Class: AWSCDK::EC2::CfnSecurityGroupIngressProps

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
ec2/cfn_security_group_ingress_props.rb

Overview

Properties for defining a CfnSecurityGroupIngress.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(ip_protocol:, cidr_ip: nil, cidr_ipv6: nil, description: nil, from_port: nil, group_id: nil, group_name: nil, source_prefix_list_id: nil, source_security_group_id: nil, source_security_group_name: nil, source_security_group_owner_id: nil, to_port: nil) ⇒ CfnSecurityGroupIngressProps

Returns a new instance of CfnSecurityGroupIngressProps.

Parameters:

  • ip_protocol (String)

    The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

  • cidr_ip (String, nil) (defaults to: nil)

    The IPv4 address range, in CIDR format.

  • cidr_ipv6 (String, nil) (defaults to: nil)

    The IPv6 address range, in CIDR format.

  • description (String, nil) (defaults to: nil)

    Updates the description of an ingress (inbound) security group rule.

  • from_port (Numeric, nil) (defaults to: nil)

    The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

  • group_id (String, AWSCDK::Interfaces::AWSEC2::ISecurityGroupRef, nil) (defaults to: nil)

    The ID of the security group.

  • group_name (String, AWSCDK::Interfaces::AWSEC2::ISecurityGroupRef, nil) (defaults to: nil)

    [Default VPC] The name of the security group.

  • source_prefix_list_id (String, AWSCDK::Interfaces::AWSEC2::IPrefixListRef, nil) (defaults to: nil)

    The ID of a prefix list.

  • source_security_group_id (String, AWSCDK::Interfaces::AWSEC2::ISecurityGroupRef, nil) (defaults to: nil)

    The ID of the security group.

  • source_security_group_name (String, nil) (defaults to: nil)

    [Default VPC] The name of the source security group.

  • source_security_group_owner_id (String, nil) (defaults to: nil)

    [nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account.

  • to_port (Numeric, nil) (defaults to: nil)

    The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# File 'ec2/cfn_security_group_ingress_props.rb', line 21

def initialize(ip_protocol:, cidr_ip: nil, cidr_ipv6: nil, description: nil, from_port: nil, group_id: nil, group_name: nil, source_prefix_list_id: nil, source_security_group_id: nil, source_security_group_name: nil, source_security_group_owner_id: nil, to_port: nil)
  @ip_protocol = ip_protocol
  Jsii::Type.check_type(@ip_protocol, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "ipProtocol")
  @cidr_ip = cidr_ip
  Jsii::Type.check_type(@cidr_ip, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cidrIp") unless @cidr_ip.nil?
  @cidr_ipv6 = cidr_ipv6
  Jsii::Type.check_type(@cidr_ipv6, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cidrIpv6") unless @cidr_ipv6.nil?
  @description = description
  Jsii::Type.check_type(@description, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "description") unless @description.nil?
  @from_port = from_port
  Jsii::Type.check_type(@from_port, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "fromPort") unless @from_port.nil?
  @group_id = group_id
  Jsii::Type.check_type(@group_id, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoic3RyaW5nIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19lYzIuSVNlY3VyaXR5R3JvdXBSZWYifV19fQ==")), "groupId") unless @group_id.nil?
  @group_name = group_name
  Jsii::Type.check_type(@group_name, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoic3RyaW5nIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19lYzIuSVNlY3VyaXR5R3JvdXBSZWYifV19fQ==")), "groupName") unless @group_name.nil?
  @source_prefix_list_id = source_prefix_list_id
  Jsii::Type.check_type(@source_prefix_list_id, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoic3RyaW5nIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19lYzIuSVByZWZpeExpc3RSZWYifV19fQ==")), "sourcePrefixListId") unless @source_prefix_list_id.nil?
  @source_security_group_id = source_security_group_id
  Jsii::Type.check_type(@source_security_group_id, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoic3RyaW5nIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19lYzIuSVNlY3VyaXR5R3JvdXBSZWYifV19fQ==")), "sourceSecurityGroupId") unless @source_security_group_id.nil?
  @source_security_group_name = source_security_group_name
  Jsii::Type.check_type(@source_security_group_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourceSecurityGroupName") unless @source_security_group_name.nil?
  @source_security_group_owner_id = source_security_group_owner_id
  Jsii::Type.check_type(@source_security_group_owner_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sourceSecurityGroupOwnerId") unless @source_security_group_owner_id.nil?
  @to_port = to_port
  Jsii::Type.check_type(@to_port, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "toPort") unless @to_port.nil?
end

Instance Attribute Details

#cidr_ipString? (readonly)

The IPv4 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .



