Security
Manages an outbound (egress) rule for a security group. When specifying an outbound rule for your security group in a VPC, the configuration must include a destination for the traffic.
NOTE on Security Groups and Security Group Rules: this provider currently provides a Security Group resource with
ingressandegressrules defined in-line and a Security Group Rule resource which manages one or moreingressoregressrules. Both of these resource were added before AWS assigned a security group rule unique ID, and they do not work well in all scenarios using thedescriptionandtagsattributes, which rely on the unique ID. Theaws.vpc.SecurityGroupEgressRuleresource has been added to address these limitations and should be used for all new security group rules. You should not use theaws.vpc.SecurityGroupEgressRuleresource in conjunction with anaws.ec2.SecurityGroupresource with in-line rules or withaws.ec2.SecurityGroupRuleresources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.vpc.SecurityGroupEgressRule("example", {
securityGroupId: exampleAwsSecurityGroup.id,
cidrIpv4: "10.0.0.0/8",
fromPort: 80,
ipProtocol: "tcp",
toPort: 80,
});import pulumi
import pulumi_aws as aws
example = aws.vpc.SecurityGroupEgressRule("example",
security_group_id=example_aws_security_group["id"],
cidr_ipv4="10.0.0.0/8",
from_port=80,
ip_protocol="tcp",
to_port=80)using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Vpc.SecurityGroupEgressRule("example", new()
{
SecurityGroupId = exampleAwsSecurityGroup.Id,
CidrIpv4 = "10.0.0.0/8",
FromPort = 80,
IpProtocol = "tcp",
ToPort = 80,
});
});package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vpc.NewSecurityGroupEgressRule(ctx, "example", &vpc.SecurityGroupEgressRuleArgs{
SecurityGroupId: pulumi.Any(exampleAwsSecurityGroup.Id),
CidrIpv4: pulumi.String("10.0.0.0/8"),
FromPort: pulumi.Int(80),
IpProtocol: pulumi.String("tcp"),
ToPort: pulumi.Int(80),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.vpc.SecurityGroupEgressRule;
import com.pulumi.aws.vpc.SecurityGroupEgressRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new SecurityGroupEgressRule("example", SecurityGroupEgressRuleArgs.builder()
.securityGroupId(exampleAwsSecurityGroup.id())
.cidrIpv4("10.0.0.0/8")
.fromPort(80)
.ipProtocol("tcp")
.toPort(80)
.build());
}
}resources:
example:
type: aws:vpc:SecurityGroupEgressRule
properties:
securityGroupId: ${exampleAwsSecurityGroup.id}
cidrIpv4: 10.0.0.0/8
fromPort: 80
ipProtocol: tcp
toPort: 80Import
Using pulumi import, import security group egress rules using the security_group_rule_id. For example:
$ pulumi import aws:vpc/securityGroupEgressRule:SecurityGroupEgressRule example sgr-02108b27edd666983Constructors
Properties
The security group rule description.
The IP protocol name or number. Use -1 to specify all protocols. Note that if ip_protocol is set to -1, it translates to all protocols, all port ranges, and from_port and to_port values should not be defined.
The ID of the destination prefix list.
The destination security group that is referenced in the rule.
The ID of the security group.