Class: AWSCDK::EC2::CfnSecurityGroup::IngressProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::EC2::CfnSecurityGroup::IngressProperty
- Defined in:
- ec2/cfn_security_group.rb
Overview
Adds an inbound (ingress) rule to a security group.
An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see Security group rules .
You must specify exactly one of the following sources: an IPv4 address range, an IPv6 address range, a prefix list, or a security group.
You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code.
Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
Instance Attribute Summary collapse
-
#cidr_ip ⇒ String?
readonly
The IPv4 address range, in CIDR format.
-
#cidr_ipv6 ⇒ String?
readonly
The IPv6 address range, in CIDR format.
-
#description ⇒ String?
readonly
Updates the description of an ingress (inbound) security group rule.
-
#from_port ⇒ Numeric?
readonly
If the protocol is TCP or UDP, this is the start of the port range.
-
#ip_protocol ⇒ String
readonly
The IP protocol name (
tcp,udp,icmp,icmpv6) or number (see Protocol Numbers ). -
#source_prefix_list_id ⇒ String?
readonly
The ID of a prefix list.
-
#source_security_group_id ⇒ String?
readonly
The ID of the security group.
-
#source_security_group_name ⇒ String?
readonly
[Default VPC] The name of the source security group.
-
#source_security_group_owner_id ⇒ String?
readonly
[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account.
-
#to_port ⇒ Numeric?
readonly
If the protocol is TCP or UDP, this is the end of the port range.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(ip_protocol:, cidr_ip: nil, cidr_ipv6: nil, description: nil, from_port: nil, source_prefix_list_id: nil, source_security_group_id: nil, source_security_group_name: nil, source_security_group_owner_id: nil, to_port: nil) ⇒ IngressProperty
constructor
A new instance of IngressProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(ip_protocol:, cidr_ip: nil, cidr_ipv6: nil, description: nil, from_port: nil, source_prefix_list_id: nil, source_security_group_id: nil, source_security_group_name: nil, source_security_group_owner_id: nil, to_port: nil) ⇒ IngressProperty
Returns a new instance of IngressProperty.
773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 |
# File 'ec2/cfn_security_group.rb', line 773 def initialize(ip_protocol:, cidr_ip: nil, cidr_ipv6: nil, description: nil, from_port: nil, source_prefix_list_id: nil, source_security_group_id: nil, source_security_group_name: nil, source_security_group_owner_id: nil, to_port: nil) @ip_protocol = ip_protocol Jsii::Type.check_type(@ip_protocol, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "ipProtocol") @cidr_ip = cidr_ip Jsii::Type.check_type(@cidr_ip, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cidrIp") unless @cidr_ip.nil? @cidr_ipv6 = cidr_ipv6 Jsii::Type.check_type(@cidr_ipv6, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cidrIpv6") unless @cidr_ipv6.nil? @description = description Jsii::Type.check_type(@description, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "description") unless @description.nil? @from_port = from_port Jsii::Type.check_type(@from_port, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "fromPort") unless @from_port.nil? @source_prefix_list_id = source_prefix_list_id Jsii::Type.check_type(@source_prefix_list_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourcePrefixListId") unless @source_prefix_list_id.nil? @source_security_group_id = source_security_group_id Jsii::Type.check_type(@source_security_group_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourceSecurityGroupId") unless @source_security_group_id.nil? @source_security_group_name = source_security_group_name Jsii::Type.check_type(@source_security_group_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourceSecurityGroupName") unless @source_security_group_name.nil? @source_security_group_owner_id = source_security_group_owner_id Jsii::Type.check_type(@source_security_group_owner_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourceSecurityGroupOwnerId") unless @source_security_group_owner_id.nil? @to_port = to_port Jsii::Type.check_type(@to_port, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "toPort") unless @to_port.nil? end |
Instance Attribute Details
#cidr_ip ⇒ String? (readonly)
The IPv4 address range, in CIDR format.
You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .
For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
811 812 813 |
# File 'ec2/cfn_security_group.rb', line 811 def cidr_ip @cidr_ip end |
#cidr_ipv6 ⇒ String? (readonly)
The IPv6 address range, in CIDR format.
You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .
For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .
820 821 822 |
# File 'ec2/cfn_security_group.rb', line 820 def cidr_ipv6 @cidr_ipv6 end |
#description ⇒ String? (readonly)
Updates the description of an ingress (inbound) security group rule.
You can replace an existing description, or add a description to a rule that did not have one previously.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
829 830 831 |
# File 'ec2/cfn_security_group.rb', line 829 def description @description end |
#from_port ⇒ Numeric? (readonly)
If the protocol is TCP or UDP, this is the start of the port range.
If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
836 837 838 |
# File 'ec2/cfn_security_group.rb', line 836 def from_port @from_port end |
#ip_protocol ⇒ String (readonly)
The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).
Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
802 803 804 |
# File 'ec2/cfn_security_group.rb', line 802 def ip_protocol @ip_protocol end |
#source_prefix_list_id ⇒ String? (readonly)
The ID of a prefix list.
841 842 843 |
# File 'ec2/cfn_security_group.rb', line 841 def source_prefix_list_id @source_prefix_list_id end |
#source_security_group_id ⇒ String? (readonly)
The ID of the security group.
846 847 848 |
# File 'ec2/cfn_security_group.rb', line 846 def source_security_group_id @source_security_group_id end |
#source_security_group_name ⇒ String? (readonly)
[Default VPC] The name of the source security group.
You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
For security groups in a nondefault VPC, you must specify the group ID.
855 856 857 |
# File 'ec2/cfn_security_group.rb', line 855 def source_security_group_name @source_security_group_name end |
#source_security_group_owner_id ⇒ String? (readonly)
[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account.
You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.
If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId ; otherwise, this property is optional.
864 865 866 |
# File 'ec2/cfn_security_group.rb', line 864 def source_security_group_owner_id @source_security_group_owner_id end |
#to_port ⇒ Numeric? (readonly)
If the protocol is TCP or UDP, this is the end of the port range.
If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
871 872 873 |
# File 'ec2/cfn_security_group.rb', line 871 def to_port @to_port end |
Class Method Details
.jsii_properties ⇒ Object
873 874 875 876 877 878 879 880 881 882 883 884 885 886 |
# File 'ec2/cfn_security_group.rb', line 873 def self.jsii_properties { :ip_protocol => "ipProtocol", :cidr_ip => "cidrIp", :cidr_ipv6 => "cidrIpv6", :description => "description", :from_port => "fromPort", :source_prefix_list_id => "sourcePrefixListId", :source_security_group_id => "sourceSecurityGroupId", :source_security_group_name => "sourceSecurityGroupName", :source_security_group_owner_id => "sourceSecurityGroupOwnerId", :to_port => "toPort", } end |
Instance Method Details
#to_jsii ⇒ Object
888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 |
# File 'ec2/cfn_security_group.rb', line 888 def to_jsii result = {} result.merge!({ "ipProtocol" => @ip_protocol, "cidrIp" => @cidr_ip, "cidrIpv6" => @cidr_ipv6, "description" => @description, "fromPort" => @from_port, "sourcePrefixListId" => @source_prefix_list_id, "sourceSecurityGroupId" => @source_security_group_id, "sourceSecurityGroupName" => @source_security_group_name, "sourceSecurityGroupOwnerId" => @source_security_group_owner_id, "toPort" => @to_port, }) result.compact end |