Try AWS Native preview for resources not in the classic version.
aws.ec2.SecurityGroup
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Provides a security group resource.
NOTE on Security Groups and Security Group Rules: This provider currently provides a Security Group resource with
ingress
andegress
rules defined in-line and a Security Group Rule resource which manages one or moreingress
oregress
rules. Both of these resource were added before AWS assigned a security group rule unique ID, and they do not work well in all scenarios using thedescription
andtags
attributes, which rely on the unique ID. Theaws.vpc.SecurityGroupEgressRule
andaws.vpc.SecurityGroupIngressRule
resources have been added to address these limitations and should be used for all new security group rules. You should not use theaws.vpc.SecurityGroupEgressRule
andaws.vpc.SecurityGroupIngressRule
resources in conjunction with anaws.ec2.SecurityGroup
resource with in-line rules or withaws.ec2.SecurityGroupRule
resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.
NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.
NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.
NOTE: The
cidr_blocks
andipv6_cidr_blocks
parameters are optional in theingress
andegress
blocks. If nothing is specified, traffic will be blocked as described in NOTE on Egress rules later.
Example Usage
Basic Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var allowTls = new Aws.Ec2.SecurityGroup("allowTls", new()
{
Description = "Allow TLS inbound traffic",
VpcId = aws_vpc.Main.Id,
Ingress = new[]
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Description = "TLS from VPC",
FromPort = 443,
ToPort = 443,
Protocol = "tcp",
CidrBlocks = new[]
{
aws_vpc.Main.Cidr_block,
},
Ipv6CidrBlocks = new[]
{
aws_vpc.Main.Ipv6_cidr_block,
},
},
},
Egress = new[]
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
FromPort = 0,
ToPort = 0,
Protocol = "-1",
CidrBlocks = new[]
{
"0.0.0.0/0",
},
Ipv6CidrBlocks = new[]
{
"::/0",
},
},
},
Tags =
{
{ "Name", "allow_tls" },
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewSecurityGroup(ctx, "allowTls", &ec2.SecurityGroupArgs{
Description: pulumi.String("Allow TLS inbound traffic"),
VpcId: pulumi.Any(aws_vpc.Main.Id),
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
Description: pulumi.String("TLS from VPC"),
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
Protocol: pulumi.String("tcp"),
CidrBlocks: pulumi.StringArray{
aws_vpc.Main.Cidr_block,
},
Ipv6CidrBlocks: pulumi.StringArray{
aws_vpc.Main.Ipv6_cidr_block,
},
},
},
Egress: ec2.SecurityGroupEgressArray{
&ec2.SecurityGroupEgressArgs{
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
Protocol: pulumi.String("-1"),
CidrBlocks: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
Ipv6CidrBlocks: pulumi.StringArray{
pulumi.String("::/0"),
},
},
},
Tags: pulumi.StringMap{
"Name": pulumi.String("allow_tls"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.SecurityGroup;
import com.pulumi.aws.ec2.SecurityGroupArgs;
import com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;
import com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var allowTls = new SecurityGroup("allowTls", SecurityGroupArgs.builder()
.description("Allow TLS inbound traffic")
.vpcId(aws_vpc.main().id())
.ingress(SecurityGroupIngressArgs.builder()
.description("TLS from VPC")
.fromPort(443)
.toPort(443)
.protocol("tcp")
