1. Packages
  2. AWS Classic
  3. API Docs
  4. ec2
  5. SecurityGroup

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.12.3 published on Thursday, Nov 30, 2023 by Pulumi

aws.ec2.SecurityGroup

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.12.3 published on Thursday, Nov 30, 2023 by Pulumi

    Provides a security group resource.

    NOTE on Security Groups and Security Group Rules: This provider currently provides a Security Group resource with ingress and egress rules defined in-line and a Security Group Rule resource which manages one or more ingress or egress rules. Both of these resource were added before AWS assigned a security group rule unique ID, and they do not work well in all scenarios using thedescription and tags attributes, which rely on the unique ID. The aws.vpc.SecurityGroupEgressRule and aws.vpc.SecurityGroupIngressRule resources have been added to address these limitations and should be used for all new security group rules. You should not use the aws.vpc.SecurityGroupEgressRule and aws.vpc.SecurityGroupIngressRule resources in conjunction with an aws.ec2.SecurityGroup resource with in-line rules or with aws.ec2.SecurityGroupRule resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.

    NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.

    NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.

    NOTE: The cidr_blocks and ipv6_cidr_blocks parameters are optional in the ingress and egress blocks. If nothing is specified, traffic will be blocked as described in NOTE on Egress rules later.

    Example Usage

    Basic Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var allowTls = new Aws.Ec2.SecurityGroup("allowTls", new()
        {
            Description = "Allow TLS inbound traffic",
            VpcId = aws_vpc.Main.Id,
            Ingress = new[]
            {
                new Aws.Ec2.Inputs.SecurityGroupIngressArgs
                {
                    Description = "TLS from VPC",
                    FromPort = 443,
                    ToPort = 443,
                    Protocol = "tcp",
                    CidrBlocks = new[]
                    {
                        aws_vpc.Main.Cidr_block,
                    },
                    Ipv6CidrBlocks = new[]
                    {
                        aws_vpc.Main.Ipv6_cidr_block,
                    },
                },
            },
            Egress = new[]
            {
                new Aws.Ec2.Inputs.SecurityGroupEgressArgs
                {
                    FromPort = 0,
                    ToPort = 0,
                    Protocol = "-1",
                    CidrBlocks = new[]
                    {
                        "0.0.0.0/0",
                    },
                    Ipv6CidrBlocks = new[]
                    {
                        "::/0",
                    },
                },
            },
            Tags = 
            {
                { "Name", "allow_tls" },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ec2.NewSecurityGroup(ctx, "allowTls", &ec2.SecurityGroupArgs{
    			Description: pulumi.String("Allow TLS inbound traffic"),
    			VpcId:       pulumi.Any(aws_vpc.Main.Id),
    			Ingress: ec2.SecurityGroupIngressArray{
    				&ec2.SecurityGroupIngressArgs{
    					Description: pulumi.String("TLS from VPC"),
    					FromPort:    pulumi.Int(443),
