security group. If omitted, this provider will assign a random, unique name.
NamePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
OwnerId string
Owner ID.
RevokeRulesOnDelete bool
Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.
Tags Dictionary<string, string>
Map of tags to assign to the resource.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
VpcId string
VPC ID.
Arn string
ARN of the security group.
Description string
Description of this egress rule.
Egress []SecurityGroupEgressArgs
Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
Ingress []SecurityGroupIngressArgs
Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
Name string
Name of the security group. If omitted, this provider will assign a random, unique name.
NamePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
OwnerId string
Owner ID.
RevokeRulesOnDelete bool
Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.
Tags map[string]string
Map of tags to assign to the resource.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
VpcId string
VPC ID.
arn string
ARN of the security group.
description string
Description of this egress rule.
egress SecurityGroupEgressArgs[]
Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
ingress SecurityGroupIngressArgs[]
Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
name string
Name of the security group. If omitted, this provider will assign a random, unique name.
namePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
ownerId string
Owner ID.
revokeRulesOnDelete boolean
Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.
tags {[key: string]: string}
Map of tags to assign to the resource.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
vpcId string
VPC ID.
arn str
ARN of the security group.
description str
Description of this egress rule.
egress Sequence[SecurityGroupEgressArgs]
Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
ingress Sequence[SecurityGroupIngressArgs]
Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
name str
Name of the security group. If omitted, this provider will assign a random, unique name.
name_prefix str
Creates a unique name beginning with the specified prefix. Conflicts with name.
owner_id str
Owner ID.
revoke_rules_on_delete bool
Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.
tags Mapping[str, str]
Map of tags to assign to the resource.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .
vpc_id str
VPC ID.

Supporting Types

SecurityGroupEgress

FromPort int
Start port (or ICMP type number if protocol is icmp)
Protocol string
Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference. This argument is normalized to a lowercase value.
ToPort int
End range port (or ICMP code if protocol is icmp).
CidrBlocks List<string>
List of CIDR blocks.
Description string
Description of this egress rule.
Ipv6CidrBlocks List<string>
List of IPv6 CIDR blocks.
PrefixListIds List<string>
List of Prefix List IDs.
SecurityGroups List<string>
List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.
Self bool
Whether the security group itself will be added as a source to this egress rule.
FromPort int
Start port (or ICMP type number if protocol is icmp)
Protocol string
Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference. This argument is normalized to a lowercase value.
ToPort int
End range port (or ICMP code if protocol is icmp).
CidrBlocks []string
List of CIDR blocks.
Description string
Description of this egress rule.
Ipv6CidrBlocks []string
List of IPv6 CIDR blocks.
PrefixListIds []string
List of Prefix List IDs.
SecurityGroups []string
List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.
Self bool
Whether the security group itself will be added as a source to this egress rule.
fromPort number
Start port (or ICMP type number if protocol is icmp)
protocol string
Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference. This argument is normalized to a lowercase value.
toPort number
End range port (or ICMP code if protocol is icmp).
cidrBlocks string[]
List of CIDR blocks.
description string
Description of this egress rule.
ipv6CidrBlocks string[]
List of IPv6 CIDR blocks.
prefixListIds string[]
List of Prefix List IDs.
securityGroups string[]
List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.
self boolean
Whether the security group itself will be added as a source to this egress rule.
from_port int
Start port (or ICMP type number if protocol is icmp)
protocol str
Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference. This argument is normalized to a lowercase value.
to_port int
End range port (or ICMP code if protocol is icmp).
cidr_blocks Sequence[str]
List of CIDR blocks.
description str
Description of this egress rule.
ipv6_cidr_blocks Sequence[str]
List of IPv6 CIDR blocks.
prefix_list_ids Sequence[str]
List of Prefix List IDs.
security_groups Sequence[str]
List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.
self bool
Whether the security group itself will be added as a source to this egress rule.

SecurityGroupIngress

FromPort int
Start port (or ICMP type number if protocol is icmp)
Protocol string
Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference. This argument is normalized to a lowercase value.
ToPort int
End range port (or ICMP code if protocol is icmp).
CidrBlocks List<string>
List of CIDR blocks.
Description string
Description of this egress rule.
Ipv6CidrBlocks List<string>
List of IPv6 CIDR blocks.
PrefixListIds List<string>
List of Prefix List IDs.
SecurityGroups List<string>
List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.
Self bool
Whether the security group itself will be added as a source to this egress rule.
FromPort int
Start port (or ICMP type number if protocol is icmp)
Protocol string
Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference. This argument is normalized to a lowercase value.
ToPort int
End range port (or ICMP code if protocol is icmp).
CidrBlocks []string
List of CIDR blocks.
Description string
Description of this egress rule.
Ipv6CidrBlocks []string
List of IPv6 CIDR blocks.
PrefixListIds []string
List of Prefix List IDs.
SecurityGroups []string
List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.
Self bool
Whether the security group itself will be added as a source to this egress rule.
fromPort number
Start port (or ICMP type number if protocol is icmp)
protocol string
Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference. This argument is normalized to a lowercase value.
toPort number
End range port (or ICMP code if protocol is icmp).
cidrBlocks string[]
List of CIDR blocks.
description string
Description of this egress rule.
ipv6CidrBlocks string[]
List of IPv6 CIDR blocks.
prefixListIds string[]
List of Prefix List IDs.
securityGroups string[]
List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.
self boolean
Whether the security group itself will be added as a source to this egress rule.
from_port int
Start port (or ICMP type number if protocol is icmp)
protocol str
Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference. This argument is normalized to a lowercase value.
to_port int
End range port (or ICMP code if protocol is icmp).
cidr_blocks Sequence[str]
List of CIDR blocks.
description str
Description of this egress rule.
ipv6_cidr_blocks Sequence[str]
List of IPv6 CIDR blocks.
prefix_list_ids Sequence[str]
List of Prefix List IDs.
security_groups Sequence[str]
List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.
self bool
Whether the security group itself will be added as a source to this egress rule.

Import

Security Groups can be imported using the security group id, e.g.

 $ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.
Register now for The Cloud Engineering Summit.