.cidrBlocks(aws_vpc.main().cidr_block())
.ipv6CidrBlocks(aws_vpc.main().ipv6_cidr_block())
.build())
.egress(SecurityGroupEgressArgs.builder()
.fromPort(0)
.toPort(0)
.protocol("-1")
.cidrBlocks("0.0.0.0/0")
.ipv6CidrBlocks("::/0")
.build())
.tags(Map.of("Name", "allow_tls"))
.build());
}
}
import pulumi
import pulumi_aws as aws
allow_tls = aws.ec2.SecurityGroup("allowTls",
description="Allow TLS inbound traffic",
vpc_id=aws_vpc["main"]["id"],
ingress=[aws.ec2.SecurityGroupIngressArgs(
description="TLS from VPC",
from_port=443,
to_port=443,
protocol="tcp",
cidr_blocks=[aws_vpc["main"]["cidr_block"]],
ipv6_cidr_blocks=[aws_vpc["main"]["ipv6_cidr_block"]],
)],
egress=[aws.ec2.SecurityGroupEgressArgs(
from_port=0,
to_port=0,
protocol="-1",
cidr_blocks=["0.0.0.0/0"],
ipv6_cidr_blocks=["::/0"],
)],
tags={
"Name": "allow_tls",
})
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const allowTls = new aws.ec2.SecurityGroup("allowTls", {
description: "Allow TLS inbound traffic",
vpcId: aws_vpc.main.id,
ingress: [{
description: "TLS from VPC",
fromPort: 443,
toPort: 443,
protocol: "tcp",
cidrBlocks: [aws_vpc.main.cidr_block],
ipv6CidrBlocks: [aws_vpc.main.ipv6_cidr_block],
}],
egress: [{
fromPort: 0,
toPort: 0,
protocol: "-1",
cidrBlocks: ["0.0.0.0/0"],
ipv6CidrBlocks: ["::/0"],
}],
tags: {
Name: "allow_tls",
},
});
resources:
allowTls:
type: aws:ec2:SecurityGroup
properties:
description: Allow TLS inbound traffic
vpcId: ${aws_vpc.main.id}
ingress:
- description: TLS from VPC
fromPort: 443
toPort: 443
protocol: tcp
cidrBlocks:
- ${aws_vpc.main.cidr_block}
ipv6CidrBlocks:
- ${aws_vpc.main.ipv6_cidr_block}
egress:
- fromPort: 0
toPort: 0
protocol: '-1'
cidrBlocks:
- 0.0.0.0/0
ipv6CidrBlocks:
- ::/0
tags:
Name: allow_tls
block
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Ec2.SecurityGroup("example", new()
{
Egress = new[]
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
CidrBlocks = new[]
{
"0.0.0.0/0",
},
FromPort = 0,
Ipv6CidrBlocks = new[]
{
"::/0",
},
Protocol = "-1",
ToPort = 0,
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{
Egress: ec2.SecurityGroupEgressArray{
&ec2.SecurityGroupEgressArgs{
CidrBlocks: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
FromPort: pulumi.Int(0),
Ipv6CidrBlocks: pulumi.StringArray{
pulumi.String("::/0"),
},
Protocol: pulumi.String("-1"),
ToPort: pulumi.Int(0),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.SecurityGroup;
import com.pulumi.aws.ec2.SecurityGroupArgs;
import com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new SecurityGroup("example", SecurityGroupArgs.builder()
.egress(SecurityGroupEgressArgs.builder()
.cidrBlocks("0.0.0.0/0")
.fromPort(0)
.ipv6CidrBlocks("::/0")
.protocol("-1")
.toPort(0)
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.ec2.SecurityGroup("example", egress=[aws.ec2.SecurityGroupEgressArgs(
cidr_blocks=["0.0.0.0/0"],
from_port=0,
ipv6_cidr_blocks=["::/0"],
protocol="-1",
to_port=0,
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2.SecurityGroup("example", {egress: [{
cidrBlocks: ["0.0.0.0/0"],
fromPort: 0,
ipv6CidrBlocks: ["::/0"],
protocol: "-1",
toPort: 0,
}]});
resources:
example:
type: aws:ec2:SecurityGroup
properties:
egress:
- cidrBlocks:
- 0.0.0.0/0
fromPort: 0
ipv6CidrBlocks:
- ::/0
protocol: '-1'
toPort: 0
Usage With Prefix List IDs
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var myEndpoint = new Aws.Ec2.VpcEndpoint("myEndpoint");
// ... other configuration ...
