1. Packages
  2. AWS
  3. API Docs
  4. ec2
  5. DefaultSecurityGroup
AWS v6.64.0 published on Friday, Dec 6, 2024 by Pulumi

aws.ec2.DefaultSecurityGroup

Explore with Pulumi AI

aws logo
AWS v6.64.0 published on Friday, Dec 6, 2024 by Pulumi

    Provides a resource to manage a default security group. This resource can manage the default security group of the default or a non-default VPC.

    NOTE: This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The aws.ec2.DefaultSecurityGroup resource behaves differently from normal resources. This provider does not create this resource but instead attempts to “adopt” it into management.

    When the provider first begins managing the default security group, it immediately removes all ingress and egress rules in the Security Group. It then creates any rules specified in the configuration. This way only the rules specified in the configuration are created.

    This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diff shown. For these reasons, this resource is incompatible with the aws.ec2.SecurityGroupRule resource.

    For more information about default security groups, see the AWS documentation on [Default Security Groups][aws-default-security-groups]. To manage normal security groups, see the aws.ec2.SecurityGroup resource.

    Example Usage

    The following config gives the default security group the same rules that AWS provides by default but under management by this provider. This means that any ingress or egress rules added or changed will be detected as drift.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
    const _default = new aws.ec2.DefaultSecurityGroup("default", {
        vpcId: mainvpc.id,
        ingress: [{
            protocol: "-1",
            self: true,
            fromPort: 0,
            toPort: 0,
        }],
        egress: [{
            fromPort: 0,
            toPort: 0,
            protocol: "-1",
            cidrBlocks: ["0.0.0.0/0"],
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
    default = aws.ec2.DefaultSecurityGroup("default",
        vpc_id=mainvpc.id,
        ingress=[{
            "protocol": "-1",
            "self": True,
            "from_port": 0,
            "to_port": 0,
        }],
        egress=[{
            "from_port": 0,
            "to_port": 0,
            "protocol": "-1",
            "cidr_blocks": ["0.0.0.0/0"],
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
    			CidrBlock: pulumi.String("10.1.0.0/16"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewDefaultSecurityGroup(ctx, "default", &ec2.DefaultSecurityGroupArgs{
    			VpcId: mainvpc.ID(),
    			Ingress: ec2.DefaultSecurityGroupIngressArray{
    				&ec2.DefaultSecurityGroupIngressArgs{
    					Protocol: pulumi.String("-1"),
    					Self:     pulumi.Bool(true),
    					FromPort: pulumi.Int(0),
    					ToPort:   pulumi.Int(0),
    				},
    			},
    			Egress: ec2.DefaultSecurityGroupEgressArray{
    				&ec2.DefaultSecurityGroupEgressArgs{
    					FromPort: pulumi.Int(0),
    					ToPort:   pulumi.Int(0),
    					Protocol: pulumi.String("-1"),
    					CidrBlocks: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
        {
            CidrBlock = "10.1.0.0/16",
        });
    
        var @default = new Aws.Ec2.DefaultSecurityGroup("default", new()
        {
            VpcId = mainvpc.Id,
            Ingress = new[]
            {
                new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
                {
                    Protocol = "-1",
                    Self = true,
                    FromPort = 0,
                    ToPort = 0,
                },
            },
            Egress = new[]
            {
                new Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs
                {
                    FromPort = 0,
                    ToPort = 0,
                    Protocol = "-1",
                    CidrBlocks = new[]
                    {
                        "0.0.0.0/0",
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.Vpc;
    import com.pulumi.aws.ec2.VpcArgs;
    import com.pulumi.aws.ec2.DefaultSecurityGroup;
    import com.pulumi.aws.ec2.DefaultSecurityGroupArgs;
    import com.pulumi.aws.ec2.inputs.DefaultSecurityGroupIngressArgs;
    import com.pulumi.aws.ec2.inputs.DefaultSecurityGroupEgressArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var mainvpc = new Vpc("mainvpc", VpcArgs.builder()
                .cidrBlock("10.1.0.0/16")
                .build());
    
