Resource Type definition for AWS::EC2::SecurityGroupIngress
Usage example for the ingress rule resource for both IPv4 and IPv6.
resource "awscc_ec2_security_group_ingress" "allow_tls_ipv4" {
group_id = awscc_ec2_security_group.allow_tls.id
cidr_ip = awscc_ec2_vpc.selected.cidr_block
from_port = 443
ip_protocol = "tcp"
to_port = 443
description = "inbound rule to allow traffic over 443"
}
resource "awscc_ec2_security_group_ingress" "allow_tls_ipv6" {
group_id = awscc_ec2_security_group.allow_tls.id
cidr_ipv_6 = awscc_ec2_vpc_cidr_block.selected.ipv_6_cidr_block
from_port = 443
ip_protocol = "tcp"
to_port = 443
description = "inbound rule to allow traffic over 443"
}
resource "awscc_ec2_security_group" "allow_tls" {
group_description = "Allow TLS inbound traffic and all outbound traffic"
vpc_id = awscc_ec2_vpc.selected.id
tags = [
{
key = "Name"
value = "allow_tls"
}
]
}
resource "awscc_ec2_vpc_cidr_block" "selected" {
amazon_provided_ipv_6_cidr_block = true
vpc_id = awscc_ec2_vpc.selected.id
}
resource "awscc_ec2_vpc" "selected" {
cidr_block = "10.0.0.0/16"
}
ip_protocol
(String) The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).[VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
cidr_ip
(String) The IPv4 rangescidr_ipv_6
(String) [VPC only] The IPv6 rangesdescription
(String) Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previouslyfrom_port
(Number) The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.Use this for ICMP and any protocol that uses ports.
group_id
(String) The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property.
group_name
(String) The name of the security group.source_prefix_list_id
(String) [EC2-VPC only] The ID of a prefix list.source_security_group_id
(String) The ID of the security group. You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID.source_security_group_name
(String) [EC2-Classic, default VPC] The name of the source security group.You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property.
source_security_group_owner_id
(String) [nondefault VPC] The AWS account ID that owns the source security group. You can't specify this property with an IP address range.If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId; otherwise, this property is optional.
to_port
(Number) The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes.Use this for ICMP and any protocol that uses ports.
id
(String) Uniquely identifies the resource.security_group_ingress_id
(String) The Security Group Rule IdImport is supported using the following syntax:
$ terraform import awscc_ec2_security_group_ingress.example <resource ID>