// ... other configuration ...
var example = new Aws.Ec2.SecurityGroup("example", new()
{
Egress = new[]
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
FromPort = 0,
ToPort = 0,
Protocol = "-1",
PrefixListIds = new[]
{
myEndpoint.PrefixListId,
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myEndpoint, err := ec2.NewVpcEndpoint(ctx, "myEndpoint", nil)
if err != nil {
return err
}
_, err = ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{
Egress: ec2.SecurityGroupEgressArray{
&ec2.SecurityGroupEgressArgs{
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
Protocol: pulumi.String("-1"),
PrefixListIds: pulumi.StringArray{
myEndpoint.PrefixListId,
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.SecurityGroup;
import com.pulumi.aws.ec2.SecurityGroupArgs;
import com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myEndpoint = new VpcEndpoint("myEndpoint");
var example = new SecurityGroup("example", SecurityGroupArgs.builder()
.egress(SecurityGroupEgressArgs.builder()
.fromPort(0)
.toPort(0)
.protocol("-1")
.prefixListIds(myEndpoint.prefixListId())
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
my_endpoint = aws.ec2.VpcEndpoint("myEndpoint")
# ... other configuration ...
# ... other configuration ...
example = aws.ec2.SecurityGroup("example", egress=[aws.ec2.SecurityGroupEgressArgs(
from_port=0,
to_port=0,
protocol="-1",
prefix_list_ids=[my_endpoint.prefix_list_id],
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myEndpoint = new aws.ec2.VpcEndpoint("myEndpoint", {});
// ... other configuration ...
// ... other configuration ...
const example = new aws.ec2.SecurityGroup("example", {egress: [{
fromPort: 0,
toPort: 0,
protocol: "-1",
prefixListIds: [myEndpoint.prefixListId],
}]});
resources:
example:
type: aws:ec2:SecurityGroup
properties:
egress:
- fromPort: 0
toPort: 0
protocol: '-1'
prefixListIds:
- ${myEndpoint.prefixListId}
myEndpoint:
type: aws:ec2:VpcEndpoint
Removing All Ingress and Egress Rules
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Ec2.SecurityGroup("example", new()
{
VpcId = aws_vpc.Example.Id,
Ingress = new[] {},
Egress = new[] {},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewSecurityGroup(ctx, "example", &ec2.SecurityGroupArgs{
VpcId: pulumi.Any(aws_vpc.Example.Id),
Ingress: ec2.SecurityGroupIngressArray{},
Egress: ec2.SecurityGroupEgressArray{},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.SecurityGroup;
import com.pulumi.aws.ec2.SecurityGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new SecurityGroup("example", SecurityGroupArgs.builder()
.vpcId(aws_vpc.example().id())
.ingress()
.egress()
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.ec2.SecurityGroup("example",
vpc_id=aws_vpc["example"]["id"],
ingress=[],
egress=[])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2.SecurityGroup("example", {
vpcId: aws_vpc.example.id,
ingress: [],
egress: [],
});
resources:
example:
type: aws:ec2:SecurityGroup
properties:
vpcId: ${aws_vpc.example.id}
ingress: []
egress: []
create_before_destroy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Ec2.SecurityGroup("example");
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewSecurityGroup(ctx, "example", nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.SecurityGroup;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new SecurityGroup("example");
}
}
import pulumi
import pulumi_aws as aws
example = aws.ec2.SecurityGroup("example")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2.SecurityGroup("example", {});
resources:
example:
type: aws:ec2:SecurityGroup
replace_triggered_by
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleSecurityGroup = new Aws.Ec2.SecurityGroup("exampleSecurityGroup");
// ... other configuration ...
var exampleInstance = new Aws.Ec2.Instance("exampleInstance", new()
{
InstanceType = "t3.small",
VpcSecurityGroupIds = new[]
{
aws_security_group.Test.Id,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewSecurityGroup(ctx, "exampleSecurityGroup", nil)
if err != nil {
return err
}
_, err = ec2.NewInstance(ctx, "exampleInstance", &ec2.InstanceArgs{
InstanceType: pulumi.String("t3.small"),
VpcSecurityGroupIds: pulumi.StringArray{
aws_security_group.Test.Id,
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.SecurityGroup;
import com.pulumi.aws.ec2.Instance;
import com.pulumi.aws.ec2.InstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleSecurityGroup = new SecurityGroup("exampleSecurityGroup");
var exampleInstance = new Instance("exampleInstance", InstanceArgs.builder()
.instanceType("t3.small")
.vpcSecurityGroupIds(aws_security_group.test().id())
.build());
}
}
import pulumi
import pulumi_aws as aws
example_security_group = aws.ec2.SecurityGroup("exampleSecurityGroup")
# ... other configuration ...
example_instance = aws.ec2.Instance("exampleInstance",
instance_type="t3.small",
vpc_security_group_ids=[aws_security_group["test"]["id"]])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleSecurityGroup = new aws.ec2.SecurityGroup("exampleSecurityGroup", {});
// ... other configuration ...