    					ToPort:      pulumi.Int(443),
    					Protocol:    pulumi.String("tcp"),
    					CidrBlocks: pulumi.StringArray{
    						aws_vpc.Main.Cidr_block,
    					},
    					Ipv6CidrBlocks: pulumi.StringArray{
    						aws_vpc.Main.Ipv6_cidr_block,
    					},
    				},
    			},
    			Egress: ec2.SecurityGroupEgressArray{
    				&ec2.SecurityGroupEgressArgs{
    					FromPort: pulumi.Int(0),
    					ToPort:   pulumi.Int(0),
    					Protocol: pulumi.String("-1"),
    					CidrBlocks: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    					},
    					Ipv6CidrBlocks: pulumi.StringArray{
    						pulumi.String("::/0"),
    					},
    				},
    			},
    			Tags: pulumi.StringMap{
    				"Name": pulumi.String("allow_tls"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.SecurityGroup;
    import com.pulumi.aws.ec2.SecurityGroupArgs;
    import com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;
    import com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var allowTls = new SecurityGroup("allowTls", SecurityGroupArgs.builder()        
                .description("Allow TLS inbound traffic")
                .vpcId(aws_vpc.main().id())
                .ingress(SecurityGroupIngressArgs.builder()
                    .description("TLS from VPC")
                    .fromPort(443)
                    .toPort(443)
                    .protocol("tcp")
                    .cidrBlocks(aws_vpc.main().cidr_block())
                    .ipv6CidrBlocks(aws_vpc.main().ipv6_cidr_block())
                    .build())
                .egress(SecurityGroupEgressArgs.builder()
                    .fromPort(0)
                    .toPort(0)
                    .protocol("-1")
                    .cidrBlocks("0.0.0.0/0")
                    .ipv6CidrBlocks("::/0")
                    .build())
                .tags(Map.of("Name", "allow_tls"))
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    allow_tls = aws.ec2.SecurityGroup("allowTls",
        description="Allow TLS inbound traffic",
        vpc_id=aws_vpc["main"]["id"],
        ingress=[aws.ec2.SecurityGroupIngressArgs(
            description="TLS from VPC",
            from_port=443,
            to_port=443,
            protocol="tcp",
            cidr_blocks=[aws_vpc["main"]["cidr_block"]],
            ipv6_cidr_blocks=[aws_vpc["main"]["ipv6_cidr_block"]],
        )],
        egress=[aws.ec2.SecurityGroupEgressArgs(
            from_port=0,
            to_port=0,
            protocol="-1",
            cidr_blocks=["0.0.0.0/0"],
            ipv6_cidr_blocks=["::/0"],
        )],
        tags={
            "Name": "allow_tls",
        })
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const allowTls = new aws.ec2.SecurityGroup("allowTls", {
        description: "Allow TLS inbound traffic",
        vpcId: aws_vpc.main.id,
        ingress: [{
            description: "TLS from VPC",
            fromPort: 443,
            toPort: 443,
            protocol: "tcp",
            cidrBlocks: [aws_vpc.main.cidr_block],
            ipv6CidrBlocks: [aws_vpc.main.ipv6_cidr_block],
        }],
        egress: [{
            fromPort: 0,
            toPort: 0,
            protocol: "-1",
            cidrBlocks: ["0.0.0.0/0"],
            ipv6CidrBlocks: ["::/0"],
        }],
        tags: {
            Name: "allow_tls",
        },
    });
    
