Class: AWSCDK::EC2::SecurityGroup
- Inherits:
-
Resource
- Object
- Resource
- AWSCDK::EC2::SecurityGroup
- Includes:
- ISecurityGroup
- Defined in:
- ec2/security_group.rb
Overview
Creates an Amazon EC2 security group within a VPC.
Security Groups act like a firewall with a set of rules, and are associated with any AWS resource that has or creates Elastic Network Interfaces (ENIs). A typical example of a resource that has a security group is an Instance (or Auto Scaling Group of instances)
If you are defining new infrastructure in CDK, there is a good chance you won't have to interact with this class at all. Like IAM Roles, Security Groups need to exist to control access between AWS resources, but CDK will automatically generate and populate them with least-privilege permissions for you so you can concentrate on your business logic.
All Constructs that require Security Groups will create one for you if you
don't specify one at construction. After construction, you can selectively
allow connections to and between constructs via--for example-- the instance.connections
object. Think of it as "allowing connections to your instance", rather than
"adding ingress rules a security group". See the Allowing
Connections
section in the library documentation for examples.
Direct manipulation of the Security Group through add_ingress_rule and
add_egress_rule is possible, but mutation through the .connections object
is recommended. If you peer two constructs with security groups this way,
appropriate rules will be created in both.
If you have an existing security group you want to use in your CDK application, you would import it like this:
security_group = AWSCDK::EC2::SecurityGroup.from_security_group_id(self, "SG", "sg-12345", {
mutable: false,
})
Class Method Summary collapse
-
.from_lookup_by_id(scope, id, security_group_id) ⇒ AWSCDK::EC2::ISecurityGroup
Look up a security group by id.
-
.from_lookup_by_name(scope, id, security_group_name, vpc) ⇒ AWSCDK::EC2::ISecurityGroup
Look up a security group by name.
-
.from_security_group_id(scope, id, security_group_id, options = nil) ⇒ AWSCDK::EC2::ISecurityGroup
Import an existing security group into this app.
-
.is_security_group(x) ⇒ Boolean
Return whether the indicated object is a security group.
- .jsii_overridable_methods ⇒ Object
-
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
Instance Method Summary collapse
-
#add_egress_rule(peer, connection, description = nil, remote_rule = nil) ⇒ void
Add an egress rule for the current security group.
-
#add_ingress_rule(peer, connection, description = nil, remote_rule = nil) ⇒ void
Add an ingress rule for the current security group.
-
#allow_all_ipv6_outbound ⇒ Boolean
Whether the SecurityGroup has been configured to allow all outbound ipv6 traffic.
-
#allow_all_outbound ⇒ Boolean
Whether the SecurityGroup has been configured to allow all outbound traffic.
-
#apply_cross_stack_reference_strength(strength) ⇒ void
Override the cross-stack reference strength for this resource.
-
#apply_removal_policy(policy) ⇒ void
Apply the given removal policy to this resource.
-
#can_inline_rule ⇒ Boolean
Whether the rule can be inlined into a SecurityGroup or not.
-
#connections ⇒ AWSCDK::EC2::Connections
The network connections associated with this resource.
- #default_port ⇒ AWSCDK::EC2::Port?
-
#determine_rule_scope(peer, connection, from_to, remote_rule = nil) ⇒ AWSCDK::EC2::RuleScope
Determine where to parent a new ingress/egress rule.
-
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
- #generate_physical_name ⇒ String
-
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g.
bucket.bucketArn). -
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g.
bucket.bucketName). -
#initialize(scope, id, props) ⇒ SecurityGroup
constructor
A new instance of SecurityGroup.
-
#node ⇒ Constructs::Node
The tree node.
-
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
-
#security_group_id ⇒ String
The ID of the security group.
-
#security_group_ref ⇒ AWSCDK::Interfaces::AWSEC2::SecurityGroupReference
A reference to a SecurityGroup resource.
-
#security_group_vpc_id ⇒ String
The VPC ID this security group is part of.
-
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
-
#to_egress_rule_config ⇒ AWSCDK::EC2::EgressRuleConfig
Produce the egress rule JSON for the given connection.
-
#to_ingress_rule_config ⇒ AWSCDK::EC2::IngressRuleConfig
Produce the ingress rule JSON for the given connection.
-
#to_string ⇒ String
Returns a string representation of this construct.
-
#unique_id ⇒ String
A unique identifier for this connection peer.
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Constructor Details
#initialize(scope, id, props) ⇒ SecurityGroup
Returns a new instance of SecurityGroup.
