CfnSecurityGroupEgressProps¶

class aws_cdk.aws_ec2.CfnSecurityGroupEgressProps(*, group_id, ip_protocol, cidr_ip=None, cidr_ipv6=None, description=None, destination_prefix_list_id=None, destination_security_group_id=None, from_port=None, to_port=None)¶

Bases: object

Properties for defining a CfnSecurityGroupEgress.

Parameters

group_id (str) – The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
ip_protocol (str) – The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ). [VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
cidr_ip (Optional[str]) – The IPv4 address range, in CIDR format. You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ). For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
cidr_ipv6 (Optional[str]) –
The IPv6 address range, in CIDR format. You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ). For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
description (Optional[str]) – The description of an egress (outbound) security group rule. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
destination_prefix_list_id (Optional[str]) – [EC2-VPC only] The prefix list IDs for an AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group. You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).
destination_security_group_id (Optional[str]) – The ID of the security group. You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).
from_port (Union[int, float, None]) – The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.
to_port (Union[int, float, None]) – The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html

ExampleMetadata

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_ec2 as ec2

cfn_security_group_egress_props = ec2.CfnSecurityGroupEgressProps(
    group_id="groupId",
    ip_protocol="ipProtocol",

    # the properties below are optional
    cidr_ip="cidrIp",
    cidr_ipv6="cidrIpv6",
    description="description",
    destination_prefix_list_id="destinationPrefixListId",
    destination_security_group_id="destinationSecurityGroupId",
    from_port=123,
    to_port=123
)

Attributes

cidr_ip¶

The IPv4 address range, in CIDR format.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-cidrip
Return type: Optional[str]

cidr_ipv6¶

The IPv6 address range, in CIDR format.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-cidripv6
Return type: Optional[str]

description¶

The description of an egress (outbound) security group rule.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-description
Return type: Optional[str]

destination_prefix_list_id¶

[EC2-VPC only] The prefix list IDs for an AWS service.

This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-destinationprefixlistid
Return type: Optional[str]

destination_security_group_id¶

The ID of the security group.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-destinationsecuritygroupid
Return type: Optional[str]

from_port¶

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-fromport
Return type: Union[int, float, None]

group_id¶

The ID of the security group.

You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-groupid
Return type: str

ip_protocol¶

//www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml>`_ ).

[VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-ipprotocol
Type: The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see `Protocol Numbers <https
Type: //docs.aws.amazon.com/http
Return type: str

to_port¶

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-toport
Return type: Union[int, float, None]