const exampleInstance = new aws.ec2.Instance("exampleInstance", {
instanceType: "t3.small",
vpcSecurityGroupIds: [aws_security_group.test.id],
});
resources:
exampleSecurityGroup:
type: aws:ec2:SecurityGroup
exampleInstance:
type: aws:ec2:Instance
properties:
instanceType: t3.small # ... other configuration ...
vpcSecurityGroupIds:
- ${aws_security_group.test.id}
Shorter timeout
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Ec2.SecurityGroup("example");
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewSecurityGroup(ctx, "example", nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.SecurityGroup;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new SecurityGroup("example");
}
}
import pulumi
import pulumi_aws as aws
example = aws.ec2.SecurityGroup("example")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.ec2.SecurityGroup("example", {});
resources:
example:
type: aws:ec2:SecurityGroup
Create SecurityGroup Resource
new SecurityGroup(name: string, args?: SecurityGroupArgs, opts?: CustomResourceOptions);
@overload
def SecurityGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
egress: Optional[Sequence[SecurityGroupEgressArgs]] = None,
ingress: Optional[Sequence[SecurityGroupIngressArgs]] = None,
name: Optional[str] = None,
name_prefix: Optional[str] = None,
revoke_rules_on_delete: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
vpc_id: Optional[str] = None)
@overload
def SecurityGroup(resource_name: str,
args: Optional[SecurityGroupArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewSecurityGroup(ctx *Context, name string, args *SecurityGroupArgs, opts ...ResourceOption) (*SecurityGroup, error)
public SecurityGroup(string name, SecurityGroupArgs? args = null, CustomResourceOptions? opts = null)
public SecurityGroup(String name, SecurityGroupArgs args)
public SecurityGroup(String name, SecurityGroupArgs args, CustomResourceOptions options)
type: aws:ec2:SecurityGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecurityGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SecurityGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SecurityGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SecurityGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SecurityGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
SecurityGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The SecurityGroup resource accepts the following input properties:
- Description string
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- Egress
List<Security
Group Egress> Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Ingress
List<Security
Group Ingress> Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Name string
Name of the security group. If omitted, the provider will assign a random, unique name.
- Name
Prefix string Creates a unique name beginning with the specified prefix. Conflicts with
name
.- Revoke
Rules boolOn Delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- Dictionary<string, string>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Vpc
Id string VPC ID. Defaults to the region's default VPC.
- Description string
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- Egress
[]Security
Group Egress Args Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Ingress
[]Security
Group Ingress Args Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Name string
Name of the security group. If omitted, the provider will assign a random, unique name.
- Name
Prefix string Creates a unique name beginning with the specified prefix. Conflicts with
name
.- Revoke
Rules boolOn Delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- map[string]string
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Vpc
Id string VPC ID. Defaults to the region's default VPC.
- description String
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- egress
List<Security
Group Egress> Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress
List<Security
Group Ingress> Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name String
Name of the security group. If omitted, the provider will assign a random, unique name.
- name
Prefix String Creates a unique name beginning with the specified prefix. Conflicts with
name
.- revoke
Rules BooleanOn Delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- Map<String,String>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- vpc
Id String VPC ID. Defaults to the region's default VPC.
- description string
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- egress
Security
Group Egress[] Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress
Security
Group Ingress[] Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name string
Name of the security group. If omitted, the provider will assign a random, unique name.
- name
Prefix string Creates a unique name beginning with the specified prefix. Conflicts with
name
.- revoke
Rules booleanOn Delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- {[key: string]: string}
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- vpc
Id string VPC ID. Defaults to the region's default VPC.
