interface ISecurityGroup
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.EC2.ISecurityGroup |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsec2#ISecurityGroup |
 Java | software.amazon.awscdk.services.ec2.ISecurityGroup |
 Python | aws_cdk.aws_ec2.ISecurityGroup |
 TypeScript (source) | aws-cdk-lib » aws_ec2 » ISecurityGroup |
Implemented by
Security
Obtainable from
Security.fromLookupById(), Security.fromLookupByName(), Security.fromSecurityGroupId()
Interface for security group-like objects.
Properties
| Name | Type | Description |
|---|---|---|
| allow | boolean | Whether the SecurityGroup has been configured to allow all outbound traffic. |
| can | boolean | Whether the rule can be inlined into a SecurityGroup or not. |
| connections | Connections | The network connections associated with this resource. |
| env | Resource | The environment this resource belongs to. |
| node | Node | The tree node. |
| security | string | ID for the current security group. |
| stack | Stack | The stack in which this resource is defined. |
| unique | string | A unique identifier for this connection peer. |
allowAllOutbound
Type:
boolean
Whether the SecurityGroup has been configured to allow all outbound traffic.
canInlineRule
Type:
boolean
Whether the rule can be inlined into a SecurityGroup or not.
connections
Type:
Connections
The network connections associated with this resource.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
securityGroupId
Type:
string
ID for the current security group.
stack
Type:
Stack
The stack in which this resource is defined.
uniqueId
Type:
string
A unique identifier for this connection peer.
Methods
| Name | Description |
|---|---|
| add | Add an egress rule for the current security group. |
| add | Add an ingress rule for the current security group. |
| apply | Apply the given removal policy to this resource. |
| to | Produce the egress rule JSON for the given connection. |
| to | Produce the ingress rule JSON for the given connection. |
addEgressRule(peer, connection, description?, remoteRule?)
public addEgressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void
Parameters
Add an egress rule for the current security group.
remoteRule controls where the Rule object is created if the peer is also a
securityGroup and they are in different stack. If false (default) the
rule object is created under the current SecurityGroup object. If true and the
peer is also a SecurityGroup, the rule object is created under the remote
SecurityGroup object.
addIngressRule(peer, connection, description?, remoteRule?)
public addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void
Parameters
Add an ingress rule for the current security group.
remoteRule controls where the Rule object is created if the peer is also a
securityGroup and they are in different stack. If false (default) the
rule object is created under the current SecurityGroup object. If true and the
peer is also a SecurityGroup, the rule object is created under the remote
SecurityGroup object.
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
toEgressRuleConfig()
public toEgressRuleConfig(): any
Returns
any
Produce the egress rule JSON for the given connection.
toIngressRuleConfig()
public toIngressRuleConfig(): any
Returns
any
Produce the ingress rule JSON for the given connection.