            var default_ = new DefaultSecurityGroup("default", DefaultSecurityGroupArgs.builder()
                .vpcId(mainvpc.id())
                .ingress(DefaultSecurityGroupIngressArgs.builder()
                    .protocol(-1)
                    .self(true)
                    .fromPort(0)
                    .toPort(0)
                    .build())
                .egress(DefaultSecurityGroupEgressArgs.builder()
                    .fromPort(0)
                    .toPort(0)
                    .protocol("-1")
                    .cidrBlocks("0.0.0.0/0")
                    .build())
                .build());
    
        }
    }
    
    resources:
      mainvpc:
        type: aws:ec2:Vpc
        properties:
          cidrBlock: 10.1.0.0/16
      default:
        type: aws:ec2:DefaultSecurityGroup
        properties:
          vpcId: ${mainvpc.id}
          ingress:
            - protocol: -1
              self: true
              fromPort: 0
              toPort: 0
          egress:
            - fromPort: 0
              toPort: 0
              protocol: '-1'
              cidrBlocks:
                - 0.0.0.0/0
    

    Example Config To Deny All Egress Traffic, Allowing Ingress

    The following denies all Egress traffic by omitting any egress rules, while including the default ingress rule to allow all traffic.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
    const _default = new aws.ec2.DefaultSecurityGroup("default", {
        vpcId: mainvpc.id,
        ingress: [{
            protocol: "-1",
            self: true,
            fromPort: 0,
            toPort: 0,
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
    default = aws.ec2.DefaultSecurityGroup("default",
        vpc_id=mainvpc.id,
        ingress=[{
            "protocol": "-1",
            "self": True,
            "from_port": 0,
            "to_port": 0,
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
    			CidrBlock: pulumi.String("10.1.0.0/16"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewDefaultSecurityGroup(ctx, "default", &ec2.DefaultSecurityGroupArgs{
    			VpcId: mainvpc.ID(),
    			Ingress: ec2.DefaultSecurityGroupIngressArray{
    				&ec2.DefaultSecurityGroupIngressArgs{
    					Protocol: pulumi.String("-1"),
    					Self:     pulumi.Bool(true),
    					FromPort: pulumi.Int(0),
    					ToPort:   pulumi.Int(0),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
        {
            CidrBlock = "10.1.0.0/16",
        });
    
        var @default = new Aws.Ec2.DefaultSecurityGroup("default", new()
        {
            VpcId = mainvpc.Id,
            Ingress = new[]
            {
                new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
                {
                    Protocol = "-1",
                    Self = true,
                    FromPort = 0,
                    ToPort = 0,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.Vpc;
    import com.pulumi.aws.ec2.VpcArgs;
    import com.pulumi.aws.ec2.DefaultSecurityGroup;
    import com.pulumi.aws.ec2.DefaultSecurityGroupArgs;
    import com.pulumi.aws.ec2.inputs.DefaultSecurityGroupIngressArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var mainvpc = new Vpc("mainvpc", VpcArgs.builder()
                .cidrBlock("10.1.0.0/16")
                .build());
    
            var default_ = new DefaultSecurityGroup("default", DefaultSecurityGroupArgs.builder()
                .vpcId(mainvpc.id())
                .ingress(DefaultSecurityGroupIngressArgs.builder()
                    .protocol(-1)
                    .self(true)
                    .fromPort(0)
                    .toPort(0)
                    .build())
                .build());
    
        }
    }
    
    resources:
      mainvpc:
        type: aws:ec2:Vpc
        properties:
          cidrBlock: 10.1.0.0/16
      default:
        type: aws:ec2:DefaultSecurityGroup
        properties:
          vpcId: ${mainvpc.id}
          ingress:
            - protocol: -1
              self: true
              fromPort: 0
              toPort: 0
    

    Removing aws.ec2.DefaultSecurityGroup From Your Configuration

    Removing this resource from your configuration will remove it from your statefile and management, but will not destroy the Security Group. All ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console.

