AWS Classic

v5.21.1 published on Thursday, Nov 17, 2022 by Pulumi

DefaultSecurityGroup

Provides a resource to manage a default security group. This resource can manage the default security group of the default or a non-default VPC.

NOTE: This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The aws.ec2.DefaultSecurityGroup resource behaves differently from normal resources. This provider does not create this resource but instead attempts to “adopt” it into management.

When the provider first begins managing the default security group, it immediately removes all ingress and egress rules in the Security Group. It then creates any rules specified in the configuration. This way only the rules specified in the configuration are created.

This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diff shown. For these reasons, this resource is incompatible with the aws.ec2.SecurityGroupRule resource.

For more information about default security groups, see the AWS documentation on [Default Security Groups][aws-default-security-groups]. To manage normal security groups, see the aws.ec2.SecurityGroup resource.

Example Usage

The following config gives the default security group the same rules that AWS provides by default but under management by this provider. This means that any ingress or egress rules added or changed will be detected as drift.

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
    {
        CidrBlock = "10.1.0.0/16",
    });

    var @default = new Aws.Ec2.DefaultSecurityGroup("default", new()
    {
        VpcId = mainvpc.Id,
        Ingress = new[]
        {
            new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
            {
                Protocol = "-1",
                Self = true,
                FromPort = 0,
                ToPort = 0,
            },
        },
        Egress = new[]
        {
            new Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs
            {
                FromPort = 0,
                ToPort = 0,
                Protocol = "-1",
                CidrBlocks = new[]
                {
                    "0.0.0.0/0",
                },
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
			CidrBlock: pulumi.String("10.1.0.0/16"),
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewDefaultSecurityGroup(ctx, "default", &ec2.DefaultSecurityGroupArgs{
			VpcId: mainvpc.ID(),
			Ingress: ec2.DefaultSecurityGroupIngressArray{
				&ec2.DefaultSecurityGroupIngressArgs{
					Protocol: pulumi.String("-1"),
					Self:     pulumi.Bool(true),
					FromPort: pulumi.Int(0),
					ToPort:   pulumi.Int(0),
				},
			},
			Egress: ec2.DefaultSecurityGroupEgressArray{
				&ec2.DefaultSecurityGroupEgressArgs{
					FromPort: pulumi.Int(0),
					ToPort:   pulumi.Int(0),
					Protocol: pulumi.String("-1"),
					CidrBlocks: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws as aws

mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
default = aws.ec2.DefaultSecurityGroup("default",
    vpc_id=mainvpc.id,
    ingress=[aws.ec2.DefaultSecurityGroupIngressArgs(
        protocol="-1",
        self=True,
        from_port=0,
        to_port=0,
    )],
    egress=[aws.ec2.DefaultSecurityGroupEgressArgs(
        from_port=0,
        to_port=0,
        protocol="-1",
        cidr_blocks=["0.0.0.0/0"],
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultSecurityGroup("default", {
    vpcId: mainvpc.id,
    ingress: [{
        protocol: "-1",
        self: true,
        fromPort: 0,
        toPort: 0,
    }],
    egress: [{
        fromPort: 0,
        toPort: 0,
        protocol: "-1",
        cidrBlocks: ["0.0.0.0/0"],
    }],
});

Coming soon!

Example Config To Deny All Egress Traffic, Allowing Ingress

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
    {
        CidrBlock = "10.1.0.0/16",
    });

    var @default = new Aws.Ec2.DefaultSecurityGroup("default", new()
    {
        VpcId = mainvpc.Id,
        Ingress = new[]
        {
            new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
            {
                Protocol = "-1",
                Self = true,
                FromPort = 0,
                ToPort = 0,
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
			CidrBlock: pulumi.String("10.1.0.0/16"),
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewDefaultSecurityGroup(ctx, "default", &ec2.DefaultSecurityGroupArgs{
			VpcId: mainvpc.ID(),
			Ingress: ec2.DefaultSecurityGroupIngressArray{
				&ec2.DefaultSecurityGroupIngressArgs{
					Protocol: pulumi.String("-1"),
					Self:     pulumi.Bool(true),
					FromPort: pulumi.Int(0),
					ToPort:   pulumi.Int(0),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws as aws

mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
default = aws.ec2.DefaultSecurityGroup("default",
    vpc_id=mainvpc.id,
    ingress=[aws.ec2.DefaultSecurityGroupIngressArgs(
        protocol="-1",
        self=True,
        from_port=0,
        to_port=0,
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultSecurityGroup("default", {
    vpcId: mainvpc.id,
    ingress: [{
        protocol: "-1",
        self: true,
        fromPort: 0,
        toPort: 0,
    }],
});

Coming soon!