    resources:
      allowTls:
        type: aws:ec2:SecurityGroup
        properties:
          description: Allow TLS inbound traffic
          vpcId: ${aws_vpc.main.id}
          ingress:
            - description: TLS from VPC
              fromPort: 443
              toPort: 443
              protocol: tcp
              cidrBlocks:
                - ${aws_vpc.main.cidr_block}
              ipv6CidrBlocks:
                - ${aws_vpc.main.ipv6_cidr_block}
          egress:
            - fromPort: 0
              toPort: 0
              protocol: '-1'
              cidrBlocks:
                - 0.0.0.0/0
              ipv6CidrBlocks:
                - ::/0
          tags:
            Name: allow_tls
    

    block

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Ec2.SecurityGroup("example", new()
        {
            Egress = new[]
            {
                new Aws.Ec2.Inputs.SecurityGroupEgressArgs
                {
                    CidrBlocks = new[]
                    {
                        "0.0.0.0/0",
                    },
                    FromPort = 0,
                    Ipv6CidrBlocks = new[]
                    {
                        "::/0",
                    },
                    Protocol = "-1",
                    ToPort = 0,
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{
    			Egress: ec2.SecurityGroupEgressArray{
    				&ec2.SecurityGroupEgressArgs{
    					CidrBlocks: pulumi.StringArray{
    						pulumi.String("0.0.0.0/0"),
    					},
    					FromPort: pulumi.Int(0),
    					Ipv6CidrBlocks: pulumi.StringArray{
    						pulumi.String("::/0"),
    					},
    					Protocol: pulumi.String("-1"),
    					ToPort:   pulumi.Int(0),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.SecurityGroup;
    import com.pulumi.aws.ec2.SecurityGroupArgs;
    import com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new SecurityGroup("example", SecurityGroupArgs.builder()        
                .egress(SecurityGroupEgressArgs.builder()
                    .cidrBlocks("0.0.0.0/0")
                    .fromPort(0)
                    .ipv6CidrBlocks("::/0")
                    .protocol("-1")
                    .toPort(0)
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.ec2.SecurityGroup("example", egress=[aws.ec2.SecurityGroupEgressArgs(
        cidr_blocks=["0.0.0.0/0"],
        from_port=0,
        ipv6_cidr_blocks=["::/0"],
        protocol="-1",
        to_port=0,
    )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.ec2.SecurityGroup("example", {egress: [{
        cidrBlocks: ["0.0.0.0/0"],
        fromPort: 0,
        ipv6CidrBlocks: ["::/0"],
        protocol: "-1",
        toPort: 0,
    }]});
    
    resources:
      example:
        type: aws:ec2:SecurityGroup
        properties:
          egress:
            - cidrBlocks:
                - 0.0.0.0/0
              fromPort: 0
              ipv6CidrBlocks:
                - ::/0
              protocol: '-1'
              toPort: 0
    

    Usage With Prefix List IDs

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var myEndpoint = new Aws.Ec2.VpcEndpoint("myEndpoint");
    
        // ... other configuration ...
        // ... other configuration ...
        var example = new Aws.Ec2.SecurityGroup("example", new()
        {
            Egress = new[]
            {
                new Aws.Ec2.Inputs.SecurityGroupEgressArgs
                {
                    FromPort = 0,
                    ToPort = 0,
                    Protocol = "-1",
                    PrefixListIds = new[]
                    {
                        myEndpoint.PrefixListId,
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		myEndpoint, err := ec2.NewVpcEndpoint(ctx, "myEndpoint", nil)
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{
    			Egress: ec2.SecurityGroupEgressArray{
    				&ec2.SecurityGroupEgressArgs{
    					FromPort: pulumi.Int(0),
    					ToPort:   pulumi.Int(0),
    					Protocol: pulumi.String("-1"),
    					PrefixListIds: pulumi.StringArray{
    						myEndpoint.PrefixListId,
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.VpcEndpoint;
    import com.pulumi.aws.ec2.SecurityGroup;
    import com.pulumi.aws.ec2.SecurityGroupArgs;
    import com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var myEndpoint = new VpcEndpoint("myEndpoint");
    
            var example = new SecurityGroup("example", SecurityGroupArgs.builder()        
                .egress(SecurityGroupEgressArgs.builder()
                    .fromPort(0)
                    .toPort(0)
                    .protocol("-1")
                    .prefixListIds(myEndpoint.prefixListId())
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    my_endpoint = aws.ec2.VpcEndpoint("myEndpoint")
    # ... other configuration ...
    # ... other configuration ...
    example = aws.ec2.SecurityGroup("example", egress=[aws.ec2.SecurityGroupEgressArgs(
        from_port=0,
        to_port=0,
        protocol="-1",
        prefix_list_ids=[my_endpoint.prefix_list_id],
    )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const myEndpoint = new aws.ec2.VpcEndpoint("myEndpoint", {});
    // ... other configuration ...
    // ... other configuration ...
    const example = new aws.ec2.SecurityGroup("example", {egress: [{
        fromPort: 0,
        toPort: 0,
        protocol: "-1",
        prefixListIds: [myEndpoint.prefixListId],
    }]});
    
    resources:
      example:
        type: aws:ec2:SecurityGroup
        properties:
          egress:
            - fromPort: 0
              toPort: 0
              protocol: '-1'
              prefixListIds:
                - ${myEndpoint.prefixListId}
      myEndpoint:
        type: aws:ec2:VpcEndpoint
    