63
64
65
# File 'ec2/cfn_security_group_ingress_props.rb', line 63

def cidr_ip
  @cidr_ip
end

#cidr_ipv6String? (readonly)

The IPv6 address range, in CIDR format.

You must specify exactly one of the following: CidrIp , CidrIpv6 , SourcePrefixListId , or SourceSecurityGroupId .

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide .



72
73
74
# File 'ec2/cfn_security_group_ingress_props.rb', line 72

def cidr_ipv6
  @cidr_ipv6
end

#descriptionString? (readonly)

Updates the description of an ingress (inbound) security group rule.

You can replace an existing description, or add a description to a rule that did not have one previously.

Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*



81
82
83
# File 'ec2/cfn_security_group_ingress_props.rb', line 81

def description
  @description
end

#from_portNumeric? (readonly)

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Use this for ICMP and any protocol that uses ports.



90
91
92
# File 'ec2/cfn_security_group_ingress_props.rb', line 90

def from_port
  @from_port
end

#group_idString, ... (readonly)

The ID of the security group.



95
96
97
# File 'ec2/cfn_security_group_ingress_props.rb', line 95

def group_id
  @group_id
end

#group_nameString, ... (readonly)

[Default VPC] The name of the security group.

For security groups for a default VPC you can specify either the ID or the name of the security group. For security groups for a nondefault VPC, you must specify the ID of the security group.



102
103
104
# File 'ec2/cfn_security_group_ingress_props.rb', line 102

def group_name
  @group_name
end

#ip_protocolString (readonly)

The IP protocol name ( tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.



54
55
56
# File 'ec2/cfn_security_group_ingress_props.rb', line 54

def ip_protocol
  @ip_protocol
end

#source_prefix_list_idString, ... (readonly)

The ID of a prefix list.



107
108
109
# File 'ec2/cfn_security_group_ingress_props.rb', line 107

def source_prefix_list_id
  @source_prefix_list_id
end

#source_security_group_idString, ... (readonly)

The ID of the security group.

You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID.



114
115
116
# File 'ec2/cfn_security_group_ingress_props.rb', line 114

def source_security_group_id
  @source_security_group_id
end

#source_security_group_nameString? (readonly)

[Default VPC] The name of the source security group.

You must specify either the security group ID or the security group name. You can't specify the group name in combination with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

For security groups in a nondefault VPC, you must specify the group ID.



123
124
125
# File 'ec2/cfn_security_group_ingress_props.rb', line 123

def source_security_group_name
  @source_security_group_name
end

#source_security_group_owner_idString? (readonly)

[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account.

You can't specify this property with an IP address range. Creates rules that grant full ICMP, UDP, and TCP access.

If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify SourceSecurityGroupOwnerId ; otherwise, this property is optional.



132
133
134
# File 'ec2/cfn_security_group_ingress_props.rb', line 132

def source_security_group_owner_id
  @source_security_group_owner_id
end

#to_portNumeric? (readonly)

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Use this for ICMP and any protocol that uses ports.



141
142
143
# File 'ec2/cfn_security_group_ingress_props.rb', line 141

def to_port
  @to_port
end

Class Method Details

.jsii_propertiesObject



143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# File 'ec2/cfn_security_group_ingress_props.rb', line 143

def self.jsii_properties
  {
    :ip_protocol => "ipProtocol",
    :cidr_ip => "cidrIp",
    :cidr_ipv6 => "cidrIpv6",
    :description => "description",
    :from_port => "fromPort",
    :group_id => "groupId",
    :group_name => "groupName",
    :source_prefix_list_id => "sourcePrefixListId",
    :source_security_group_id => "sourceSecurityGroupId",
    :source_security_group_name => "sourceSecurityGroupName",
    :source_security_group_owner_id => "sourceSecurityGroupOwnerId",
    :to_port => "toPort",
  }
end

Instance Method Details

#to_jsiiObject



160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# File 'ec2/cfn_security_group_ingress_props.rb', line 160

def to_jsii
  result = {}
  result.merge!({
    "ipProtocol" => @ip_protocol,
    "cidrIp" => @cidr_ip,
    "cidrIpv6" => @cidr_ipv6,
    "description" => @description,
    "fromPort" => @from_port,
    "groupId" => @group_id,
    "groupName" => @group_name,
    "sourcePrefixListId" => @source_prefix_list_id,
    "sourceSecurityGroupId" => @source_security_group_id,
    "sourceSecurityGroupName" => @source_security_group_name,
    "sourceSecurityGroupOwnerId" => @source_security_group_owner_id,
    "toPort" => @to_port,
  })
  result.compact
end