1. Packages
  2. AWS Classic
  3. API Docs
  4. ec2
  5. DefaultSecurityGroup

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.24.0 published on Tuesday, Feb 27, 2024 by Pulumi

aws.ec2.DefaultSecurityGroup

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.24.0 published on Tuesday, Feb 27, 2024 by Pulumi

    Provides a resource to manage a default security group. This resource can manage the default security group of the default or a non-default VPC.

    NOTE: This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The aws.ec2.DefaultSecurityGroup resource behaves differently from normal resources. This provider does not create this resource but instead attempts to “adopt” it into management.

    When the provider first begins managing the default security group, it immediately removes all ingress and egress rules in the Security Group. It then creates any rules specified in the configuration. This way only the rules specified in the configuration are created.

    This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diff shown. For these reasons, this resource is incompatible with the aws.ec2.SecurityGroupRule resource.

    For more information about default security groups, see the AWS documentation on [Default Security Groups][aws-default-security-groups]. To manage normal security groups, see the aws.ec2.SecurityGroup resource.

    Example Usage

    The following config gives the default security group the same rules that AWS provides by default but under management by this provider. This means that any ingress or egress rules added or changed will be detected as drift.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
        {
            CidrBlock = "10.1.0.0/16",
        });
    
        var @default = new Aws.Ec2.DefaultSecurityGroup("default", new()
        {
            VpcId = mainvpc.Id,
            Ingress = new[]
            {
                new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
                {
                    Protocol = "-1",
                    Self = true,
                    FromPort = 0,
                    ToPort = 0,
                },
            },
            Egress = new[]
            {
                new Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs
                {
                    FromPort = 0,
                    ToPort = 0,
                    Protocol = "-1",
                    CidrBlocks = new[]
                    {
                        "0.0.0.0/0",
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
    			CidrBlock: pulumi.String("10.1.0.0/16"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewDefaultSecurityGroup(ctx, "default", &ec2.DefaultSecurityGroupArgs{
    			VpcId: mainvpc.ID(),
    			Ingress: ec2.DefaultSecurityGroupIngressArray{
    				&ec2.DefaultSecurityGroupIngressArgs{
    					Protocol: pulumi.String("-1"),
    					Self:     pulumi.Bool(true),
    					FromPort: pulumi.Int(0),
    					ToPort:   pulumi.Int(0),
    				},
    			},
    			Egress: ec2.DefaultSecurityGroupEgressArray{
    				&ec2.DefaultSecurityGroupEgressArgs{
    					FromPort: pulumi.Int(0),
    					ToPort:   pulumi.Int(0),
    					Protocol: pulumi.String("-1"),
    					CidrBlocks: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws as aws
    
    mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
    default = aws.ec2.DefaultSecurityGroup("default",
        vpc_id=mainvpc.id,
        ingress=[aws.ec2.DefaultSecurityGroupIngressArgs(
            protocol="-1",
            self=True,
            from_port=0,
            to_port=0,
        )],
        egress=[aws.ec2.DefaultSecurityGroupEgressArgs(
            from_port=0,
            to_port=0,
            protocol="-1",
            cidr_blocks=["0.0.0.0/0"],
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
    const _default = new aws.ec2.DefaultSecurityGroup("default", {
        vpcId: mainvpc.id,
        ingress: [{
            protocol: "-1",
            self: true,
            fromPort: 0,
            toPort: 0,
        }],
        egress: [{
            fromPort: 0,
            toPort: 0,
            protocol: "-1",
            cidrBlocks: ["0.0.0.0/0"],
        }],
    });
    

    Coming soon!

    Example Config To Deny All Egress Traffic, Allowing Ingress

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
        {
            CidrBlock = "10.1.0.0/16",
        });
    
        var @default = new Aws.Ec2.DefaultSecurityGroup("default", new()
        {
            VpcId = mainvpc.Id,
            Ingress = new[]
            {
                new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
                {
                    Protocol = "-1",
                    Self = true,
                    FromPort = 0,
                    ToPort = 0,
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
    			CidrBlock: pulumi.String("10.1.0.0/16"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewDefaultSecurityGroup(ctx, "default", &ec2.DefaultSecurityGroupArgs{
    			VpcId: mainvpc.ID(),
    			Ingress: ec2.DefaultSecurityGroupIngressArray{
    				&ec2.DefaultSecurityGroupIngressArgs{
    					Protocol: pulumi.String("-1"),
    					Self:     pulumi.Bool(true),
    					FromPort: pulumi.Int(0),
    					ToPort:   pulumi.Int(0),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws as aws
    
    mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
    default = aws.ec2.DefaultSecurityGroup("default",
        vpc_id=mainvpc.id,
        ingress=[aws.ec2.DefaultSecurityGroupIngressArgs(
            protocol="-1",
            self=True,
            from_port=0,
            to_port=0,
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
    const _default = new aws.ec2.DefaultSecurityGroup("default", {
        vpcId: mainvpc.id,
        ingress: [{
            protocol: "-1",
            self: true,
            fromPort: 0,
            toPort: 0,
        }],
    });
    

    Coming soon!