Create DefaultSecurityGroup Resource

new DefaultSecurityGroup(name: string, args?: DefaultSecurityGroupArgs, opts?: CustomResourceOptions);
@overload
def DefaultSecurityGroup(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         egress: Optional[Sequence[DefaultSecurityGroupEgressArgs]] = None,
                         ingress: Optional[Sequence[DefaultSecurityGroupIngressArgs]] = None,
                         revoke_rules_on_delete: Optional[bool] = None,
                         tags: Optional[Mapping[str, str]] = None,
                         vpc_id: Optional[str] = None)
@overload
def DefaultSecurityGroup(resource_name: str,
                         args: Optional[DefaultSecurityGroupArgs] = None,
                         opts: Optional[ResourceOptions] = None)
func NewDefaultSecurityGroup(ctx *Context, name string, args *DefaultSecurityGroupArgs, opts ...ResourceOption) (*DefaultSecurityGroup, error)
public DefaultSecurityGroup(string name, DefaultSecurityGroupArgs? args = null, CustomResourceOptions? opts = null)
public DefaultSecurityGroup(String name, DefaultSecurityGroupArgs args)
public DefaultSecurityGroup(String name, DefaultSecurityGroupArgs args, CustomResourceOptions options)
type: aws:ec2:DefaultSecurityGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args DefaultSecurityGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args DefaultSecurityGroupArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args DefaultSecurityGroupArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args DefaultSecurityGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args DefaultSecurityGroupArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

DefaultSecurityGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The DefaultSecurityGroup resource accepts the following input properties:

Egress List<Pulumi.Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs>

Configuration block. Detailed below.

Ingress List<Pulumi.Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs>

Configuration block. Detailed below.

RevokeRulesOnDelete bool
Tags Dictionary<string, string>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

VpcId string

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

Egress []DefaultSecurityGroupEgressArgs

Configuration block. Detailed below.

Ingress []DefaultSecurityGroupIngressArgs

Configuration block. Detailed below.

RevokeRulesOnDelete bool
Tags map[string]string

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

VpcId string

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

egress List<DefaultSecurityGroupEgressArgs>

Configuration block. Detailed below.

ingress List<DefaultSecurityGroupIngressArgs>

Configuration block. Detailed below.

revokeRulesOnDelete Boolean
tags Map<String,String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcId String

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

egress DefaultSecurityGroupEgressArgs[]

Configuration block. Detailed below.

ingress DefaultSecurityGroupIngressArgs[]

Configuration block. Detailed below.

revokeRulesOnDelete boolean
tags {[key: string]: string}

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcId string

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

egress Sequence[DefaultSecurityGroupEgressArgs]

Configuration block. Detailed below.

ingress Sequence[DefaultSecurityGroupIngressArgs]

Configuration block. Detailed below.

revoke_rules_on_delete bool
tags Mapping[str, str]

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpc_id str

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

egress List<Property Map>

Configuration block. Detailed below.

ingress List<Property Map>

Configuration block. Detailed below.

revokeRulesOnDelete Boolean
tags Map<String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcId String

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

Outputs

All input properties are implicitly available as output properties. Additionally, the DefaultSecurityGroup resource produces the following output properties:

Arn string

ARN of the security group.

Description string

Description of this rule.

Id string

The provider-assigned unique ID for this managed resource.

Name string

Name of the security group.

NamePrefix string
OwnerId string

Owner ID.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Arn string

ARN of the security group.

Description string

Description of this rule.

Id string

The provider-assigned unique ID for this managed resource.

Name string

Name of the security group.

NamePrefix string
OwnerId string

Owner ID.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

ARN of the security group.

description String

Description of this rule.

id String

The provider-assigned unique ID for this managed resource.

name String

Name of the security group.

namePrefix String
ownerId String

Owner ID.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn string

ARN of the security group.

description string

Description of this rule.

id string

The provider-assigned unique ID for this managed resource.

name string

Name of the security group.

namePrefix string
ownerId string

Owner ID.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn str

ARN of the security group.

description str

Description of this rule.

id str

The provider-assigned unique ID for this managed resource.

name str

Name of the security group.

name_prefix str
owner_id str

Owner ID.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

ARN of the security group.

description String

Description of this rule.

id String

The provider-assigned unique ID for this managed resource.

name String

Name of the security group.

namePrefix String
ownerId String

Owner ID.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Look up Existing DefaultSecurityGroup Resource

Get an existing DefaultSecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DefaultSecurityGroupState, opts?: CustomResourceOptions): DefaultSecurityGroup
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        description: Optional[str] = None,
        egress: Optional[Sequence[DefaultSecurityGroupEgressArgs]] = None,
        ingress: Optional[Sequence[DefaultSecurityGroupIngressArgs]] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        owner_id: Optional[str] = None,
        revoke_rules_on_delete: Optional[bool] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        vpc_id: Optional[str] = None) -> DefaultSecurityGroup
func GetDefaultSecurityGroup(ctx *Context, name string, id IDInput, state *DefaultSecurityGroupState, opts ...ResourceOption) (*DefaultSecurityGroup, error)
public static DefaultSecurityGroup Get(string name, Input<string> id, DefaultSecurityGroupState? state, CustomResourceOptions? opts = null)
public static DefaultSecurityGroup get(String name, Output<String> id, DefaultSecurityGroupState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

ARN of the security group.