    Create DefaultSecurityGroup Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DefaultSecurityGroup(name: string, args?: DefaultSecurityGroupArgs, opts?: CustomResourceOptions);
    @overload
    def DefaultSecurityGroup(resource_name: str,
                             args: Optional[DefaultSecurityGroupArgs] = None,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def DefaultSecurityGroup(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             egress: Optional[Sequence[DefaultSecurityGroupEgressArgs]] = None,
                             ingress: Optional[Sequence[DefaultSecurityGroupIngressArgs]] = None,
                             revoke_rules_on_delete: Optional[bool] = None,
                             tags: Optional[Mapping[str, str]] = None,
                             vpc_id: Optional[str] = None)
    func NewDefaultSecurityGroup(ctx *Context, name string, args *DefaultSecurityGroupArgs, opts ...ResourceOption) (*DefaultSecurityGroup, error)
    public DefaultSecurityGroup(string name, DefaultSecurityGroupArgs? args = null, CustomResourceOptions? opts = null)
    public DefaultSecurityGroup(String name, DefaultSecurityGroupArgs args)
    public DefaultSecurityGroup(String name, DefaultSecurityGroupArgs args, CustomResourceOptions options)
    
    type: aws:ec2:DefaultSecurityGroup
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DefaultSecurityGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DefaultSecurityGroupArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DefaultSecurityGroupArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DefaultSecurityGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DefaultSecurityGroupArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var defaultSecurityGroupResource = new Aws.Ec2.DefaultSecurityGroup("defaultSecurityGroupResource", new()
    {
        Egress = new[]
        {
            new Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs
            {
                FromPort = 0,
                Protocol = "string",
                ToPort = 0,
                CidrBlocks = new[]
                {
                    "string",
                },
                Description = "string",
                Ipv6CidrBlocks = new[]
                {
                    "string",
                },
                PrefixListIds = new[]
                {
                    "string",
                },
                SecurityGroups = new[]
                {
                    "string",
                },
                Self = false,
            },
        },
        Ingress = new[]
        {
            new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
            {
                FromPort = 0,
                Protocol = "string",
                ToPort = 0,
                CidrBlocks = new[]
                {
                    "string",
                },
                Description = "string",
                Ipv6CidrBlocks = new[]
                {
                    "string",
                },
                PrefixListIds = new[]
                {
                    "string",
                },
                SecurityGroups = new[]
                {
                    "string",
                },
                Self = false,
            },
        },
        RevokeRulesOnDelete = false,
        Tags = 
        {
            { "string", "string" },
        },
        VpcId = "string",
    });
    
    example, err := ec2.NewDefaultSecurityGroup(ctx, "defaultSecurityGroupResource", &ec2.DefaultSecurityGroupArgs{
    	Egress: ec2.DefaultSecurityGroupEgressArray{
    		&ec2.DefaultSecurityGroupEgressArgs{
    			FromPort: pulumi.Int(0),
    			Protocol: pulumi.String("string"),
    			ToPort:   pulumi.Int(0),
    			CidrBlocks: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Description: pulumi.String("string"),
    			Ipv6CidrBlocks: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			PrefixListIds: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			SecurityGroups: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Self: pulumi.Bool(false),
    		},
    	},
    	Ingress: ec2.DefaultSecurityGroupIngressArray{
    		&ec2.DefaultSecurityGroupIngressArgs{
    			FromPort: pulumi.Int(0),
    			Protocol: pulumi.String("string"),
    			ToPort:   pulumi.Int(0),
    			CidrBlocks: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Description: pulumi.String("string"),
    			Ipv6CidrBlocks: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			PrefixListIds: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			SecurityGroups: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Self: pulumi.Bool(false),
    		},
    	},
    	RevokeRulesOnDelete: pulumi.Bool(false),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	VpcId: pulumi.String("string"),
    })
    