    Create DefaultSecurityGroup Resource

    new DefaultSecurityGroup(name: string, args?: DefaultSecurityGroupArgs, opts?: CustomResourceOptions);
    @overload
    def DefaultSecurityGroup(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             egress: Optional[Sequence[DefaultSecurityGroupEgressArgs]] = None,
                             ingress: Optional[Sequence[DefaultSecurityGroupIngressArgs]] = None,
                             revoke_rules_on_delete: Optional[bool] = None,
                             tags: Optional[Mapping[str, str]] = None,
                             vpc_id: Optional[str] = None)
    @overload
    def DefaultSecurityGroup(resource_name: str,
                             args: Optional[DefaultSecurityGroupArgs] = None,
                             opts: Optional[ResourceOptions] = None)
    func NewDefaultSecurityGroup(ctx *Context, name string, args *DefaultSecurityGroupArgs, opts ...ResourceOption) (*DefaultSecurityGroup, error)
    public DefaultSecurityGroup(string name, DefaultSecurityGroupArgs? args = null, CustomResourceOptions? opts = null)
    public DefaultSecurityGroup(String name, DefaultSecurityGroupArgs args)
    public DefaultSecurityGroup(String name, DefaultSecurityGroupArgs args, CustomResourceOptions options)
    
    type: aws:ec2:DefaultSecurityGroup
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args DefaultSecurityGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DefaultSecurityGroupArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DefaultSecurityGroupArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DefaultSecurityGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DefaultSecurityGroupArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    DefaultSecurityGroup Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The DefaultSecurityGroup resource accepts the following input properties:

    Egress List<DefaultSecurityGroupEgress>
    Configuration block. Detailed below.
    Ingress List<DefaultSecurityGroupIngress>
    Configuration block. Detailed below.
    RevokeRulesOnDelete bool
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    VpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    Egress []DefaultSecurityGroupEgressArgs
    Configuration block. Detailed below.
    Ingress []DefaultSecurityGroupIngressArgs
    Configuration block. Detailed below.
    RevokeRulesOnDelete bool
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    VpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    egress List<DefaultSecurityGroupEgress>
    Configuration block. Detailed below.
    ingress List<DefaultSecurityGroupIngress>
    Configuration block. Detailed below.
    revokeRulesOnDelete Boolean
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpcId String
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    egress DefaultSecurityGroupEgress[]
    Configuration block. Detailed below.
    ingress DefaultSecurityGroupIngress[]
    Configuration block. Detailed below.
    revokeRulesOnDelete boolean
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    egress Sequence[DefaultSecurityGroupEgressArgs]
    Configuration block. Detailed below.
    ingress Sequence[DefaultSecurityGroupIngressArgs]
    Configuration block. Detailed below.
    revoke_rules_on_delete bool
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpc_id str
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    egress List<Property Map>
    Configuration block. Detailed below.
    ingress List<Property Map>
    Configuration block. Detailed below.
    revokeRulesOnDelete Boolean
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpcId String
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DefaultSecurityGroup resource produces the following output properties:

    Arn string
    ARN of the security group.
    Description string
    Description of this rule.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Name of the security group.
    NamePrefix string
    OwnerId string
    Owner ID.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    Arn string
    ARN of the security group.
    Description string
    Description of this rule.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Name of the security group.
    NamePrefix string
    OwnerId string
    Owner ID.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn String
    ARN of the security group.
    description String
    Description of this rule.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Name of the security group.
    namePrefix String
    ownerId String
    Owner ID.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn string
    ARN of the security group.
    description string
    Description of this rule.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    Name of the security group.
    namePrefix string
    ownerId string
    Owner ID.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn str
    ARN of the security group.
    description str
    Description of this rule.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    Name of the security group.
    name_prefix str
    owner_id str
    Owner ID.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn String
    ARN of the security group.
    description String
    Description of this rule.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Name of the security group.
    namePrefix String
    ownerId String
    Owner ID.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    Look up Existing DefaultSecurityGroup Resource