Description string

Description of this rule.

Egress List<Pulumi.Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs>

Configuration block. Detailed below.

Ingress List<Pulumi.Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs>

Configuration block. Detailed below.

Name string

Name of the security group.

NamePrefix string
OwnerId string

Owner ID.

RevokeRulesOnDelete bool
Tags Dictionary<string, string>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

VpcId string

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

Arn string

ARN of the security group.

Description string

Description of this rule.

Egress []DefaultSecurityGroupEgressArgs

Configuration block. Detailed below.

Ingress []DefaultSecurityGroupIngressArgs

Configuration block. Detailed below.

Name string

Name of the security group.

NamePrefix string
OwnerId string

Owner ID.

RevokeRulesOnDelete bool
Tags map[string]string

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

VpcId string

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

arn String

ARN of the security group.

description String

Description of this rule.

egress List<DefaultSecurityGroupEgressArgs>

Configuration block. Detailed below.

ingress List<DefaultSecurityGroupIngressArgs>

Configuration block. Detailed below.

name String

Name of the security group.

namePrefix String
ownerId String

Owner ID.

revokeRulesOnDelete Boolean
tags Map<String,String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpcId String

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

arn string

ARN of the security group.

description string

Description of this rule.

egress DefaultSecurityGroupEgressArgs[]

Configuration block. Detailed below.

ingress DefaultSecurityGroupIngressArgs[]

Configuration block. Detailed below.

name string

Name of the security group.

namePrefix string
ownerId string

Owner ID.

revokeRulesOnDelete boolean
tags {[key: string]: string}

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpcId string

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

arn str

ARN of the security group.

description str

Description of this rule.

egress Sequence[DefaultSecurityGroupEgressArgs]

Configuration block. Detailed below.

ingress Sequence[DefaultSecurityGroupIngressArgs]

Configuration block. Detailed below.

name str

Name of the security group.

name_prefix str
owner_id str

Owner ID.

revoke_rules_on_delete bool
tags Mapping[str, str]

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_id str

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

arn String

ARN of the security group.

description String

Description of this rule.

egress List<Property Map>

Configuration block. Detailed below.

ingress List<Property Map>

Configuration block. Detailed below.

name String

Name of the security group.

namePrefix String
ownerId String

Owner ID.

revokeRulesOnDelete Boolean
tags Map<String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpcId String

VPC ID. Note that changing the vpc_id will not restore any default security group rules that were modified, added, or removed. It will be left in its current state.

Supporting Types

DefaultSecurityGroupEgress

FromPort int

Start port (or ICMP type number if protocol is icmp)

Protocol string

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

ToPort int

End range port (or ICMP code if protocol is icmp).

CidrBlocks List<string>

List of CIDR blocks.

Description string

Description of this rule.

Ipv6CidrBlocks List<string>

List of IPv6 CIDR blocks.

PrefixListIds List<string>

List of prefix list IDs (for allowing access to VPC endpoints)

SecurityGroups List<string>

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

Self bool

Whether the security group itself will be added as a source to this egress rule.

FromPort int

Start port (or ICMP type number if protocol is icmp)

Protocol string

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

ToPort int

End range port (or ICMP code if protocol is icmp).

CidrBlocks []string

List of CIDR blocks.

Description string

Description of this rule.

Ipv6CidrBlocks []string

List of IPv6 CIDR blocks.

PrefixListIds []string

List of prefix list IDs (for allowing access to VPC endpoints)

SecurityGroups []string

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

Self bool

Whether the security group itself will be added as a source to this egress rule.

fromPort Integer

Start port (or ICMP type number if protocol is icmp)

protocol String

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

toPort Integer

End range port (or ICMP code if protocol is icmp).

cidrBlocks List<String>

List of CIDR blocks.

description String

Description of this rule.

ipv6CidrBlocks List<String>

List of IPv6 CIDR blocks.

prefixListIds List<String>

List of prefix list IDs (for allowing access to VPC endpoints)

securityGroups List<String>

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

self Boolean

Whether the security group itself will be added as a source to this egress rule.

fromPort number

Start port (or ICMP type number if protocol is icmp)

protocol string

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

toPort number

End range port (or ICMP code if protocol is icmp).

cidrBlocks string[]

