CfnSecurityGroupEgressProps
- class aws_cdk.aws_ec2.CfnSecurityGroupEgressProps(*, group_id, ip_protocol, cidr_ip=None, cidr_ipv6=None, description=None, destination_prefix_list_id=None, destination_security_group_id=None, from_port=None, to_port=None)
Bases:
object
Properties for defining a
CfnSecurityGroupEgress
.- Parameters:
group_id (
str
) – The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.ip_protocol (
str
) – The IP protocol name (tcp
,udp
,icmp
,icmpv6
) or number (see Protocol Numbers ). Use-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.cidr_ip (
Optional
[str
]) – The IPv4 address range, in CIDR format. You must specify exactly one of the following:CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .cidr_ipv6 (
Optional
[str
]) –The IPv6 address range, in CIDR format. You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
. For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .description (
Optional
[str
]) – The description of an egress (outbound) security group rule. Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*destination_prefix_list_id (
Optional
[str
]) – The prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group. You must specify exactly one of the following:CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.destination_security_group_id (
Optional
[str
]) – The ID of the security group. You must specify exactly one of the following:CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.from_port (
Union
[int
,float
,None
]) – If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).to_port (
Union
[int
,float
,None
]) – If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_ec2 as ec2 cfn_security_group_egress_props = ec2.CfnSecurityGroupEgressProps( group_id="groupId", ip_protocol="ipProtocol", # the properties below are optional cidr_ip="cidrIp", cidr_ipv6="cidrIpv6", description="description", destination_prefix_list_id="destinationPrefixListId", destination_security_group_id="destinationSecurityGroupId", from_port=123, to_port=123 )
Attributes
- cidr_ip
The IPv4 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- cidr_ipv6
The IPv6 address range, in CIDR format.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
- description
The description of an egress (outbound) security group rule.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
- destination_prefix_list_id
The prefix list IDs for an AWS service.
This is the AWS service to access through a VPC endpoint from instances associated with the security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.
- destination_security_group_id
The ID of the security group.
You must specify exactly one of the following:
CidrIp
,CidrIpv6
,DestinationPrefixListId
, orDestinationSecurityGroupId
.
- from_port
If the protocol is TCP or UDP, this is the start of the port range.
If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
- group_id
The ID of the security group.
You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
- ip_protocol
//www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml>`_ ).
Use
-1
to specify all protocols. When authorizing security group rules, specifying-1
or a protocol number other thantcp
,udp
,icmp
, oricmpv6
allows traffic on all ports, regardless of any port range you specify. Fortcp
,udp
, andicmp
, you must specify a port range. Foricmpv6
, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.- See:
- Type:
The IP protocol name (
tcp
,udp
,icmp
,icmpv6
) or number (see `Protocol Numbers <https- Type:
//docs.aws.amazon.com/http
- to_port
If the protocol is TCP or UDP, this is the end of the port range.
If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).