awscc_ec2_security_group_egress (Resource)

Adds the specified outbound (egress) rule to a security group. An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see Security group rules. You must specify exactly one of the following destinations: an IPv4 address range, an IPv6 address range, a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1. Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.

Example Usage

Egress allow all

Usage example for the egress rule resource for both IPv4 and IPv6.

resource "awscc_ec2_security_group_egress" "allow_all_traffic_ipv4" {
  group_id    = awscc_ec2_security_group.allow_all.id
  cidr_ip     = "0.0.0.0/0"
  ip_protocol = "-1" # semantically equivalent to all ports
  description = "Outbound rule to allow all traffic"
}

resource "awscc_ec2_security_group_egress" "allow_all_traffic_ipv6" {
  group_id    = awscc_ec2_security_group.allow_all.id
  cidr_ipv_6  = "::/0"
  ip_protocol = "-1" # semantically equivalent to all ports
  description = "Outbound rule to allow all traffic"

}

resource "awscc_ec2_security_group" "allow_all" {
  group_description = "Allow all outbound traffic"
  vpc_id            = awscc_ec2_vpc.selected.id

  tags = [
    {
      key   = "Name"
      value = "allow_all"
    }
  ]
}

resource "awscc_ec2_vpc_cidr_block" "selected" {
  amazon_provided_ipv_6_cidr_block = true
  vpc_id                           = awscc_ec2_vpc.selected.id
}

resource "awscc_ec2_vpc" "selected" {
  cidr_block           = "10.0.0.0/16"
  enable_dns_hostnames = true
}

Egress allow by port

Usage example for the egress rule resource with ports specified.

resource "awscc_ec2_security_group_egress" "allow_https_traffic_ipv4" {
  group_id    = awscc_ec2_security_group.example.id
  cidr_ip     = "0.0.0.0/0"
  ip_protocol = "tcp"
  from_port   = 443
  to_port     = 443
  description = "Outbound rule to allow https traffic"
}

resource "awscc_ec2_security_group" "example" {
  group_description = "Example SG"
  vpc_id            = awscc_ec2_vpc.selected.id

  tags = [
    {
      key   = "Name"
      value = "example_sg"
    }
  ]
}

resource "awscc_ec2_vpc" "selected" {
  cidr_block = "10.0.0.0/16"
}

Schema

Required

Optional

Read-Only

Import

Import is supported using the following syntax:

$ terraform import awscc_ec2_security_group_egress.example <resource ID>