    var defaultSecurityGroupResource = new DefaultSecurityGroup("defaultSecurityGroupResource", DefaultSecurityGroupArgs.builder()
        .egress(DefaultSecurityGroupEgressArgs.builder()
            .fromPort(0)
            .protocol("string")
            .toPort(0)
            .cidrBlocks("string")
            .description("string")
            .ipv6CidrBlocks("string")
            .prefixListIds("string")
            .securityGroups("string")
            .self(false)
            .build())
        .ingress(DefaultSecurityGroupIngressArgs.builder()
            .fromPort(0)
            .protocol("string")
            .toPort(0)
            .cidrBlocks("string")
            .description("string")
            .ipv6CidrBlocks("string")
            .prefixListIds("string")
            .securityGroups("string")
            .self(false)
            .build())
        .revokeRulesOnDelete(false)
        .tags(Map.of("string", "string"))
        .vpcId("string")
        .build());
    
    default_security_group_resource = aws.ec2.DefaultSecurityGroup("defaultSecurityGroupResource",
        egress=[{
            "from_port": 0,
            "protocol": "string",
            "to_port": 0,
            "cidr_blocks": ["string"],
            "description": "string",
            "ipv6_cidr_blocks": ["string"],
            "prefix_list_ids": ["string"],
            "security_groups": ["string"],
            "self": False,
        }],
        ingress=[{
            "from_port": 0,
            "protocol": "string",
            "to_port": 0,
            "cidr_blocks": ["string"],
            "description": "string",
            "ipv6_cidr_blocks": ["string"],
            "prefix_list_ids": ["string"],
            "security_groups": ["string"],
            "self": False,
        }],
        revoke_rules_on_delete=False,
        tags={
            "string": "string",
        },
        vpc_id="string")
    
    const defaultSecurityGroupResource = new aws.ec2.DefaultSecurityGroup("defaultSecurityGroupResource", {
        egress: [{
            fromPort: 0,
            protocol: "string",
            toPort: 0,
            cidrBlocks: ["string"],
            description: "string",
            ipv6CidrBlocks: ["string"],
            prefixListIds: ["string"],
            securityGroups: ["string"],
            self: false,
        }],
        ingress: [{
            fromPort: 0,
            protocol: "string",
            toPort: 0,
            cidrBlocks: ["string"],
            description: "string",
            ipv6CidrBlocks: ["string"],
            prefixListIds: ["string"],
            securityGroups: ["string"],
            self: false,
        }],
        revokeRulesOnDelete: false,
        tags: {
            string: "string",
        },
        vpcId: "string",
    });
    
    type: aws:ec2:DefaultSecurityGroup
    properties:
        egress:
            - cidrBlocks:
                - string
              description: string
              fromPort: 0
              ipv6CidrBlocks:
                - string
              prefixListIds:
                - string
              protocol: string
              securityGroups:
                - string
              self: false
              toPort: 0
        ingress:
            - cidrBlocks:
                - string
              description: string
              fromPort: 0
              ipv6CidrBlocks:
                - string
              prefixListIds:
                - string
              protocol: string
              securityGroups:
                - string
              self: false
              toPort: 0
        revokeRulesOnDelete: false
        tags:
            string: string
        vpcId: string
    

    DefaultSecurityGroup Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The DefaultSecurityGroup resource accepts the following input properties:

