Interface CfnSecurityGroup.EgressProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnSecurityGroup.EgressProperty.Jsii$Proxy
- Enclosing class:
CfnSecurityGroup
An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC.
You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.
You must specify only one of the following properties: CidrIp
, CidrIpv6
, DestinationPrefixListId
, or DestinationSecurityGroupId
.
You must specify a destination security group ( DestinationPrefixListId
or DestinationSecurityGroupId
) or a CIDR range ( CidrIp
or CidrIpv6
). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group.
Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.
For more information about VPC security group limits, see Amazon VPC Limits .
Use SecurityGroup.Ingress
and SecurityGroup.Egress
only when necessary, typically to allow security groups to reference each other in ingress and egress rules. Otherwise, use the embedded ingress and egress rules of the security group. For more information, see Amazon EC2 Security Groups .
The EC2 Security Group Rule is an embedded property of the AWS::EC2::SecurityGroup
type.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.ec2.*; EgressProperty egressProperty = EgressProperty.builder() .ipProtocol("ipProtocol") // the properties below are optional .cidrIp("cidrIp") .cidrIpv6("cidrIpv6") .description("description") .destinationPrefixListId("destinationPrefixListId") .destinationSecurityGroupId("destinationSecurityGroupId") .fromPort(123) .toPort(123) .build();
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forCfnSecurityGroup.EgressProperty
static final class
An implementation forCfnSecurityGroup.EgressProperty
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
default String
The IPv4 address range, in CIDR format.default String
The IPv6 address range, in CIDR format.default String
A description for the security group rule.default String
The prefix list IDs for the destination AWS service.default String
The ID of the destination VPC security group.default Number
If the protocol is TCP or UDP, this is the start of the port range.default Number
If the protocol is TCP or UDP, this is the end of the port range.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getIpProtocol
The IP protocol name (tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ).Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed. -
getCidrIp
The IPv4 address range, in CIDR format.You must specify a destination security group (
DestinationPrefixListId
orDestinationSecurityGroupId
) or a CIDR range (CidrIp
orCidrIpv6
).For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
-
getCidrIpv6
The IPv6 address range, in CIDR format.You must specify a destination security group (
DestinationPrefixListId
orDestinationSecurityGroupId
) or a CIDR range (CidrIp
orCidrIpv6
).For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
-
getDescription
A description for the security group rule.Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
-
getDestinationPrefixListId
The prefix list IDs for the destination AWS service.This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.
You must specify a destination security group (
DestinationPrefixListId
orDestinationSecurityGroupId
) or a CIDR range (CidrIp
orCidrIpv6
). -
getDestinationSecurityGroupId
The ID of the destination VPC security group.You must specify a destination security group (
DestinationPrefixListId
orDestinationSecurityGroupId
) or a CIDR range (CidrIp
orCidrIpv6
). -
getFromPort
If the protocol is TCP or UDP, this is the start of the port range.If the protocol is ICMP or ICMPv6, this is the type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
-
getToPort
If the protocol is TCP or UDP, this is the end of the port range.If the protocol is ICMP or ICMPv6, this is the code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
-
builder
-