    Removing All Ingress and Egress Rules

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Ec2.SecurityGroup("example", new()
        {
            VpcId = aws_vpc.Example.Id,
            Ingress = new[] {},
            Egress = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{
    			VpcId:   pulumi.Any(aws_vpc.Example.Id),
    			Ingress: ec2.SecurityGroupIngressArray{},
    			Egress:  ec2.SecurityGroupEgressArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.SecurityGroup;
    import com.pulumi.aws.ec2.SecurityGroupArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new SecurityGroup("example", SecurityGroupArgs.builder()        
                .vpcId(aws_vpc.example().id())
                .ingress()
                .egress()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.ec2.SecurityGroup("example",
        vpc_id=aws_vpc["example"]["id"],
        ingress=[],
        egress=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.ec2.SecurityGroup("example", {
        vpcId: aws_vpc.example.id,
        ingress: [],
        egress: [],
    });
    
    resources:
      example:
        type: aws:ec2:SecurityGroup
        properties:
          vpcId: ${aws_vpc.example.id}
          ingress: []
          egress: []
    

    create_before_destroy

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Ec2.SecurityGroup("example");
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ec2.NewSecurityGroup(ctx, "example", nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.SecurityGroup;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new SecurityGroup("example");
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.ec2.SecurityGroup("example")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.ec2.SecurityGroup("example", {});
    
    resources:
      example:
        type: aws:ec2:SecurityGroup
    

    replace_triggered_by

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleSecurityGroup = new Aws.Ec2.SecurityGroup("exampleSecurityGroup");
    
        // ... other configuration ...
        var exampleInstance = new Aws.Ec2.Instance("exampleInstance", new()
        {
            InstanceType = "t3.small",
            VpcSecurityGroupIds = new[]
            {
                aws_security_group.Test.Id,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ec2.NewSecurityGroup(ctx, "exampleSecurityGroup", nil)
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewInstance(ctx, "exampleInstance", &ec2.InstanceArgs{
    			InstanceType: pulumi.String("t3.small"),
    			VpcSecurityGroupIds: pulumi.StringArray{
    				aws_security_group.Test.Id,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.SecurityGroup;
    import com.pulumi.aws.ec2.Instance;
    import com.pulumi.aws.ec2.InstanceArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleSecurityGroup = new SecurityGroup("exampleSecurityGroup");
    
            var exampleInstance = new Instance("exampleInstance", InstanceArgs.builder()        
                .instanceType("t3.small")
                .vpcSecurityGroupIds(aws_security_group.test().id())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    example_security_group = aws.ec2.SecurityGroup("exampleSecurityGroup")
    # ... other configuration ...
    example_instance = aws.ec2.Instance("exampleInstance",
        instance_type="t3.small",
        vpc_security_group_ids=[aws_security_group["test"]["id"]])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const exampleSecurityGroup = new aws.ec2.SecurityGroup("exampleSecurityGroup", {});
    // ... other configuration ...
    const exampleInstance = new aws.ec2.Instance("exampleInstance", {
        instanceType: "t3.small",
        vpcSecurityGroupIds: [aws_security_group.test.id],
    });
    
    resources:
      exampleSecurityGroup:
        type: aws:ec2:SecurityGroup
      exampleInstance:
        type: aws:ec2:Instance
        properties:
          instanceType: t3.small # ... other configuration ...
          vpcSecurityGroupIds:
            - ${aws_security_group.test.id}
    

