aws-cdk-lib.aws_ec2.SecurityGroupProps

interface SecurityGroupProps

LanguageType name
.NETAmazon.CDK.AWS.EC2.SecurityGroupProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#SecurityGroupProps
Javasoftware.amazon.awscdk.services.ec2.SecurityGroupProps
Pythonaws_cdk.aws_ec2.SecurityGroupProps
TypeScript (source)aws-cdk-lib » aws_ec2 » SecurityGroupProps

Example

// Stack 1
declare const stack1: Stack;
declare const stack2: Stack;

const sg1 = new ec2.SecurityGroup(stack1, 'SG1', {
  allowAllOutbound: false, // if this is `true` then no egress rule will be created
  vpc,
});

// Stack 2
const sg2 = new ec2.SecurityGroup(stack2, 'SG2', {
  allowAllOutbound: false, // if this is `true` then no egress rule will be created
  vpc,
});

// `connections.allowTo` on `sg1` since we want the
// rules to be created in Stack1
sg1.connections.allowTo(sg2, ec2.Port.tcp(3333));

Properties

NameTypeDescription
vpcIVpcThe VPC in which to create the security group.
allowAllIpv6Outbound?booleanWhether to allow all outbound ipv6 traffic by default.
allowAllOutbound?booleanWhether to allow all outbound traffic by default.
description?stringA description of the security group.
disableInlineRules?booleanWhether to disable inline ingress and egress rule optimization.
securityGroupName?stringThe name of the security group.

vpc

Type: IVpc

The VPC in which to create the security group.


allowAllIpv6Outbound?

Type: boolean (optional, default: false)

Whether to allow all outbound ipv6 traffic by default.

If this is set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If this is set to false, no outbound traffic will be allowed by default and all egress ipv6 traffic must be explicitly authorized.

To allow all ipv4 traffic use allowAllOutbound


allowAllOutbound?

Type: boolean (optional, default: true)

Whether to allow all outbound traffic by default.

If this is set to true, there will only be a single egress rule which allows all outbound traffic. If this is set to false, no outbound traffic will be allowed by default and all egress traffic must be explicitly authorized.

To allow all ipv6 traffic use allowAllIpv6Outbound


description?

Type: string (optional, default: The default name will be the construct's CDK path.)

A description of the security group.


disableInlineRules?

Type: boolean (optional, default: false)

Whether to disable inline ingress and egress rule optimization.

If this is set to true, ingress and egress rules will not be declared under the SecurityGroup in cloudformation, but will be separate elements.

Inlining rules is an optimization for producing smaller stack templates. Sometimes this is not desirable, for example when security group access is managed via tags.

The default value can be overriden globally by setting the context variable '@aws-cdk/aws-ec2.securityGroupDisableInlineRules'.


securityGroupName?

Type: string (optional, default: If you don't specify a GroupName, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.)

The name of the security group.

For valid values, see the GroupName parameter of the CreateSecurityGroup action in the Amazon EC2 API Reference.

It is not recommended to use an explicit group name.