45 46 47 48 49 50 51 |
# File 'ec2/security_group.rb', line 45 def initialize(scope, id, props) props = props.is_a?(Hash) ? ::AWSCDK::EC2::SecurityGroupProps.new(**props.transform_keys(&:to_sym)) : props Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlNlY3VyaXR5R3JvdXBQcm9wcyJ9")), "props") Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props) end |
Class Method Details
.from_lookup_by_id(scope, id, security_group_id) ⇒ AWSCDK::EC2::ISecurityGroup
Look up a security group by id.
89 90 91 92 93 94 |
# File 'ec2/security_group.rb', line 89 def self.from_lookup_by_id(scope, id, security_group_id) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(security_group_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "securityGroupId") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_ec2.SecurityGroup", "fromLookupById", [scope, id, security_group_id]) end |
.from_lookup_by_name(scope, id, security_group_name, vpc) ⇒ AWSCDK::EC2::ISecurityGroup
Look up a security group by name.
103 104 105 106 107 108 109 |
# File 'ec2/security_group.rb', line 103 def self.from_lookup_by_name(scope, id, security_group_name, vpc) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(security_group_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "securityGroupName") Jsii::Type.check_type(vpc, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklWcGMifQ==")), "vpc") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_ec2.SecurityGroup", "fromLookupByName", [scope, id, security_group_name, vpc]) end |
.from_security_group_id(scope, id, security_group_id, options = nil) ⇒ AWSCDK::EC2::ISecurityGroup
Import an existing security group into this app.
This method will assume that the Security Group has a rule in it which allows all outbound traffic, and so will not add egress rules to the imported Security Group (only ingress rules).
If your existing Security Group needs to have egress rules added, pass the
allowAllOutbound: false option on import.
125 126 127 128 129 130 131 132 |
# File 'ec2/security_group.rb', line 125 def self.from_security_group_id(scope, id, security_group_id, = nil) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(security_group_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "securityGroupId") = .is_a?(Hash) ? ::AWSCDK::EC2::SecurityGroupImportOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlNlY3VyaXR5R3JvdXBJbXBvcnRPcHRpb25zIn0=")), "options") unless .nil? Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_ec2.SecurityGroup", "fromSecurityGroupId", [scope, id, security_group_id, ]) end |
.is_security_group(x) ⇒ Boolean
Return whether the indicated object is a security group.
138 139 140 141 |
# File 'ec2/security_group.rb', line 138 def self.is_security_group(x) Jsii::Type.check_type(x, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "x") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_ec2.SecurityGroup", "isSecurityGroup", [x]) end |
.jsii_overridable_methods ⇒ Object
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'ec2/security_group.rb', line 53 def self.jsii_overridable_methods { :node => { kind: :property, name: "node", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :physical_name => { kind: :property, name: "physicalName", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :allow_all_ipv6_outbound => { kind: :property, name: "allowAllIpv6Outbound", is_optional: false }, :allow_all_outbound => { kind: :property, name: "allowAllOutbound", is_optional: false }, :can_inline_rule => { kind: :property, name: "canInlineRule", is_optional: false }, :connections => { kind: :property, name: "connections", is_optional: false }, :security_group_id => { kind: :property, name: "securityGroupId", is_optional: false }, :security_group_ref => { kind: :property, name: "securityGroupRef", is_optional: false }, :security_group_vpc_id => { kind: :property, name: "securityGroupVpcId", is_optional: false }, :unique_id => { kind: :property, name: "uniqueId", is_optional: false }, :default_port => { kind: :property, name: "defaultPort", is_optional: true }, :to_string => { kind: :method, name: "toString", is_optional: false }, :with => { kind: :method, name: "with", is_optional: false }, :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :generate_physical_name => { kind: :method, name: "generatePhysicalName", is_optional: false }, :get_resource_arn_attribute => { kind: :method, name: "getResourceArnAttribute", is_optional: false }, :get_resource_name_attribute => { kind: :method, name: "getResourceNameAttribute", is_optional: false }, :add_egress_rule => { kind: :method, name: "addEgressRule", is_optional: false }, :add_ingress_rule => { kind: :method, name: "addIngressRule", is_optional: false }, :determine_rule_scope => { kind: :method, name: "determineRuleScope", is_optional: false }, :to_egress_rule_config => { kind: :method, name: "toEgressRuleConfig", is_optional: false }, :to_ingress_rule_config => { kind: :method, name: "toIngressRuleConfig", is_optional: false }, } end |
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
189 190 191 |
# File 'ec2/security_group.rb', line 189 def self.PROPERTY_INJECTION_ID() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_ec2.SecurityGroup", "PROPERTY_INJECTION_ID") end |
Instance Method Details
#add_egress_rule(peer, connection, description = nil, remote_rule = nil) ⇒ void
This method returns an undefined value.