- description str
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- egress
Sequence[Security
Group Egress Args] Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress
Sequence[Security
Group Ingress Args] Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name str
Name of the security group. If omitted, the provider will assign a random, unique name.
- name_
prefix str Creates a unique name beginning with the specified prefix. Conflicts with
name
.- revoke_
rules_ boolon_ delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- Mapping[str, str]
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- vpc_
id str VPC ID. Defaults to the region's default VPC.
- description String
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- egress List<Property Map>
Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress List<Property Map>
Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name String
Name of the security group. If omitted, the provider will assign a random, unique name.
- name
Prefix String Creates a unique name beginning with the specified prefix. Conflicts with
name
.- revoke
Rules BooleanOn Delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- Map<String>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- vpc
Id String VPC ID. Defaults to the region's default VPC.
Outputs
All input properties are implicitly available as output properties. Additionally, the SecurityGroup resource produces the following output properties:
Look up Existing SecurityGroup Resource
Get an existing SecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SecurityGroupState, opts?: CustomResourceOptions): SecurityGroup
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
description: Optional[str] = None,
egress: Optional[Sequence[SecurityGroupEgressArgs]] = None,
ingress: Optional[Sequence[SecurityGroupIngressArgs]] = None,
name: Optional[str] = None,
name_prefix: Optional[str] = None,
owner_id: Optional[str] = None,
revoke_rules_on_delete: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
vpc_id: Optional[str] = None) -> SecurityGroup
func GetSecurityGroup(ctx *Context, name string, id IDInput, state *SecurityGroupState, opts ...ResourceOption) (*SecurityGroup, error)
public static SecurityGroup Get(string name, Input<string> id, SecurityGroupState? state, CustomResourceOptions? opts = null)
public static SecurityGroup get(String name, Output<String> id, SecurityGroupState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
ARN of the security group.
- Description string
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- Egress
List<Security
Group Egress> Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Ingress
List<Security
Group Ingress> Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Name string
Name of the security group. If omitted, the provider will assign a random, unique name.
- Name
Prefix string Creates a unique name beginning with the specified prefix. Conflicts with
name
.- Owner
Id string Owner ID.
- Revoke
Rules boolOn Delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- Dictionary<string, string>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- Vpc
Id string VPC ID. Defaults to the region's default VPC.
- Arn string
ARN of the security group.
- Description string
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- Egress
[]Security
Group Egress Args Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Ingress
[]Security
Group Ingress Args Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Name string
Name of the security group. If omitted, the provider will assign a random, unique name.
- Name
Prefix string Creates a unique name beginning with the specified prefix. Conflicts with
name
.- Owner
Id string Owner ID.
- Revoke
Rules boolOn Delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- map[string]string
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- Vpc
Id string VPC ID. Defaults to the region's default VPC.
- arn String
ARN of the security group.
- description String
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- egress
List<Security
Group Egress> Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress
List<Security
Group Ingress> Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name String
Name of the security group. If omitted, the provider will assign a random, unique name.
- name
Prefix String Creates a unique name beginning with the specified prefix. Conflicts with
name
.- owner
Id String Owner ID.
- revoke
Rules BooleanOn Delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- Map<String,String>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- vpc
Id String VPC ID. Defaults to the region's default VPC.
- arn string
ARN of the security group.
- description string
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- egress
Security
Group Egress[] Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress
Security
Group Ingress[] Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name string
Name of the security group. If omitted, the provider will assign a random, unique name.
- name
Prefix string Creates a unique name beginning with the specified prefix. Conflicts with
name
.- owner
Id string Owner ID.
- revoke
Rules booleanOn Delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- {[key: string]: string}
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- vpc
Id string VPC ID. Defaults to the region's default VPC.
- arn str
ARN of the security group.
- description str
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- egress
Sequence[Security
Group Egress Args] Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress
Sequence[Security
Group Ingress Args] Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name str
Name of the security group. If omitted, the provider will assign a random, unique name.
- name_
prefix str Creates a unique name beginning with the specified prefix. Conflicts with
name
.- owner_
id str Owner ID.
- revoke_
rules_ boolon_ delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- Mapping[str, str]
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- vpc_
id str VPC ID. Defaults to the region's default VPC.
