CfnSecurityGroupEgressProps

class aws_cdk.aws_ec2.CfnSecurityGroupEgressProps(*, group_id, ip_protocol, cidr_ip=None, cidr_ipv6=None, description=None, destination_prefix_list_id=None, destination_security_group_id=None, from_port=None, to_port=None)

Bases: object

Properties for defining a CfnSecurityGroupEgress.

Parameters

  • group_id (str) – The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

  • ip_protocol (str) – The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ). [VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

  • cidr_ip (Optional[str]) – The IPv4 address range, in CIDR format. You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

  • cidr_ipv6 (Optional[str]) – The IPv6 address range, in CIDR format. You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

  • description (Optional[str]) – The description of an egress (outbound) security group rule.

  • destination_prefix_list_id (Optional[str]) – [EC2-VPC only] The prefix list IDs for an AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group. You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

  • destination_security_group_id (Optional[str]) – The ID of the security group. You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

  • from_port (Union[int, float, None]) – The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

  • to_port (Union[int, float, None]) – The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html

ExampleMetadata

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_ec2 as ec2

cfn_security_group_egress_props = ec2.CfnSecurityGroupEgressProps(
    group_id="groupId",
    ip_protocol="ipProtocol",

    # the properties below are optional
    cidr_ip="cidrIp",
    cidr_ipv6="cidrIpv6",
    description="description",
    destination_prefix_list_id="destinationPrefixListId",
    destination_security_group_id="destinationSecurityGroupId",
    from_port=123,
    to_port=123
)

Attributes

cidr_ip

The IPv4 address range, in CIDR format.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-cidrip

Return type

Optional[str]

cidr_ipv6

The IPv6 address range, in CIDR format.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-cidripv6

Return type

Optional[str]

description

The description of an egress (outbound) security group rule.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-description

Return type

Optional[str]

destination_prefix_list_id

[EC2-VPC only] The prefix list IDs for an AWS service.

This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-destinationprefixlistid

Return type

Optional[str]

destination_security_group_id

The ID of the security group.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-destinationsecuritygroupid

Return type

Optional[str]

from_port

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-fromport

Return type

Union[int, float, None]

group_id

The ID of the security group.

You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-groupid

Return type

str

ip_protocol

//www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml>`_ ).

[VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-ipprotocol

Type

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see `Protocol Numbers <https

Type

//docs.aws.amazon.com/http

Return type

str

to_port

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html#cfn-ec2-securitygroupegress-toport

Return type

Union[int, float, None]