    Shorter timeout

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Ec2.SecurityGroup("example");
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ec2.NewSecurityGroup(ctx, "example", nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.SecurityGroup;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new SecurityGroup("example");
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.ec2.SecurityGroup("example")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.ec2.SecurityGroup("example", {});
    
    resources:
      example:
        type: aws:ec2:SecurityGroup
    

    Create SecurityGroup Resource

    new SecurityGroup(name: string, args?: SecurityGroupArgs, opts?: CustomResourceOptions);
    @overload
    def SecurityGroup(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      description: Optional[str] = None,
                      egress: Optional[Sequence[SecurityGroupEgressArgs]] = None,
                      ingress: Optional[Sequence[SecurityGroupIngressArgs]] = None,
                      name: Optional[str] = None,
                      name_prefix: Optional[str] = None,
                      revoke_rules_on_delete: Optional[bool] = None,
                      tags: Optional[Mapping[str, str]] = None,
                      vpc_id: Optional[str] = None)
    @overload
    def SecurityGroup(resource_name: str,
                      args: Optional[SecurityGroupArgs] = None,
                      opts: Optional[ResourceOptions] = None)
    func NewSecurityGroup(ctx *Context, name string, args *SecurityGroupArgs, opts ...ResourceOption) (*SecurityGroup, error)
    public SecurityGroup(string name, SecurityGroupArgs? args = null, CustomResourceOptions? opts = null)
    public SecurityGroup(String name, SecurityGroupArgs args)
    public SecurityGroup(String name, SecurityGroupArgs args, CustomResourceOptions options)
    
    type: aws:ec2:SecurityGroup
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SecurityGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SecurityGroupArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SecurityGroupArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SecurityGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SecurityGroupArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SecurityGroup Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SecurityGroup resource accepts the following input properties:

    Description string

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    Egress List<SecurityGroupEgress>

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    Ingress List<SecurityGroupIngress>

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    Name string

    Name of the security group. If omitted, the provider will assign a random, unique name.

    NamePrefix string

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    RevokeRulesOnDelete bool

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    Tags Dictionary<string, string>

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    VpcId string

    VPC ID. Defaults to the region's default VPC.

    Description string

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    Egress []SecurityGroupEgressArgs

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    Ingress []SecurityGroupIngressArgs

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    Name string

    Name of the security group. If omitted, the provider will assign a random, unique name.

    NamePrefix string

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    RevokeRulesOnDelete bool

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    Tags map[string]string

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    VpcId string

    VPC ID. Defaults to the region's default VPC.

    description String

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    egress List<SecurityGroupEgress>

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    ingress List<SecurityGroupIngress>

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    name String

    Name of the security group. If omitted, the provider will assign a random, unique name.

    namePrefix String

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    revokeRulesOnDelete Boolean

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    tags Map<String,String>

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    vpcId String

    VPC ID. Defaults to the region's default VPC.

    description string

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    egress SecurityGroupEgress[]

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    ingress SecurityGroupIngress[]

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    name string

    Name of the security group. If omitted, the provider will assign a random, unique name.

    namePrefix string

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    revokeRulesOnDelete boolean

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    tags {[key: string]: string}

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    vpcId string

    VPC ID. Defaults to the region's default VPC.

    description str

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    egress Sequence[SecurityGroupEgressArgs]

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    ingress Sequence[SecurityGroupIngressArgs]

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    name str

    Name of the security group. If omitted, the provider will assign a random, unique name.

    name_prefix str

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    revoke_rules_on_delete bool

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    tags Mapping[str, str]

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    vpc_id str

    VPC ID. Defaults to the region's default VPC.

    description String

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    egress List<Property Map>

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    ingress List<Property Map>

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    name String

    Name of the security group. If omitted, the provider will assign a random, unique name.

    namePrefix String

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    revokeRulesOnDelete Boolean

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    tags Map<String>

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    vpcId String

    VPC ID. Defaults to the region's default VPC.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SecurityGroup resource produces the following output properties:

    Arn string

    ARN of the security group.

    Id string

    The provider-assigned unique ID for this managed resource.

    OwnerId string

    Owner ID.

    TagsAll Dictionary<string, string>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    Arn string

    ARN of the security group.

    Id string

    The provider-assigned unique ID for this managed resource.

    OwnerId string

    Owner ID.