- arn String
ARN of the security group.
- description String
Security group description. Defaults to
Managed by Pulumi
. Cannot be""
. NOTE: This field maps to the AWSGroupDescription
attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags
.- egress List<Property Map>
Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress List<Property Map>
Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name String
Name of the security group. If omitted, the provider will assign a random, unique name.
- name
Prefix String Creates a unique name beginning with the specified prefix. Conflicts with
name
.- owner
Id String Owner ID.
- revoke
Rules BooleanOn Delete Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false
.- Map<String>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.- vpc
Id String VPC ID. Defaults to the region's default VPC.
Supporting Types
SecurityGroupEgress, SecurityGroupEgressArgs
- From
Port int Start port (or ICMP type number if protocol is
icmp
)- Protocol string
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument in the IpPermission API reference.- To
Port int End range port (or ICMP code if protocol is
icmp
).The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the destination of the traffic.- Cidr
Blocks List<string> List of CIDR blocks.
- Description string
Description of this egress rule.
- Ipv6Cidr
Blocks List<string> List of IPv6 CIDR blocks.
- Prefix
List List<string>Ids List of Prefix List IDs.
- Security
Groups List<string> List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- Self bool
Whether the security group itself will be added as a source to this egress rule.
- From
Port int Start port (or ICMP type number if protocol is
icmp
)- Protocol string
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument in the IpPermission API reference.- To
Port int End range port (or ICMP code if protocol is
icmp
).The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the destination of the traffic.- Cidr
Blocks []string List of CIDR blocks.
- Description string
Description of this egress rule.
- Ipv6Cidr
Blocks []string List of IPv6 CIDR blocks.
- Prefix
List []stringIds List of Prefix List IDs.
- Security
Groups []string List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- Self bool
Whether the security group itself will be added as a source to this egress rule.
- from
Port Integer Start port (or ICMP type number if protocol is
icmp
)- protocol String
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument in the IpPermission API reference.- to
Port Integer End range port (or ICMP code if protocol is
icmp
).The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the destination of the traffic.- cidr
Blocks List<String> List of CIDR blocks.
- description String
Description of this egress rule.
- ipv6Cidr
Blocks List<String> List of IPv6 CIDR blocks.
- prefix
List List<String>Ids List of Prefix List IDs.
- security
Groups List<String> List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self Boolean
Whether the security group itself will be added as a source to this egress rule.
- from
Port number Start port (or ICMP type number if protocol is
icmp
)- protocol string
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument in the IpPermission API reference.- to
Port number End range port (or ICMP code if protocol is
icmp
).The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the destination of the traffic.- cidr
Blocks string[] List of CIDR blocks.
- description string
Description of this egress rule.
- ipv6Cidr
Blocks string[] List of IPv6 CIDR blocks.
- prefix
List string[]Ids List of Prefix List IDs.
- security
Groups string[] List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self boolean
Whether the security group itself will be added as a source to this egress rule.
- from_
port int Start port (or ICMP type number if protocol is
icmp
)- protocol str
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument in the IpPermission API reference.- to_
port int End range port (or ICMP code if protocol is
icmp
).The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the destination of the traffic.- cidr_
blocks Sequence[str] List of CIDR blocks.
- description str
Description of this egress rule.
- ipv6_
cidr_ Sequence[str]blocks List of IPv6 CIDR blocks.
- prefix_
list_ Sequence[str]ids List of Prefix List IDs.
- security_
groups Sequence[str] List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self bool
Whether the security group itself will be added as a source to this egress rule.
- from
Port Number Start port (or ICMP type number if protocol is
icmp
)- protocol String
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument in the IpPermission API reference.- to
Port Number End range port (or ICMP code if protocol is
icmp
).The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the destination of the traffic.- cidr
Blocks List<String> List of CIDR blocks.
- description String
Description of this egress rule.
- ipv6Cidr
Blocks List<String> List of IPv6 CIDR blocks.
- prefix
List List<String>Ids List of Prefix List IDs.
- security
Groups List<String> List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self Boolean
Whether the security group itself will be added as a source to this egress rule.
