interface ISecurityGroup
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.EC2.ISecurityGroup |
Java | software.amazon.awscdk.services.ec2.ISecurityGroup |
Python | aws_cdk.aws_ec2.ISecurityGroup |
TypeScript (source) | @aws-cdk/aws-ec2 » ISecurityGroup |
Implemented by
Security
Obtainable from
Security
.fromLookup()
, Security
.fromLookupById()
, Security
.fromLookupByName()
, Security
.fromSecurityGroupId()
Interface for security group-like objects.
Properties
Name | Type | Description |
---|---|---|
allow | boolean | Whether the SecurityGroup has been configured to allow all outbound traffic. |
can | boolean | Whether the rule can be inlined into a SecurityGroup or not. |
connections | Connections | The network connections associated with this resource. |
env | Resource | The environment this resource belongs to. |
node | Construct | The construct tree node for this construct. |
security | string | ID for the current security group. |
stack | Stack | The stack in which this resource is defined. |
unique | string | A unique identifier for this connection peer. |
allowAllOutbound
Type:
boolean
Whether the SecurityGroup has been configured to allow all outbound traffic.
canInlineRule
Type:
boolean
Whether the rule can be inlined into a SecurityGroup or not.
connections
Type:
Connections
The network connections associated with this resource.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Construct
The construct tree node for this construct.
securityGroupId
Type:
string
ID for the current security group.
stack
Type:
Stack
The stack in which this resource is defined.
uniqueId
Type:
string
A unique identifier for this connection peer.
Methods
Name | Description |
---|---|
add | Add an egress rule for the current security group. |
add | Add an ingress rule for the current security group. |
apply | Apply the given removal policy to this resource. |
to | Produce the egress rule JSON for the given connection. |
to | Produce the ingress rule JSON for the given connection. |
EgressRule(peer, connection, description?, remoteRule?)
addpublic addEgressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void
Parameters
Add an egress rule for the current security group.
remoteRule
controls where the Rule object is created if the peer is also a
securityGroup and they are in different stack. If false (default) the
rule object is created under the current SecurityGroup object. If true and the
peer is also a SecurityGroup, the rule object is created under the remote
SecurityGroup object.
IngressRule(peer, connection, description?, remoteRule?)
addpublic addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void
Parameters
Add an ingress rule for the current security group.
remoteRule
controls where the Rule object is created if the peer is also a
securityGroup and they are in different stack. If false (default) the
rule object is created under the current SecurityGroup object. If true and the
peer is also a SecurityGroup, the rule object is created under the remote
SecurityGroup object.
RemovalPolicy(policy)
applypublic applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
Removal
Policy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
EgressRuleConfig()
topublic toEgressRuleConfig(): any
Returns
any
Produce the egress rule JSON for the given connection.
IngressRuleConfig()
topublic toIngressRuleConfig(): any
Returns
any
Produce the ingress rule JSON for the given connection.