CfnSecurityGroupIngressProps

class aws_cdk.aws_ec2.CfnSecurityGroupIngressProps(*, ip_protocol, cidr_ip=None, cidr_ipv6=None, description=None, from_port=None, group_id=None, group_name=None, source_prefix_list_id=None, source_security_group_id=None, source_security_group_name=None, source_security_group_owner_id=None, to_port=None)

Bases: object

Properties for defining a CfnSecurityGroupIngress.

Parameters:
  • ip_protocol (str) – The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ). Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

  • cidr_ip (Optional[str]) – The IPv4 address range, in CIDR format. You must specify a source security group ( SourcePrefixListId or SourceSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ). For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

  • cidr_ipv6 (Optional[str]) –

    The IPv6 address range, in CIDR format. You must specify a source security group ( SourcePrefixListId or SourceSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ). For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

  • description (Optional[str]) – Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

  • from_port (Union[int, float, None]) – The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes. Use this for ICMP and any protocol that uses ports.

  • group_id (Optional[str]) – The ID of the security group.

  • group_name (Optional[str]) – The name of the security group. Constraints: Up to 255 characters in length. Cannot start with sg- . Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

  • source_prefix_list_id (Optional[str]) – The ID of a prefix list.

  • source_security_group_id (Optional[str]) – The ID of the security group. You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID.

  • source_security_group_name (Optional[str]) – [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can’t specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access. For security groups in a nondefault VPC, you must specify the group ID.

  • source_security_group_owner_id (Optional[str]) – [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can’t specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access. If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify SourceSecurityGroupOwnerId ; otherwise, this property is optional.

  • to_port (Union[int, float, None]) – The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes. Use this for ICMP and any protocol that uses ports.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_ec2 as ec2

cfn_security_group_ingress_props = ec2.CfnSecurityGroupIngressProps(
    ip_protocol="ipProtocol",

    # the properties below are optional
    cidr_ip="cidrIp",
    cidr_ipv6="cidrIpv6",
    description="description",
    from_port=123,
    group_id="groupId",
    group_name="groupName",
    source_prefix_list_id="sourcePrefixListId",
    source_security_group_id="sourceSecurityGroupId",
    source_security_group_name="sourceSecurityGroupName",
    source_security_group_owner_id="sourceSecurityGroupOwnerId",
    to_port=123
)

Attributes

cidr_ip

The IPv4 address range, in CIDR format.

You must specify a source security group ( SourcePrefixListId or SourceSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-cidrip

cidr_ipv6

The IPv6 address range, in CIDR format.

You must specify a source security group ( SourcePrefixListId or SourceSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-cidripv6

description

Updates the description of an ingress (inbound) security group rule.

You can replace an existing description, or add a description to a rule that did not have one previously.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-description

from_port

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Use this for ICMP and any protocol that uses ports.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-fromport

group_id

The ID of the security group.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-groupid

group_name

The name of the security group.

Constraints: Up to 255 characters in length. Cannot start with sg- .

Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-groupname

ip_protocol

//www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml>`_ ).

Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-ipprotocol

Type:

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see `Protocol Numbers <https

Type:

//docs.aws.amazon.com/http

source_prefix_list_id

The ID of a prefix list.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-sourceprefixlistid

source_security_group_id

The ID of the security group.

You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-sourcesecuritygroupid

source_security_group_name

[Default VPC] The name of the source security group.

You must specify either the security group ID or the security group name. You can’t specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

For security groups in a nondefault VPC, you must specify the group ID.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-sourcesecuritygroupname

source_security_group_owner_id

[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account.

You can’t specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify SourceSecurityGroupOwnerId ; otherwise, this property is optional.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-sourcesecuritygroupownerid

to_port

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Use this for ICMP and any protocol that uses ports.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html#cfn-ec2-securitygroupingress-toport