    TagsAll map[string]string

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn String

    ARN of the security group.

    id String

    The provider-assigned unique ID for this managed resource.

    ownerId String

    Owner ID.

    tagsAll Map<String,String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn string

    ARN of the security group.

    id string

    The provider-assigned unique ID for this managed resource.

    ownerId string

    Owner ID.

    tagsAll {[key: string]: string}

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn str

    ARN of the security group.

    id str

    The provider-assigned unique ID for this managed resource.

    owner_id str

    Owner ID.

    tags_all Mapping[str, str]

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn String

    ARN of the security group.

    id String

    The provider-assigned unique ID for this managed resource.

    ownerId String

    Owner ID.

    tagsAll Map<String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    Look up Existing SecurityGroup Resource

    Get an existing SecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SecurityGroupState, opts?: CustomResourceOptions): SecurityGroup
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            description: Optional[str] = None,
            egress: Optional[Sequence[SecurityGroupEgressArgs]] = None,
            ingress: Optional[Sequence[SecurityGroupIngressArgs]] = None,
            name: Optional[str] = None,
            name_prefix: Optional[str] = None,
            owner_id: Optional[str] = None,
            revoke_rules_on_delete: Optional[bool] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            vpc_id: Optional[str] = None) -> SecurityGroup
    func GetSecurityGroup(ctx *Context, name string, id IDInput, state *SecurityGroupState, opts ...ResourceOption) (*SecurityGroup, error)
    public static SecurityGroup Get(string name, Input<string> id, SecurityGroupState? state, CustomResourceOptions? opts = null)
    public static SecurityGroup get(String name, Output<String> id, SecurityGroupState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string

    ARN of the security group.

    Description string

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    Egress List<SecurityGroupEgress>

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    Ingress List<SecurityGroupIngress>

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    Name string

    Name of the security group. If omitted, the provider will assign a random, unique name.

    NamePrefix string

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    OwnerId string

    Owner ID.

    RevokeRulesOnDelete bool

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    Tags Dictionary<string, string>

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll Dictionary<string, string>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    VpcId string

    VPC ID. Defaults to the region's default VPC.

    Arn string

    ARN of the security group.

    Description string

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    Egress []SecurityGroupEgressArgs

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    Ingress []SecurityGroupIngressArgs

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    Name string

    Name of the security group. If omitted, the provider will assign a random, unique name.

    NamePrefix string

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    OwnerId string

    Owner ID.

    RevokeRulesOnDelete bool

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    Tags map[string]string

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll map[string]string

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    VpcId string

    VPC ID. Defaults to the region's default VPC.

    arn String

    ARN of the security group.

    description String

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    egress List<SecurityGroupEgress>

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    ingress List<SecurityGroupIngress>

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    name String

    Name of the security group. If omitted, the provider will assign a random, unique name.

    namePrefix String

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    ownerId String

    Owner ID.

    revokeRulesOnDelete Boolean

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    tags Map<String,String>

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String,String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    vpcId String

    VPC ID. Defaults to the region's default VPC.

    arn string

    ARN of the security group.

    description string

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    egress SecurityGroupEgress[]

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    ingress SecurityGroupIngress[]

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    name string

    Name of the security group. If omitted, the provider will assign a random, unique name.

    namePrefix string

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    ownerId string

    Owner ID.

    revokeRulesOnDelete boolean

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    tags {[key: string]: string}

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll {[key: string]: string}

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    vpcId string

    VPC ID. Defaults to the region's default VPC.

    arn str

    ARN of the security group.

    description str

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    egress Sequence[SecurityGroupEgressArgs]

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    ingress Sequence[SecurityGroupIngressArgs]

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    name str

    Name of the security group. If omitted, the provider will assign a random, unique name.

    name_prefix str

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    owner_id str

    Owner ID.

    revoke_rules_on_delete bool

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    tags Mapping[str, str]

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tags_all Mapping[str, str]

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    vpc_id str

    VPC ID. Defaults to the region's default VPC.

    arn String

    ARN of the security group.

    description String

    Security group description. Defaults to Managed by Pulumi. Cannot be "". NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use tags.

    egress List<Property Map>

    Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    ingress List<Property Map>

    Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.

    name String

    Name of the security group. If omitted, the provider will assign a random, unique name.

    namePrefix String

    Creates a unique name beginning with the specified prefix. Conflicts with name.

    ownerId String

    Owner ID.

    revokeRulesOnDelete Boolean

    Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.

    tags Map<String>

    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    vpcId String

    VPC ID. Defaults to the region's default VPC.

