Class SecurityGroup
Provides a security group resource.
NOTE on Security Groups and Security Group Rules: This provider currently provides both a standalone Security Group Rule resource (a single
ingressoregressrule), and a Security Group resource withingressandegressrules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.
NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.
NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var allowTls = new Aws.Ec2.SecurityGroup("allowTls", new Aws.Ec2.SecurityGroupArgs
{
Description = "Allow TLS inbound traffic",
VpcId = aws_vpc.Main.Id,
Ingress =
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Description = "TLS from VPC",
FromPort = 443,
ToPort = 443,
Protocol = "tcp",
CidrBlocks = aws_vpc.Main.Cidr_block,
},
},
Egress =
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
FromPort = 0,
ToPort = 0,
Protocol = "-1",
CidrBlocks =
{
"0.0.0.0/0",
},
},
},
Tags =
{
{ "Name", "allow_tls" },
},
});
}
}
Usage with prefix list IDs
Prefix list IDs are managed by AWS internally. Prefix list IDs are associated with a prefix list name, or service name, that is linked to a specific region. Prefix list IDs are exported on VPC Endpoints, so you can use this format:
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
// ...
var myEndpoint = new Aws.Ec2.VpcEndpoint("myEndpoint", new Aws.Ec2.VpcEndpointArgs
{
});
}
}
Inherited Members
Namespace: Pulumi.Aws.Ec2
Assembly: Pulumi.Aws.dll
Syntax
public class SecurityGroup : CustomResourceConstructors
View SourceSecurityGroup(String, SecurityGroupArgs, CustomResourceOptions)
Create a SecurityGroup resource with the given unique name, arguments, and options.
Declaration
public SecurityGroup(string name, SecurityGroupArgs args = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| SecurityGroupArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceArn
The ARN of the security group
Declaration
public Output<string> Arn { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Description
Description of this egress rule.
Declaration
public Output<string> Description { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Egress
Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
Declaration
public Output<ImmutableArray<SecurityGroupEgress>> Egress { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<SecurityGroupEgress>> |
Ingress
Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
Declaration
public Output<ImmutableArray<SecurityGroupIngress>> Ingress { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<SecurityGroupIngress>> |
Name
The name of the security group. If omitted, this provider will assign a random, unique name
Declaration
public Output<string> Name { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
NamePrefix
Creates a unique name beginning with the specified
prefix. Conflicts with name.
Declaration
public Output<string> NamePrefix { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
OwnerId
The owner ID.
Declaration
public Output<string> OwnerId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
RevokeRulesOnDelete
Instruct this provider to revoke all of the
Security Groups attached ingress and egress rules before deleting the rule
itself. This is normally not needed, however certain AWS services such as
Elastic Map Reduce may automatically add required rules to security groups used
with the service, and those rules may contain a cyclic dependency that prevent
the security groups from being destroyed without removing the dependency first.
Default false
Declaration
public Output<bool?> RevokeRulesOnDelete { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
Tags
A map of tags to assign to the resource.
Declaration
public Output<ImmutableDictionary<string, object>> Tags { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>> |
VpcId
The VPC ID.
Declaration
public Output<string> VpcId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, SecurityGroupState, CustomResourceOptions)
Get an existing SecurityGroup resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static SecurityGroup Get(string name, Input<string> id, SecurityGroupState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| SecurityGroupState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| SecurityGroup |