    Egress List<DefaultSecurityGroupEgress>
    Configuration block. Detailed below.
    Ingress List<DefaultSecurityGroupIngress>
    Configuration block. Detailed below.
    RevokeRulesOnDelete bool
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    VpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    Egress []DefaultSecurityGroupEgressArgs
    Configuration block. Detailed below.
    Ingress []DefaultSecurityGroupIngressArgs
    Configuration block. Detailed below.
    RevokeRulesOnDelete bool
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    VpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    egress List<DefaultSecurityGroupEgress>
    Configuration block. Detailed below.
    ingress List<DefaultSecurityGroupIngress>
    Configuration block. Detailed below.
    revokeRulesOnDelete Boolean
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpcId String
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    egress DefaultSecurityGroupEgress[]
    Configuration block. Detailed below.
    ingress DefaultSecurityGroupIngress[]
    Configuration block. Detailed below.
    revokeRulesOnDelete boolean
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    egress Sequence[DefaultSecurityGroupEgressArgs]
    Configuration block. Detailed below.
    ingress Sequence[DefaultSecurityGroupIngressArgs]
    Configuration block. Detailed below.
    revoke_rules_on_delete bool
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpc_id str
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    egress List<Property Map>
    Configuration block. Detailed below.
    ingress List<Property Map>
    Configuration block. Detailed below.
    revokeRulesOnDelete Boolean
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    vpcId String
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DefaultSecurityGroup resource produces the following output properties:

    Arn string
    ARN of the security group.
    Description string
    Description of the security group.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Name of the security group.
    NamePrefix string
    OwnerId string
    Owner ID.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Arn string
    ARN of the security group.
    Description string
    Description of the security group.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Name of the security group.
    NamePrefix string
    OwnerId string
    Owner ID.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    ARN of the security group.
    description String
    Description of the security group.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Name of the security group.
    namePrefix String
    ownerId String
    Owner ID.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn string
    ARN of the security group.
    description string
    Description of the security group.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    Name of the security group.
    namePrefix string
    ownerId string
    Owner ID.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn str
    ARN of the security group.
    description str
    Description of the security group.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    Name of the security group.
    name_prefix str
    owner_id str
    Owner ID.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    ARN of the security group.
    description String
    Description of the security group.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Name of the security group.
    namePrefix String
    ownerId String
    Owner ID.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Look up Existing DefaultSecurityGroup Resource

    Get an existing DefaultSecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DefaultSecurityGroupState, opts?: CustomResourceOptions): DefaultSecurityGroup
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            description: Optional[str] = None,
            egress: Optional[Sequence[DefaultSecurityGroupEgressArgs]] = None,
            ingress: Optional[Sequence[DefaultSecurityGroupIngressArgs]] = None,
            name: Optional[str] = None,
            name_prefix: Optional[str] = None,
            owner_id: Optional[str] = None,
            revoke_rules_on_delete: Optional[bool] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            vpc_id: Optional[str] = None) -> DefaultSecurityGroup
    func GetDefaultSecurityGroup(ctx *Context, name string, id IDInput, state *DefaultSecurityGroupState, opts ...ResourceOption) (*DefaultSecurityGroup, error)
    public static DefaultSecurityGroup Get(string name, Input<string> id, DefaultSecurityGroupState? state, CustomResourceOptions? opts = null)
    public static DefaultSecurityGroup get(String name, Output<String> id, DefaultSecurityGroupState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    ARN of the security group.
    Description string
    Description of the security group.
    Egress List<DefaultSecurityGroupEgress>
    Configuration block. Detailed below.
    Ingress List<DefaultSecurityGroupIngress>
    Configuration block. Detailed below.
    Name string
    Name of the security group.
    NamePrefix string
    OwnerId string
    Owner ID.
    RevokeRulesOnDelete bool
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    VpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    Arn string
    ARN of the security group.
    Description string
    Description of the security group.
    Egress []DefaultSecurityGroupEgressArgs
    Configuration block. Detailed below.
    Ingress []DefaultSecurityGroupIngressArgs
    Configuration block. Detailed below.
    Name string
    Name of the security group.
    NamePrefix string
    OwnerId string
    Owner ID.
    RevokeRulesOnDelete bool
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    VpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    arn String
    ARN of the security group.
    description String
    Description of the security group.
    egress List<DefaultSecurityGroupEgress>
    Configuration block. Detailed below.
    ingress List<DefaultSecurityGroupIngress>
    Configuration block. Detailed below.
    name String
    Name of the security group.
    namePrefix String
    ownerId String
    Owner ID.
    revokeRulesOnDelete Boolean
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcId String
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    arn string
    ARN of the security group.
    description string
    Description of the security group.
    egress DefaultSecurityGroupEgress[]
    Configuration block. Detailed below.
    ingress DefaultSecurityGroupIngress[]
    Configuration block. Detailed below.
    name string
    Name of the security group.
    namePrefix string
    ownerId string
    Owner ID.
    revokeRulesOnDelete boolean
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcId string
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    arn str
    ARN of the security group.
    description str
    Description of the security group.
    egress Sequence[DefaultSecurityGroupEgressArgs]
    Configuration block. Detailed below.
    ingress Sequence[DefaultSecurityGroupIngressArgs]
    Configuration block. Detailed below.
    name str
    Name of the security group.
    name_prefix str
    owner_id str
    Owner ID.
    revoke_rules_on_delete bool
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpc_id str
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
    arn String
    ARN of the security group.
    description String
    Description of the security group.
    egress List<Property Map>
    Configuration block. Detailed below.
    ingress List<Property Map>
    Configuration block. Detailed below.
    name String
    Name of the security group.
    namePrefix String
    ownerId String
    Owner ID.
    revokeRulesOnDelete Boolean
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcId String
    VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

