awscc_ec2_security_group_ingress (Resource)

Resource Type definition for AWS::EC2::SecurityGroupIngress

Example Usage

Usage example for the ingress rule resource for both IPv4 and IPv6.

resource "awscc_ec2_security_group_ingress" "allow_tls_ipv4" {
  group_id    = awscc_ec2_security_group.allow_tls.id
  cidr_ip     = awscc_ec2_vpc.selected.cidr_block
  from_port   = 443
  ip_protocol = "tcp"
  to_port     = 443
  description = "inbound rule to allow traffic over 443"
}

resource "awscc_ec2_security_group_ingress" "allow_tls_ipv6" {
  group_id    = awscc_ec2_security_group.allow_tls.id
  cidr_ipv_6  = awscc_ec2_vpc_cidr_block.selected.ipv_6_cidr_block
  from_port   = 443
  ip_protocol = "tcp"
  to_port     = 443
  description = "inbound rule to allow traffic over 443"
}

resource "awscc_ec2_security_group" "allow_tls" {
  group_description = "Allow TLS inbound traffic and all outbound traffic"
  vpc_id            = awscc_ec2_vpc.selected.id

  tags = [
    {
      key   = "Name"
      value = "allow_tls"
    }
  ]
}

resource "awscc_ec2_vpc_cidr_block" "selected" {
  amazon_provided_ipv_6_cidr_block = true
  vpc_id                           = awscc_ec2_vpc.selected.id
}

resource "awscc_ec2_vpc" "selected" {
  cidr_block = "10.0.0.0/16"
}

Schema

Required

[VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

Optional

Use this for ICMP and any protocol that uses ports.

You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property.

You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property.

If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId; otherwise, this property is optional.

Use this for ICMP and any protocol that uses ports.

Read-Only

Import

Import is supported using the following syntax:

$ terraform import awscc_ec2_security_group_ingress.example <resource ID>