aws-cdk-lib.aws_ec2.CfnSecurityGroupEgressProps

interface CfnSecurityGroupEgressProps

LanguageType name
.NETAmazon.CDK.AWS.EC2.CfnSecurityGroupEgressProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#CfnSecurityGroupEgressProps
Javasoftware.amazon.awscdk.services.ec2.CfnSecurityGroupEgressProps
Pythonaws_cdk.aws_ec2.CfnSecurityGroupEgressProps
TypeScript aws-cdk-lib » aws_ec2 » CfnSecurityGroupEgressProps

Properties for defining a CfnSecurityGroupEgress.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_ec2 as ec2 } from 'aws-cdk-lib';
const cfnSecurityGroupEgressProps: ec2.CfnSecurityGroupEgressProps = {
  groupId: 'groupId',
  ipProtocol: 'ipProtocol',

  // the properties below are optional
  cidrIp: 'cidrIp',
  cidrIpv6: 'cidrIpv6',
  description: 'description',
  destinationPrefixListId: 'destinationPrefixListId',
  destinationSecurityGroupId: 'destinationSecurityGroupId',
  fromPort: 123,
  toPort: 123,
};

Properties

NameTypeDescription
groupIdstringThe ID of the security group.
ipProtocolstringThe IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).
cidrIp?stringThe IPv4 address range, in CIDR format.
cidrIpv6?stringThe IPv6 address range, in CIDR format.
description?stringThe description of an egress (outbound) security group rule.
destinationPrefixListId?stringThe prefix list IDs for an AWS service.
destinationSecurityGroupId?stringThe ID of the security group.
fromPort?numberIf the protocol is TCP or UDP, this is the start of the port range.
toPort?numberIf the protocol is TCP or UDP, this is the end of the port range.

groupId

Type: string

The ID of the security group.

You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.


ipProtocol

Type: string

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.


cidrIp?

Type: string (optional)

The IPv4 address range, in CIDR format.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .


cidrIpv6?

Type: string (optional)

The IPv6 address range, in CIDR format.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .


description?

Type: string (optional)

The description of an egress (outbound) security group rule.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*


destinationPrefixListId?

Type: string (optional)

The prefix list IDs for an AWS service.

This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).


destinationSecurityGroupId?

Type: string (optional)

The ID of the security group.

You must specify a destination security group ( DestinationPrefixListId or DestinationSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).


fromPort?

Type: number (optional)

If the protocol is TCP or UDP, this is the start of the port range.

If the protocol is ICMP or ICMPv6, this is the type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.


toPort?

Type: number (optional)

If the protocol is TCP or UDP, this is the end of the port range.

If the protocol is ICMP or ICMPv6, this is the code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.