CfnSecurityGroupIngressProps
- class aws_cdk.aws_ec2.CfnSecurityGroupIngressProps(*, ip_protocol, cidr_ip=None, cidr_ipv6=None, description=None, from_port=None, group_id=None, group_name=None, source_prefix_list_id=None, source_security_group_id=None, source_security_group_name=None, source_security_group_owner_id=None, to_port=None)
Bases:
object
Properties for defining a
CfnSecurityGroupIngress
.- Parameters:
ip_protocol (
str
) – The IP protocol name (tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ). Use-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.cidr_ip (
Optional
[str
]) – The IPv4 address range, in CIDR format. You must specify exactly one of the following:CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .cidr_ipv6 (
Optional
[str
]) –The IPv6 address range, in CIDR format. You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .description (
Optional
[str
]) – Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*from_port (
Union
[int
,float
,None
]) – The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of-1
indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes. Use this for ICMP and any protocol that uses ports.group_id (
Optional
[str
]) – The ID of the security group.group_name (
Optional
[str
]) – The name of the security group. Constraints: Up to 255 characters in length. Cannot start withsg-
. Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*source_prefix_list_id (
Optional
[str
]) – The ID of a prefix list.source_security_group_id (
Optional
[str
]) – The ID of the security group. You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID.source_security_group_name (
Optional
[str
]) – [Default VPC] The name of the source security group. You must specify either the security group ID or the security group name. You can’t specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access. For security groups in a nondefault VPC, you must specify the group ID.source_security_group_owner_id (
Optional
[str
]) – [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can’t specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access. If you specifySourceSecurityGroupName
orSourceSecurityGroupId
and that security group is owned by a different account than the account creating the stack, you must specifySourceSecurityGroupOwnerId
; otherwise, this property is optional.to_port (
Union
[int
,float
,None
]) – The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of-1
indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes. Use this for ICMP and any protocol that uses ports.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_ec2 as ec2 cfn_security_group_ingress_props = ec2.CfnSecurityGroupIngressProps( ip_protocol="ipProtocol", # the properties below are optional cidr_ip="cidrIp", cidr_ipv6="cidrIpv6", description="description", from_port=123, group_id="groupId", group_name="groupName", source_prefix_list_id="sourcePrefixListId", source_security_group_id="sourceSecurityGroupId", source_security_group_name="sourceSecurityGroupName", source_security_group_owner_id="sourceSecurityGroupOwnerId", to_port=123 )
Attributes
- cidr_ip
The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- cidr_ipv6
The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,SourcePrefixListId
, orSourceSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- description
Updates the description of an ingress (inbound) security group rule.
You can replace an existing description, or add a description to a rule that did not have one previously.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- from_port
The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.
A value of
-1
indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.Use this for ICMP and any protocol that uses ports.
- group_id
The ID of the security group.
- group_name
The name of the security group.
Constraints: Up to 255 characters in length. Cannot start with
sg-
.Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
- ip_protocol
//www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml>`_ ).
Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- See:
- Type:
The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see `Protocol Numbers <https- Type:
//docs.aws.amazon.com/http
- source_prefix_list_id
The ID of a prefix list.
- source_security_group_id
The ID of the security group.
You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID.
- source_security_group_name
[Default VPC] The name of the source security group.
You must specify either the security group ID or the security group name. You can’t specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
For security groups in a nondefault VPC, you must specify the group ID.
- source_security_group_owner_id
[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account.
You can’t specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
If you specify
SourceSecurityGroupName
orSourceSecurityGroupId
and that security group is owned by a different account than the account creating the stack, you must specifySourceSecurityGroupOwnerId
; otherwise, this property is optional.
- to_port
The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.
A value of
-1
indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes.Use this for ICMP and any protocol that uses ports.