    Supporting Types

    SecurityGroupEgress, SecurityGroupEgressArgs

    FromPort int

    Start port (or ICMP type number if protocol is icmp)

    Protocol string

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference.

    ToPort int

    End range port (or ICMP code if protocol is icmp).

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the destination of the traffic.

    CidrBlocks List<string>

    List of CIDR blocks.

    Description string

    Description of this egress rule.

    Ipv6CidrBlocks List<string>

    List of IPv6 CIDR blocks.

    PrefixListIds List<string>

    List of Prefix List IDs.

    SecurityGroups List<string>

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    Self bool

    Whether the security group itself will be added as a source to this egress rule.

    FromPort int

    Start port (or ICMP type number if protocol is icmp)

    Protocol string

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference.

    ToPort int

    End range port (or ICMP code if protocol is icmp).

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the destination of the traffic.

    CidrBlocks []string

    List of CIDR blocks.

    Description string

    Description of this egress rule.

    Ipv6CidrBlocks []string

    List of IPv6 CIDR blocks.

    PrefixListIds []string

    List of Prefix List IDs.

    SecurityGroups []string

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    Self bool

    Whether the security group itself will be added as a source to this egress rule.

    fromPort Integer

    Start port (or ICMP type number if protocol is icmp)

    protocol String

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference.

    toPort Integer

    End range port (or ICMP code if protocol is icmp).

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the destination of the traffic.

    cidrBlocks List<String>

    List of CIDR blocks.

    description String

    Description of this egress rule.

    ipv6CidrBlocks List<String>

    List of IPv6 CIDR blocks.

    prefixListIds List<String>

    List of Prefix List IDs.

    securityGroups List<String>

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    self Boolean

    Whether the security group itself will be added as a source to this egress rule.

    fromPort number

    Start port (or ICMP type number if protocol is icmp)

    protocol string

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference.

    toPort number

    End range port (or ICMP code if protocol is icmp).

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the destination of the traffic.

    cidrBlocks string[]

    List of CIDR blocks.

    description string

    Description of this egress rule.

    ipv6CidrBlocks string[]

    List of IPv6 CIDR blocks.

    prefixListIds string[]

    List of Prefix List IDs.

    securityGroups string[]

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    self boolean

    Whether the security group itself will be added as a source to this egress rule.

    from_port int

    Start port (or ICMP type number if protocol is icmp)

    protocol str

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference.

    to_port int

    End range port (or ICMP code if protocol is icmp).

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the destination of the traffic.

    cidr_blocks Sequence[str]

    List of CIDR blocks.

    description str

    Description of this egress rule.

    ipv6_cidr_blocks Sequence[str]

    List of IPv6 CIDR blocks.

    prefix_list_ids Sequence[str]

    List of Prefix List IDs.

    security_groups Sequence[str]

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    self bool

    Whether the security group itself will be added as a source to this egress rule.

    fromPort Number

    Start port (or ICMP type number if protocol is icmp)

    protocol String

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument in the IpPermission API reference.

    toPort Number

    End range port (or ICMP code if protocol is icmp).

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the destination of the traffic.

    cidrBlocks List<String>

    List of CIDR blocks.

    description String

    Description of this egress rule.

    ipv6CidrBlocks List<String>

    List of IPv6 CIDR blocks.

    prefixListIds List<String>

    List of Prefix List IDs.

    securityGroups List<String>

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    self Boolean

    Whether the security group itself will be added as a source to this egress rule.

    SecurityGroupIngress, SecurityGroupIngressArgs

    FromPort int

    Start port (or ICMP type number if protocol is icmp or icmpv6).