    Supporting Types

    DefaultSecurityGroupEgress, DefaultSecurityGroupEgressArgs

    FromPort int
    Start port (or ICMP type number if protocol is icmp)
    Protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    ToPort int
    End range port (or ICMP code if protocol is icmp).
    CidrBlocks List<string>
    List of CIDR blocks.
    Description string
    Description of this rule.
    Ipv6CidrBlocks List<string>
    List of IPv6 CIDR blocks.
    PrefixListIds List<string>
    List of prefix list IDs (for allowing access to VPC endpoints)
    SecurityGroups List<string>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    Self bool
    Whether the security group itself will be added as a source to this egress rule.
    FromPort int
    Start port (or ICMP type number if protocol is icmp)
    Protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    ToPort int
    End range port (or ICMP code if protocol is icmp).
    CidrBlocks []string
    List of CIDR blocks.
    Description string
    Description of this rule.
    Ipv6CidrBlocks []string
    List of IPv6 CIDR blocks.
    PrefixListIds []string
    List of prefix list IDs (for allowing access to VPC endpoints)
    SecurityGroups []string
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    Self bool
    Whether the security group itself will be added as a source to this egress rule.
    fromPort Integer
    Start port (or ICMP type number if protocol is icmp)
    protocol String
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort Integer
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks List<String>
    List of CIDR blocks.
    description String
    Description of this rule.
    ipv6CidrBlocks List<String>
    List of IPv6 CIDR blocks.
    prefixListIds List<String>
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups List<String>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self Boolean
    Whether the security group itself will be added as a source to this egress rule.
    fromPort number
    Start port (or ICMP type number if protocol is icmp)
    protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort number
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks string[]
    List of CIDR blocks.
    description string
    Description of this rule.
    ipv6CidrBlocks string[]
    List of IPv6 CIDR blocks.
    prefixListIds string[]
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups string[]
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self boolean
    Whether the security group itself will be added as a source to this egress rule.
    from_port int
    Start port (or ICMP type number if protocol is icmp)
    protocol str
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    to_port int
    End range port (or ICMP code if protocol is icmp).
    cidr_blocks Sequence[str]
    List of CIDR blocks.
    description str
    Description of this rule.
    ipv6_cidr_blocks Sequence[str]
    List of IPv6 CIDR blocks.
    prefix_list_ids Sequence[str]
    List of prefix list IDs (for allowing access to VPC endpoints)
    security_groups Sequence[str]
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self bool
    Whether the security group itself will be added as a source to this egress rule.
    fromPort Number
    Start port (or ICMP type number if protocol is icmp)
    protocol String
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort Number
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks List<String>
    List of CIDR blocks.
    description String
    Description of this rule.
    ipv6CidrBlocks List<String>
    List of IPv6 CIDR blocks.
    prefixListIds List<String>
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups List<String>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self Boolean
    Whether the security group itself will be added as a source to this egress rule.

