AWS CloudFormation
User Guide (API Version 2010-05-15)
AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource Types Reference » AWS::EC2::SecurityGroup
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

AWS::EC2::SecurityGroup

Creates an Amazon EC2 security group. To create a VPC security group, use the VpcId property.

This type supports updates. For more information about updating stacks, see Updating AWS CloudFormation Stacks.

Syntax

{
   "Type" : "AWS::EC2::SecurityGroup",
   "Properties" :
   {
      "GroupDescription" : String,
      "SecurityGroupEgress" : [ Security Group Rule, ... ],
      "SecurityGroupIngress" : [ Security Group Rule, ... ],
      "VpcId" : String
   }
}

Properties

GroupDescription

Description of the security group.

Type: String

Required: Yes

Update requires: replacement

SecurityGroupEgress

A list of EC2 security group egress rules.

Type: EC2 Security Group Rule

Required: No

Update requires: no interruption

SecurityGroupIngress

A list of EC2 security group ingress rules.

Type: EC2 Security Group Rule

Required: No

Update requires: no interruption

VpcId

The physical ID of the VPC. Can be obtained by using a reference to an AWS::EC2::VPC, such as: { "Ref" : "myVPC" }.

For more information about using the Ref function, see Ref.

Type: String

Required: Yes, for VPC security groups

Update requires: no interruption

Note

For more information about VPC security groups, go to Security Groups in the Amazon Virtual Private Cloud User Guide.

Return Values

Ref

When you specify an AWS::EC2::SecurityGroup type as an argument to the Ref function, AWS CloudFormation returns the value of the GroupName.

For more information about using the Ref function, see Ref.

Example

AWS::EC2::SecurityGroup exists as a top-level element inside an AWS CloudFormation template. Here's an example:

"InstanceSecurityGroup" : {
   "Type" : "AWS::EC2::SecurityGroup",
   "Properties" : {
      "GroupDescription" : "Allow http to client host",
      "VpcId" : {"Ref" : "myVPC"},
      "SecurityGroupIngress" : [{
            "IpProtocol" : "tcp",
            "FromPort" : "80",
            "ToPort" : "80",
            "CidrIp" : "0.0.0.0/0"
         }],
      "SecurityGroupEgress" : [{
         "IpProtocol" : "tcp",
         "FromPort" : "80",
         "ToPort" : "80",
         "CidrIp" : "0.0.0.0/0"
      }]
   }
}

See Also

Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...