    Get an existing DefaultSecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DefaultSecurityGroupState, opts?: CustomResourceOptions): DefaultSecurityGroup
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            description: Optional[str] = None,
            egress: Optional[Sequence[DefaultSecurityGroupEgressArgs]] = None,
            ingress: Optional[Sequence[DefaultSecurityGroupIngressArgs]] = None,
            name: Optional[str] = None,
            name_prefix: Optional[str] = None,
            owner_id: Optional[str] = None,
            revoke_rules_on_delete: Optional[bool] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            vpc_id: Optional[str] = None) -> DefaultSecurityGroup
    func GetDefaultSecurityGroup(ctx *Context, name string, id IDInput, state *DefaultSecurityGroupState, opts ...ResourceOption) (*DefaultSecurityGroup, error)
    public static DefaultSecurityGroup Get(string name, Input<string> id, DefaultSecurityGroupState? state, CustomResourceOptions? opts = null)
    public static DefaultSecurityGroup get(String name, Output<String> id, DefaultSecurityGroupState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    ARN of the security group.
    Description string
    Description of this rule.
    Egress List<DefaultSecurityGroupEgress>
    Configuration block. Detailed below.
    Ingress List<DefaultSecurityGroupIngress>
    Configuration block. Detailed below.
    Name string
    Name of the security group.
    NamePrefix string
    OwnerId string
    Owner ID.
    RevokeRulesOnDelete bool
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    VpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    Arn string
    ARN of the security group.
    Description string
    Description of this rule.
    Egress []DefaultSecurityGroupEgressArgs
    Configuration block. Detailed below.
    Ingress []DefaultSecurityGroupIngressArgs
    Configuration block. Detailed below.
    Name string
    Name of the security group.
    NamePrefix string
    OwnerId string
    Owner ID.
    RevokeRulesOnDelete bool
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    VpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    arn String
    ARN of the security group.
    description String
    Description of this rule.
    egress List<DefaultSecurityGroupEgress>
    Configuration block. Detailed below.
    ingress List<DefaultSecurityGroupIngress>
    Configuration block. Detailed below.
    name String
    Name of the security group.
    namePrefix String
    ownerId String
    Owner ID.
    revokeRulesOnDelete Boolean
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    vpcId String
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    arn string
    ARN of the security group.
    description string
    Description of this rule.
    egress DefaultSecurityGroupEgress[]
    Configuration block. Detailed below.
    ingress DefaultSecurityGroupIngress[]
    Configuration block. Detailed below.
    name string
    Name of the security group.
    namePrefix string
    ownerId string
    Owner ID.
    revokeRulesOnDelete boolean
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    vpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    arn str
    ARN of the security group.
    description str
    Description of this rule.
    egress Sequence[DefaultSecurityGroupEgressArgs]
    Configuration block. Detailed below.
    ingress Sequence[DefaultSecurityGroupIngressArgs]
    Configuration block. Detailed below.
    name str
    Name of the security group.
    name_prefix str
    owner_id str
    Owner ID.
    revoke_rules_on_delete bool
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    vpc_id str
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    arn String
    ARN of the security group.
    description String
    Description of this rule.
    egress List<Property Map>
    Configuration block. Detailed below.
    ingress List<Property Map>
    Configuration block. Detailed below.
    name String
    Name of the security group.
    namePrefix String
    ownerId String
    Owner ID.
    revokeRulesOnDelete Boolean
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    vpcId String
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