List of CIDR blocks.

description string

Description of this rule.

ipv6CidrBlocks string[]

List of IPv6 CIDR blocks.

prefixListIds string[]

List of prefix list IDs (for allowing access to VPC endpoints)

securityGroups string[]

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

self boolean

Whether the security group itself will be added as a source to this egress rule.

from_port int

Start port (or ICMP type number if protocol is icmp)

protocol str

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

to_port int

End range port (or ICMP code if protocol is icmp).

cidr_blocks Sequence[str]

List of CIDR blocks.

description str

Description of this rule.

ipv6_cidr_blocks Sequence[str]

List of IPv6 CIDR blocks.

prefix_list_ids Sequence[str]

List of prefix list IDs (for allowing access to VPC endpoints)

security_groups Sequence[str]

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

self bool

Whether the security group itself will be added as a source to this egress rule.

fromPort Number

Start port (or ICMP type number if protocol is icmp)

protocol String

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

toPort Number

End range port (or ICMP code if protocol is icmp).

cidrBlocks List<String>

List of CIDR blocks.

description String

Description of this rule.

ipv6CidrBlocks List<String>

List of IPv6 CIDR blocks.

prefixListIds List<String>

List of prefix list IDs (for allowing access to VPC endpoints)

securityGroups List<String>

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

self Boolean

Whether the security group itself will be added as a source to this egress rule.

DefaultSecurityGroupIngress

FromPort int

Start port (or ICMP type number if protocol is icmp)

Protocol string

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

ToPort int

End range port (or ICMP code if protocol is icmp).

CidrBlocks List<string>

List of CIDR blocks.

Description string

Description of this rule.

Ipv6CidrBlocks List<string>

List of IPv6 CIDR blocks.

PrefixListIds List<string>

List of prefix list IDs (for allowing access to VPC endpoints)

SecurityGroups List<string>

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

Self bool

Whether the security group itself will be added as a source to this egress rule.

FromPort int

Start port (or ICMP type number if protocol is icmp)

Protocol string

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

ToPort int

End range port (or ICMP code if protocol is icmp).

CidrBlocks []string

List of CIDR blocks.

Description string

Description of this rule.

Ipv6CidrBlocks []string

List of IPv6 CIDR blocks.

PrefixListIds []string

List of prefix list IDs (for allowing access to VPC endpoints)

SecurityGroups []string

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

Self bool

Whether the security group itself will be added as a source to this egress rule.

fromPort Integer

Start port (or ICMP type number if protocol is icmp)

protocol String

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

toPort Integer

End range port (or ICMP code if protocol is icmp).

cidrBlocks List<String>

List of CIDR blocks.

description String

Description of this rule.

ipv6CidrBlocks List<String>

List of IPv6 CIDR blocks.

prefixListIds List<String>

List of prefix list IDs (for allowing access to VPC endpoints)

securityGroups List<String>

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

self Boolean

Whether the security group itself will be added as a source to this egress rule.

fromPort number

Start port (or ICMP type number if protocol is icmp)

protocol string

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

toPort number

End range port (or ICMP code if protocol is icmp).

cidrBlocks string[]

List of CIDR blocks.

description string

Description of this rule.

ipv6CidrBlocks string[]

List of IPv6 CIDR blocks.

prefixListIds string[]

List of prefix list IDs (for allowing access to VPC endpoints)

securityGroups string[]

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

self boolean

Whether the security group itself will be added as a source to this egress rule.

from_port int

Start port (or ICMP type number if protocol is icmp)

protocol str

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

to_port int

End range port (or ICMP code if protocol is icmp).

cidr_blocks Sequence[str]

List of CIDR blocks.

description str

Description of this rule.

ipv6_cidr_blocks Sequence[str]

List of IPv6 CIDR blocks.

prefix_list_ids Sequence[str]

List of prefix list IDs (for allowing access to VPC endpoints)

security_groups Sequence[str]

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

self bool

Whether the security group itself will be added as a source to this egress rule.

fromPort Number

Start port (or ICMP type number if protocol is icmp)

protocol String

Protocol. If you select a protocol of "-1" (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. If not icmp, tcp, udp, or -1 use the protocol number.

toPort Number

End range port (or ICMP code if protocol is icmp).

cidrBlocks List<String>

List of CIDR blocks.

description String

Description of this rule.

ipv6CidrBlocks List<String>

List of IPv6 CIDR blocks.

prefixListIds List<String>

List of prefix list IDs (for allowing access to VPC endpoints)

securityGroups List<String>

List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

self Boolean

Whether the security group itself will be added as a source to this egress rule.

Import

Security Groups can be imported using the security group id, e.g.,

 $ pulumi import aws:ec2/defaultSecurityGroup:DefaultSecurityGroup default_sg sg-903004f8

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.