AWS CloudFormation
User Guide (API Version 2010-05-15)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

AWS::EC2::SecurityGroup

Creates an Amazon EC2 security group. To create a VPC security group, use the VpcId property.

This type supports updates. For more information about updating stacks, see AWS CloudFormation Stacks Updates.

Syntax

{
   "Type" : "AWS::EC2::SecurityGroup",
   "Properties" :
   {
      "GroupDescription" : String,
      "SecurityGroupEgress" : [ Security Group Rule, ... ],
      "SecurityGroupIngress" : [ Security Group Rule, ... ],
      "VpcId" : String,
      "Tags" :  [ Resource Tag, ... ]
   }
}
            

Properties

GroupDescription

Description of the security group.

Type: String

Required: Yes

Update requires: Replacement

SecurityGroupEgress

A list of Amazon EC2 security group egress rules.

Type: EC2 Security Group Rule

Required: No

SecurityGroupIngress

A list of Amazon EC2 security group ingress rules.

Type: EC2 Security Group Rule

Required: No

Tags

The tags that you want to attach to the resource.

Required: No

Type: AWS CloudFormation Resource Tags.

Update requires: no interruption.

VpcId

The physical ID of the VPC. Can be obtained by using a reference to an AWS::EC2::VPC, such as: { "Ref" : "myVPC" }.

For more information about using the Ref function, see Ref.

Type: String

Required: Yes, for VPC security groups

Update requires: Replacement

Note

For more information about VPC security groups, go to Security Groups in the Amazon Virtual Private Cloud User Guide.

Return Values

Ref

When you specify an AWS::EC2::SecurityGroup type as an argument to the Ref function, AWS CloudFormation returns the security group name or the security group ID for a VPC security group.

For more information about using the Ref function, see Ref.

Fn::GetAtt

Fn::GetAtt returns a value for a specified attribute of this type. This section lists the available attributes and corresponding return values.

GroupId

The group ID of the specified security group, such as sg-94b3a1f6.

For more information about using Fn:GetAtt, see Fn::GetAtt.

Example

AWS::EC2::SecurityGroup exists as a top-level element inside an AWS CloudFormation template. Here's an example:

"InstanceSecurityGroup" : {
   "Type" : "AWS::EC2::SecurityGroup",
   "Properties" : {
      "GroupDescription" : "Allow http to client host",
      "VpcId" : {"Ref" : "myVPC"},
      "SecurityGroupIngress" : [{
            "IpProtocol" : "tcp",
            "FromPort" : "80",
            "ToPort" : "80",
            "CidrIp" : "0.0.0.0/0"
         }],
      "SecurityGroupEgress" : [{
         "IpProtocol" : "tcp",
         "FromPort" : "80",
         "ToPort" : "80",
         "CidrIp" : "0.0.0.0/0"
      }]
   }
}     

See Also