Class: AWSCDK::EC2::CfnSecurityGroup::IngressProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
ec2/cfn_security_group.rb

Overview

Adds an inbound (ingress) rule to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see Security group rules .

You must specify exactly one of the following sources: an IPv4 address range, an IPv6 address range, a prefix list, or a security group.

You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code.

Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(ip_protocol:, cidr_ip: nil, cidr_ipv6: nil, description: nil, from_port: nil, source_prefix_list_id: nil, source_security_group_id: nil, source_security_group_name: nil, source_security_group_owner_id: nil, to_port: nil) ⇒ IngressProperty

Returns a new instance of IngressProperty.

Parameters:

  • ip_protocol (String)

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

  • cidr_ip (String, nil) (defaults to: nil)

    The IPv4 address range, in CIDR format.

  • cidr_ipv6 (String, nil) (defaults to: nil)

    The IPv6 address range, in CIDR format.

  • description (String, nil) (defaults to: nil)

    Updates the description of an ingress (inbound) security group rule.

  • from_port (Numeric, nil) (defaults to: nil)

    If the protocol is TCP or UDP, this is the start of the port range.

  • source_prefix_list_id (String, nil) (defaults to: nil)

    The ID of a prefix list.

  • source_security_group_id (String, nil) (defaults to: nil)

    The ID of the security group.

  • source_security_group_name (String, nil) (defaults to: nil)

    [Default VPC] The name of the source security group.

  • source_security_group_owner_id (String, nil) (defaults to: nil)

    [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account.

  • to_port (Numeric, nil) (defaults to: nil)

    If the protocol is TCP or UDP, this is the end of the port range.



773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
# File 'ec2/cfn_security_group.rb', line 773

def initialize(ip_protocol:, cidr_ip: nil, cidr_ipv6: nil, description: nil, from_port: nil, source_prefix_list_id: nil, source_security_group_id: nil, source_security_group_name: nil, source_security_group_owner_id: nil, to_port: nil)
  @ip_protocol = ip_protocol
  Jsii::Type.check_type(@ip_protocol, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "ipProtocol")
  @cidr_ip = cidr_ip
  Jsii::Type.check_type(@cidr_ip, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cidrIp") unless @cidr_ip.nil?
  @cidr_ipv6 = cidr_ipv6
  Jsii::Type.check_type(@cidr_ipv6, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cidrIpv6") unless @cidr_ipv6.nil?
  @description = description
  Jsii::Type.check_type(@description, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "description") unless @description.nil?
  @from_port = from_port
  Jsii::Type.check_type(@from_port, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "fromPort") unless @from_port.nil?
  @source_prefix_list_id = source_prefix_list_id
  Jsii::Type.check_type(@source_prefix_list_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourcePrefixListId") unless @source_prefix_list_id.nil?
  @source_security_group_id = source_security_group_id
  Jsii::Type.check_type(@source_security_group_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourceSecurityGroupId") unless @source_security_group_id.nil?
  @source_security_group_name = source_security_group_name
  Jsii::Type.check_type(@source_security_group_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourceSecurityGroupName") unless @source_security_group_name.nil?
  @source_security_group_owner_id = source_security_group_owner_id
  Jsii::Type.check_type(@source_security_group_owner_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourceSecurityGroupOwnerId") unless @source_security_group_owner_id.nil?
  @to_port = to_port
  Jsii::Type.check_type(@to_port, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "toPort") unless @to_port.nil?
end

Instance Attribute Details

#cidr_ipString? (readonly)

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .



811
812
813
# File 'ec2/cfn_security_group.rb', line 811

def cidr_ip
  @cidr_ip
end

#cidr_ipv6String? (readonly)

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .



820
821
822
# File 'ec2/cfn_security_group.rb', line 820

def cidr_ipv6
  @cidr_ipv6
end

#descriptionString? (readonly)

Updates the description of an ingress (inbound) security group rule.

You can replace an existing description, or add a description to a rule that did not have one previously.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*



829
830
831
# File 'ec2/cfn_security_group.rb', line 829

def description
  @description
end

#from_portNumeric? (readonly)

If the protocol is TCP or UDP, this is the start of the port range.

If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).



836
837
838
# File 'ec2/cfn_security_group.rb', line 836

def from_port
  @from_port
end

#ip_protocolString (readonly)

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.



802
803
804
# File 'ec2/cfn_security_group.rb', line 802

def ip_protocol
  @ip_protocol
end

#source_prefix_list_idString? (readonly)

The ID of a prefix list.



841
842
843
# File 'ec2/cfn_security_group.rb', line 841

def source_prefix_list_id
  @source_prefix_list_id
end

#source_security_group_idString? (readonly)

The ID of the security group.



846
847
848
# File 'ec2/cfn_security_group.rb', line 846

def source_security_group_id
  @source_security_group_id
end

#source_security_group_nameString? (readonly)

[Default VPC] The name of the source security group.

You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

For security groups in a nondefault VPC, you must specify the group ID.



855
856
857
# File 'ec2/cfn_security_group.rb', line 855

def source_security_group_name
  @source_security_group_name
end

#source_security_group_owner_idString? (readonly)

[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account.

You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId ; otherwise, this property is optional.



864
865
866
# File 'ec2/cfn_security_group.rb', line 864

def source_security_group_owner_id
  @source_security_group_owner_id
end

#to_portNumeric? (readonly)

If the protocol is TCP or UDP, this is the end of the port range.

If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).



871
872
873
# File 'ec2/cfn_security_group.rb', line 871

def to_port
  @to_port
end

Class Method Details

.jsii_propertiesObject



873
874
875
876
877
878
879
880
881
882
883
884
885
886
# File 'ec2/cfn_security_group.rb', line 873

def self.jsii_properties
  {
    :ip_protocol => "ipProtocol",
    :cidr_ip => "cidrIp",
    :cidr_ipv6 => "cidrIpv6",
    :description => "description",
    :from_port => "fromPort",
    :source_prefix_list_id => "sourcePrefixListId",
    :source_security_group_id => "sourceSecurityGroupId",
    :source_security_group_name => "sourceSecurityGroupName",
    :source_security_group_owner_id => "sourceSecurityGroupOwnerId",
    :to_port => "toPort",
  }
end

Instance Method Details

#to_jsiiObject



888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
# File 'ec2/cfn_security_group.rb', line 888

def to_jsii
  result = {}
  result.merge!({
    "ipProtocol" => @ip_protocol,
    "cidrIp" => @cidr_ip,
    "cidrIpv6" => @cidr_ipv6,
    "description" => @description,
    "fromPort" => @from_port,
    "sourcePrefixListId" => @source_prefix_list_id,
    "sourceSecurityGroupId" => @source_security_group_id,
    "sourceSecurityGroupName" => @source_security_group_name,
    "sourceSecurityGroupOwnerId" => @source_security_group_owner_id,
    "toPort" => @to_port,
  })
  result.compact
end