    Supporting Types

    DefaultSecurityGroupEgress, DefaultSecurityGroupEgressArgs

    FromPort int
    Start port (or ICMP type number if protocol is icmp)
    Protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    ToPort int
    End range port (or ICMP code if protocol is icmp).
    CidrBlocks List<string>
    List of CIDR blocks.
    Description string
    Description of this rule.
    Ipv6CidrBlocks List<string>
    List of IPv6 CIDR blocks.
    PrefixListIds List<string>
    List of prefix list IDs (for allowing access to VPC endpoints)
    SecurityGroups List<string>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    Self bool
    Whether the security group itself will be added as a source to this egress rule.
    FromPort int
    Start port (or ICMP type number if protocol is icmp)
    Protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    ToPort int
    End range port (or ICMP code if protocol is icmp).
    CidrBlocks []string
    List of CIDR blocks.
    Description string
    Description of this rule.
    Ipv6CidrBlocks []string
    List of IPv6 CIDR blocks.
    PrefixListIds []string
    List of prefix list IDs (for allowing access to VPC endpoints)
    SecurityGroups []string
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    Self bool
    Whether the security group itself will be added as a source to this egress rule.
    fromPort Integer
    Start port (or ICMP type number if protocol is icmp)
    protocol String
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort Integer
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks List<String>
    List of CIDR blocks.
    description String
    Description of this rule.
    ipv6CidrBlocks List<String>
    List of IPv6 CIDR blocks.
    prefixListIds List<String>
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups List<String>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self Boolean
    Whether the security group itself will be added as a source to this egress rule.
    fromPort number
    Start port (or ICMP type number if protocol is icmp)
    protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort number
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks string[]
    List of CIDR blocks.
    description string
    Description of this rule.
    ipv6CidrBlocks string[]
    List of IPv6 CIDR blocks.
    prefixListIds string[]
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups string[]
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self boolean
    Whether the security group itself will be added as a source to this egress rule.
    from_port int
    Start port (or ICMP type number if protocol is icmp)
    protocol str
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    to_port int
    End range port (or ICMP code if protocol is icmp).
    cidr_blocks Sequence[str]
    List of CIDR blocks.
    description str
    Description of this rule.
    ipv6_cidr_blocks Sequence[str]
    List of IPv6 CIDR blocks.
    prefix_list_ids Sequence[str]
    List of prefix list IDs (for allowing access to VPC endpoints)
    security_groups Sequence[str]
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self bool
    Whether the security group itself will be added as a source to this egress rule.
    fromPort Number
    Start port (or ICMP type number if protocol is icmp)
    protocol String
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort Number
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks List<String>
    List of CIDR blocks.
    description String
    Description of this rule.
    ipv6CidrBlocks List<String>
    List of IPv6 CIDR blocks.
    prefixListIds List<String>
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups List<String>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self Boolean
    Whether the security group itself will be added as a source to this egress rule.

    DefaultSecurityGroupIngress, DefaultSecurityGroupIngressArgs

    FromPort int
    Start port (or ICMP type number if protocol is icmp)
    Protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    ToPort int
    End range port (or ICMP code if protocol is icmp).
    CidrBlocks List<string>
    List of CIDR blocks.
    Description string
    Description of this rule.
    Ipv6CidrBlocks List<string>
    List of IPv6 CIDR blocks.
    PrefixListIds List<string>
    List of prefix list IDs (for allowing access to VPC endpoints)
    SecurityGroups List<string>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    Self bool
    Whether the security group itself will be added as a source to this egress rule.
    FromPort int
    Start port (or ICMP type number if protocol is icmp)
    Protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    ToPort int
    End range port (or ICMP code if protocol is icmp).
    CidrBlocks []string
    List of CIDR blocks.
    Description string
    Description of this rule.
    Ipv6CidrBlocks []string
    List of IPv6 CIDR blocks.
    PrefixListIds []string
    List of prefix list IDs (for allowing access to VPC endpoints)
    SecurityGroups []string
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    Self bool
    Whether the security group itself will be added as a source to this egress rule.
    fromPort Integer
    Start port (or ICMP type number if protocol is icmp)
    protocol String
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort Integer
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks List<String>
    List of CIDR blocks.
    description String
    Description of this rule.
    ipv6CidrBlocks List<String>
    List of IPv6 CIDR blocks.
    prefixListIds List<String>
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups List<String>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self Boolean
    Whether the security group itself will be added as a source to this egress rule.
    fromPort number
    Start port (or ICMP type number if protocol is icmp)
    protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort number
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks string[]
    List of CIDR blocks.
    description string
    Description of this rule.
    ipv6CidrBlocks string[]
    List of IPv6 CIDR blocks.
    prefixListIds string[]
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups string[]
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self boolean
    Whether the security group itself will be added as a source to this egress rule.
    from_port int
    Start port (or ICMP type number if protocol is icmp)
    protocol str
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    to_port int
    End range port (or ICMP code if protocol is icmp).
    cidr_blocks Sequence[str]
    List of CIDR blocks.
    description str
    Description of this rule.
    ipv6_cidr_blocks Sequence[str]
    List of IPv6 CIDR blocks.
    prefix_list_ids Sequence[str]
    List of prefix list IDs (for allowing access to VPC endpoints)
    security_groups Sequence[str]
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self bool
    Whether the security group itself will be added as a source to this egress rule.
    fromPort Number
    Start port (or ICMP type number if protocol is icmp)
    protocol String
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort Number
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks List<String>
    List of CIDR blocks.
    description String
    Description of this rule.
    ipv6CidrBlocks List<String>
    List of IPv6 CIDR blocks.
    prefixListIds List<String>
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups List<String>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self Boolean
    Whether the security group itself will be added as a source to this egress rule.

    Import

    Using pulumi import, import Security Groups using the security group id. For example:

     $ pulumi import aws:ec2/defaultSecurityGroup:DefaultSecurityGroup default_sg sg-903004f8
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.24.0 published on Tuesday, Feb 27, 2024 by Pulumi