    Protocol string

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference.

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the source of the traffic.

    ToPort int

    End range port (or ICMP code if protocol is icmp).

    CidrBlocks List<string>

    List of CIDR blocks.

    Description string

    Description of this ingress rule.

    Ipv6CidrBlocks List<string>

    List of IPv6 CIDR blocks.

    PrefixListIds List<string>

    List of Prefix List IDs.

    SecurityGroups List<string>

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    Self bool

    Whether the security group itself will be added as a source to this ingress rule.

    FromPort int

    Start port (or ICMP type number if protocol is icmp or icmpv6).

    Protocol string

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference.

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the source of the traffic.

    ToPort int

    End range port (or ICMP code if protocol is icmp).

    CidrBlocks []string

    List of CIDR blocks.

    Description string

    Description of this ingress rule.

    Ipv6CidrBlocks []string

    List of IPv6 CIDR blocks.

    PrefixListIds []string

    List of Prefix List IDs.

    SecurityGroups []string

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    Self bool

    Whether the security group itself will be added as a source to this ingress rule.

    fromPort Integer

    Start port (or ICMP type number if protocol is icmp or icmpv6).

    protocol String

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference.

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the source of the traffic.

    toPort Integer

    End range port (or ICMP code if protocol is icmp).

    cidrBlocks List<String>

    List of CIDR blocks.

    description String

    Description of this ingress rule.

    ipv6CidrBlocks List<String>

    List of IPv6 CIDR blocks.

    prefixListIds List<String>

    List of Prefix List IDs.

    securityGroups List<String>

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    self Boolean

    Whether the security group itself will be added as a source to this ingress rule.

    fromPort number

    Start port (or ICMP type number if protocol is icmp or icmpv6).

    protocol string

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference.

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the source of the traffic.

    toPort number

    End range port (or ICMP code if protocol is icmp).

    cidrBlocks string[]

    List of CIDR blocks.

    description string

    Description of this ingress rule.

    ipv6CidrBlocks string[]

    List of IPv6 CIDR blocks.

    prefixListIds string[]

    List of Prefix List IDs.

    securityGroups string[]

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    self boolean

    Whether the security group itself will be added as a source to this ingress rule.

    from_port int

    Start port (or ICMP type number if protocol is icmp or icmpv6).

    protocol str

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference.

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the source of the traffic.

    to_port int

    End range port (or ICMP code if protocol is icmp).

    cidr_blocks Sequence[str]

    List of CIDR blocks.

    description str

    Description of this ingress rule.

    ipv6_cidr_blocks Sequence[str]

    List of IPv6 CIDR blocks.

    prefix_list_ids Sequence[str]

    List of Prefix List IDs.

    security_groups Sequence[str]

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    self bool

    Whether the security group itself will be added as a source to this ingress rule.

    fromPort Number

    Start port (or ICMP type number if protocol is icmp or icmpv6).

    protocol String

    Protocol. If you select a protocol of -1 (semantically equivalent to all, which is not a valid value here), you must specify a from_port and to_port equal to 0. The supported values are defined in the IpProtocol argument on the IpPermission API reference.

    The following arguments are optional:

    Note Although cidr_blocks, ipv6_cidr_blocks, prefix_list_ids, and security_groups are all marked as optional, you must provide one of them in order to configure the source of the traffic.

    toPort Number

    End range port (or ICMP code if protocol is icmp).

    cidrBlocks List<String>

    List of CIDR blocks.

    description String

    Description of this ingress rule.

    ipv6CidrBlocks List<String>

    List of IPv6 CIDR blocks.

    prefixListIds List<String>

    List of Prefix List IDs.

    securityGroups List<String>

    List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.

    self Boolean

    Whether the security group itself will be added as a source to this ingress rule.

    Import

    Using pulumi import, import Security Groups using the security group id. For example:

     $ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aws Terraform Provider.

    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.12.3 published on Thursday, Nov 30, 2023 by Pulumi