aws-cdk-lib.aws_ec2.CfnSecurityGroupIngressProps

interface CfnSecurityGroupIngressProps

LanguageType name
.NETAmazon.CDK.AWS.EC2.CfnSecurityGroupIngressProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#CfnSecurityGroupIngressProps
Javasoftware.amazon.awscdk.services.ec2.CfnSecurityGroupIngressProps
Pythonaws_cdk.aws_ec2.CfnSecurityGroupIngressProps
TypeScript aws-cdk-lib » aws_ec2 » CfnSecurityGroupIngressProps

Properties for defining a CfnSecurityGroupIngress.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_ec2 as ec2 } from 'aws-cdk-lib';
const cfnSecurityGroupIngressProps: ec2.CfnSecurityGroupIngressProps = {
  ipProtocol: 'ipProtocol',

  // the properties below are optional
  cidrIp: 'cidrIp',
  cidrIpv6: 'cidrIpv6',
  description: 'description',
  fromPort: 123,
  groupId: 'groupId',
  groupName: 'groupName',
  sourcePrefixListId: 'sourcePrefixListId',
  sourceSecurityGroupId: 'sourceSecurityGroupId',
  sourceSecurityGroupName: 'sourceSecurityGroupName',
  sourceSecurityGroupOwnerId: 'sourceSecurityGroupOwnerId',
  toPort: 123,
};

Properties

NameTypeDescription
ipProtocolstringThe IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).
cidrIp?stringThe IPv4 address range, in CIDR format.
cidrIpv6?stringThe IPv6 address range, in CIDR format.
description?stringUpdates the description of an ingress (inbound) security group rule.
fromPort?numberThe start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.
groupId?stringThe ID of the security group.
groupName?stringThe name of the security group.
sourcePrefixListId?stringThe ID of a prefix list.
sourceSecurityGroupId?stringThe ID of the security group.
sourceSecurityGroupName?string[Default VPC] The name of the source security group.
sourceSecurityGroupOwnerId?string[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account.
toPort?numberThe end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

ipProtocol

Type: string

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.


cidrIp?

Type: string (optional)

The IPv4 address range, in CIDR format.

You must specify a source security group ( SourcePrefixListId or SourceSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .


cidrIpv6?

Type: string (optional)

The IPv6 address range, in CIDR format.

You must specify a source security group ( SourcePrefixListId or SourceSecurityGroupId ) or a CIDR range ( CidrIp or CidrIpv6 ).

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .


description?

Type: string (optional)

Updates the description of an ingress (inbound) security group rule.

You can replace an existing description, or add a description to a rule that did not have one previously.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*


fromPort?

Type: number (optional)

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Use this for ICMP and any protocol that uses ports.


groupId?

Type: string (optional)

The ID of the security group.


groupName?

Type: string (optional)

The name of the security group.

Constraints: Up to 255 characters in length. Cannot start with sg- .

Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*


sourcePrefixListId?

Type: string (optional)

The ID of a prefix list.


sourceSecurityGroupId?

Type: string (optional)

The ID of the security group.

You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID.


sourceSecurityGroupName?

Type: string (optional)

[Default VPC] The name of the source security group.

You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

For security groups in a nondefault VPC, you must specify the group ID.


sourceSecurityGroupOwnerId?

Type: string (optional)

[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account.

You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify SourceSecurityGroupOwnerId ; otherwise, this property is optional.


toPort?

Type: number (optional)

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Use this for ICMP and any protocol that uses ports.