SecurityGroupIngress, SecurityGroupIngressArgs
- From
Port int Start port (or ICMP type number if protocol is
icmp
oricmpv6
).- Protocol string
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument on the IpPermission API reference.The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the source of the traffic.- To
Port int End range port (or ICMP code if protocol is
icmp
).- Cidr
Blocks List<string> List of CIDR blocks.
- Description string
Description of this ingress rule.
- Ipv6Cidr
Blocks List<string> List of IPv6 CIDR blocks.
- Prefix
List List<string>Ids List of Prefix List IDs.
- Security
Groups List<string> List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- Self bool
Whether the security group itself will be added as a source to this ingress rule.
- From
Port int Start port (or ICMP type number if protocol is
icmp
oricmpv6
).- Protocol string
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument on the IpPermission API reference.The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the source of the traffic.- To
Port int End range port (or ICMP code if protocol is
icmp
).- Cidr
Blocks []string List of CIDR blocks.
- Description string
Description of this ingress rule.
- Ipv6Cidr
Blocks []string List of IPv6 CIDR blocks.
- Prefix
List []stringIds List of Prefix List IDs.
- Security
Groups []string List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- Self bool
Whether the security group itself will be added as a source to this ingress rule.
- from
Port Integer Start port (or ICMP type number if protocol is
icmp
oricmpv6
).- protocol String
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument on the IpPermission API reference.The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the source of the traffic.- to
Port Integer End range port (or ICMP code if protocol is
icmp
).- cidr
Blocks List<String> List of CIDR blocks.
- description String
Description of this ingress rule.
- ipv6Cidr
Blocks List<String> List of IPv6 CIDR blocks.
- prefix
List List<String>Ids List of Prefix List IDs.
- security
Groups List<String> List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self Boolean
Whether the security group itself will be added as a source to this ingress rule.
- from
Port number Start port (or ICMP type number if protocol is
icmp
oricmpv6
).- protocol string
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument on the IpPermission API reference.The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the source of the traffic.- to
Port number End range port (or ICMP code if protocol is
icmp
).- cidr
Blocks string[] List of CIDR blocks.
- description string
Description of this ingress rule.
- ipv6Cidr
Blocks string[] List of IPv6 CIDR blocks.
- prefix
List string[]Ids List of Prefix List IDs.
- security
Groups string[] List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self boolean
Whether the security group itself will be added as a source to this ingress rule.
- from_
port int Start port (or ICMP type number if protocol is
icmp
oricmpv6
).- protocol str
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument on the IpPermission API reference.The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the source of the traffic.- to_
port int End range port (or ICMP code if protocol is
icmp
).- cidr_
blocks Sequence[str] List of CIDR blocks.
- description str
Description of this ingress rule.
- ipv6_
cidr_ Sequence[str]blocks List of IPv6 CIDR blocks.
- prefix_
list_ Sequence[str]ids List of Prefix List IDs.
- security_
groups Sequence[str] List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self bool
Whether the security group itself will be added as a source to this ingress rule.
- from
Port Number Start port (or ICMP type number if protocol is
icmp
oricmpv6
).- protocol String
Protocol. If you select a protocol of
-1
(semantically equivalent toall
, which is not a valid value here), you must specify afrom_port
andto_port
equal to 0. The supported values are defined in theIpProtocol
argument on the IpPermission API reference.The following arguments are optional:
Note Although
cidr_blocks
,ipv6_cidr_blocks
,prefix_list_ids
, andsecurity_groups
are all marked as optional, you must provide one of them in order to configure the source of the traffic.- to
Port Number End range port (or ICMP code if protocol is
icmp
).- cidr
Blocks List<String> List of CIDR blocks.
- description String
Description of this ingress rule.
- ipv6Cidr
Blocks List<String> List of IPv6 CIDR blocks.
- prefix
List List<String>Ids List of Prefix List IDs.
- security
Groups List<String> List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self Boolean
Whether the security group itself will be added as a source to this ingress rule.
Import
Using pulumi import
, import Security Groups using the security group id
. For example:
$ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aws
Terraform Provider.
Try AWS Native preview for resources not in the classic version.