CfnSecurityGroupEgressProps

class aws_cdk.aws_ec2.CfnSecurityGroupEgressProps(*, group_id, ip_protocol, cidr_ip=None, cidr_ipv6=None, description=None, destination_prefix_list_id=None, destination_security_group_id=None, from_port=None, to_port=None)

Bases: object

Properties for defining a CfnSecurityGroupEgress.

Parameters:

  • group_id (str) – The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

  • ip_protocol (str) – The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ). Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

  • cidr_ip (Optional[str]) – The IPv4 address range, in CIDR format. You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId . For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

  • cidr_ipv6 (Optional[str]) –

    The IPv6 address range, in CIDR format. You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId . For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

  • description (Optional[str]) – The description of an egress (outbound) security group rule. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

  • destination_prefix_list_id (Optional[str]) – The prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group. You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

  • destination_security_group_id (Optional[str]) – The ID of the security group. You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

  • from_port (Union[int, float, None]) – If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

  • to_port (Union[int, float, None]) – If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupegress.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ec2 as ec2

cfn_security_group_egress_props = ec2.CfnSecurityGroupEgressProps(
    group_id="groupId",
    ip_protocol="ipProtocol",

    # the properties below are optional
    cidr_ip="cidrIp",
    cidr_ipv6="cidrIpv6",
    description="description",
    destination_prefix_list_id="destinationPrefixListId",
    destination_security_group_id="destinationSecurityGroupId",
    from_port=123,
    to_port=123
)

Attributes

cidr_ip

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupegress.html#cfn-ec2-securitygroupegress-cidrip

cidr_ipv6

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupegress.html#cfn-ec2-securitygroupegress-cidripv6

description

The description of an egress (outbound) security group rule.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupegress.html#cfn-ec2-securitygroupegress-description

destination_prefix_list_id

The prefix list IDs for an AWS service.

This is the AWS service to access through a VPC endpoint from instances associated with the security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupegress.html#cfn-ec2-securitygroupegress-destinationprefixlistid

destination_security_group_id

The ID of the security group.

You must specify exactly one of the following: CidrIp , CidrIpv6 , DestinationPrefixListId , or DestinationSecurityGroupId .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupegress.html#cfn-ec2-securitygroupegress-destinationsecuritygroupid

from_port

If the protocol is TCP or UDP, this is the start of the port range.

If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupegress.html#cfn-ec2-securitygroupegress-fromport

group_id

The ID of the security group.

You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupegress.html#cfn-ec2-securitygroupegress-groupid

ip_protocol

//www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml>`_ ).

Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupegress.html#cfn-ec2-securitygroupegress-ipprotocol

Type:

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see `Protocol Numbers <https

Type:

//docs.aws.amazon.com/http

to_port

If the protocol is TCP or UDP, this is the end of the port range.

If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupegress.html#cfn-ec2-securitygroupegress-toport