    DefaultSecurityGroupIngress, DefaultSecurityGroupIngressArgs

    FromPort int
    Start port (or ICMP type number if protocol is icmp)
    Protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    ToPort int
    End range port (or ICMP code if protocol is icmp).
    CidrBlocks List<string>
    List of CIDR blocks.
    Description string
    Description of the security group.
    Ipv6CidrBlocks List<string>
    List of IPv6 CIDR blocks.
    PrefixListIds List<string>
    List of prefix list IDs (for allowing access to VPC endpoints)
    SecurityGroups List<string>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    Self bool
    Whether the security group itself will be added as a source to this egress rule.
    FromPort int
    Start port (or ICMP type number if protocol is icmp)
    Protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    ToPort int
    End range port (or ICMP code if protocol is icmp).
    CidrBlocks []string
    List of CIDR blocks.
    Description string
    Description of the security group.
    Ipv6CidrBlocks []string
    List of IPv6 CIDR blocks.
    PrefixListIds []string
    List of prefix list IDs (for allowing access to VPC endpoints)
    SecurityGroups []string
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    Self bool
    Whether the security group itself will be added as a source to this egress rule.
    fromPort Integer
    Start port (or ICMP type number if protocol is icmp)
    protocol String
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort Integer
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks List<String>
    List of CIDR blocks.
    description String
    Description of the security group.
    ipv6CidrBlocks List<String>
    List of IPv6 CIDR blocks.
    prefixListIds List<String>
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups List<String>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self Boolean
    Whether the security group itself will be added as a source to this egress rule.
    fromPort number
    Start port (or ICMP type number if protocol is icmp)
    protocol string
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort number
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks string[]
    List of CIDR blocks.
    description string
    Description of the security group.
    ipv6CidrBlocks string[]
    List of IPv6 CIDR blocks.
    prefixListIds string[]
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups string[]
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self boolean
    Whether the security group itself will be added as a source to this egress rule.
    from_port int
    Start port (or ICMP type number if protocol is icmp)
    protocol str
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    to_port int
    End range port (or ICMP code if protocol is icmp).
    cidr_blocks Sequence[str]
    List of CIDR blocks.
    description str
    Description of the security group.
    ipv6_cidr_blocks Sequence[str]
    List of IPv6 CIDR blocks.
    prefix_list_ids Sequence[str]
    List of prefix list IDs (for allowing access to VPC endpoints)
    security_groups Sequence[str]
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self bool
    Whether the security group itself will be added as a source to this egress rule.
    fromPort Number
    Start port (or ICMP type number if protocol is icmp)
    protocol String
    Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.
    toPort Number
    End range port (or ICMP code if protocol is icmp).
    cidrBlocks List<String>
    List of CIDR blocks.
    description String
    Description of the security group.
    ipv6CidrBlocks List<String>
    List of IPv6 CIDR blocks.
    prefixListIds List<String>
    List of prefix list IDs (for allowing access to VPC endpoints)
    securityGroups List<String>
    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
    self Boolean
    Whether the security group itself will be added as a source to this egress rule.

    Import

    Using pulumi import, import Security Groups using the security group id. For example:

    $ pulumi import aws:ec2/defaultSecurityGroup:DefaultSecurityGroup default_sg sg-903004f8
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.64.0 published on Friday, Dec 6, 2024 by Pulumi