Add an egress rule for the current security group.
remote_rule controls where the Rule object is created if the peer is also a
securityGroup and they are in different stack. If false (default) the
rule object is created under the current SecurityGroup object. If true and the
peer is also a SecurityGroup, the rule object is created under the remote
SecurityGroup object.
357 358 359 360 361 362 363 |
# File 'ec2/security_group.rb', line 357 def add_egress_rule(peer, connection, description = nil, remote_rule = nil) Jsii::Type.check_type(peer, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklQZWVyIn0=")), "peer") Jsii::Type.check_type(connection, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlBvcnQifQ==")), "connection") Jsii::Type.check_type(description, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "description") unless description.nil? Jsii::Type.check_type(remote_rule, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "remoteRule") unless remote_rule.nil? jsii_call_method("addEgressRule", [peer, connection, description, remote_rule]) end |
#add_ingress_rule(peer, connection, description = nil, remote_rule = nil) ⇒ void
This method returns an undefined value.
Add an ingress rule for the current security group.
remote_rule controls where the Rule object is created if the peer is also a
securityGroup and they are in different stack. If false (default) the
rule object is created under the current SecurityGroup object. If true and the
peer is also a SecurityGroup, the rule object is created under the remote
SecurityGroup object.
378 379 380 381 382 383 384 |
# File 'ec2/security_group.rb', line 378 def add_ingress_rule(peer, connection, description = nil, remote_rule = nil) Jsii::Type.check_type(peer, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklQZWVyIn0=")), "peer") Jsii::Type.check_type(connection, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlBvcnQifQ==")), "connection") Jsii::Type.check_type(description, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "description") unless description.nil? Jsii::Type.check_type(remote_rule, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "remoteRule") unless remote_rule.nil? jsii_call_method("addIngressRule", [peer, connection, description, remote_rule]) end |
#allow_all_ipv6_outbound ⇒ Boolean
Whether the SecurityGroup has been configured to allow all outbound ipv6 traffic.
196 197 198 |
# File 'ec2/security_group.rb', line 196 def allow_all_ipv6_outbound() jsii_get_property("allowAllIpv6Outbound") end |
#allow_all_outbound ⇒ Boolean
Whether the SecurityGroup has been configured to allow all outbound traffic.
203 204 205 |
# File 'ec2/security_group.rb', line 203 def allow_all_outbound() jsii_get_property("allowAllOutbound") end |
#apply_cross_stack_reference_strength(strength) ⇒ void
This method returns an undefined value.
Override the cross-stack reference strength for this resource.
When set, any cross-stack reference to this resource will use the specified
mechanism instead of the global default determined by the
@aws-cdk/core:defaultCrossStackReferences context key. This is useful for
selectively weakening specific references to avoid the "deadly embrace" problem
without changing the app-wide default.
287 288 289 290 |
# File 'ec2/security_group.rb', line 287 def apply_cross_stack_reference_strength(strength) Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength") jsii_call_method("applyCrossStackReferenceStrength", [strength]) end |
#apply_removal_policy(policy) ⇒ void
This method returns an undefined value.
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
304 305 306 307 |
# File 'ec2/security_group.rb', line 304 def apply_removal_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") jsii_call_method("applyRemovalPolicy", [policy]) end |
#can_inline_rule ⇒ Boolean
Whether the rule can be inlined into a SecurityGroup or not.
210 211 212 |
# File 'ec2/security_group.rb', line 210 def can_inline_rule() jsii_get_property("canInlineRule") end |
#connections ⇒ AWSCDK::EC2::Connections
The network connections associated with this resource.
217 218 219 |
# File 'ec2/security_group.rb', line 217 def connections() jsii_get_property("connections") end |
#default_port ⇒ AWSCDK::EC2::Port?
250 251 252 |
# File 'ec2/security_group.rb', line 250 def default_port() jsii_get_property("defaultPort") end |
#determine_rule_scope(peer, connection, from_to, remote_rule = nil) ⇒ AWSCDK::EC2::RuleScope
Determine where to parent a new ingress/egress rule.
A SecurityGroup rule is parented under the group it's related to, UNLESS we're in a cross-stack scenario with another Security Group. In that case, we respect the 'remoteRule' flag and will parent under the other security group.
This is necessary to avoid cyclic dependencies between stacks, since both ingress and egress rules will reference both security groups, and a naive parenting will lead to the following situation:
╔════════════════════╗ ╔════════════════════╗ ║ ┌───────────┐ ║ ║ ┌───────────┐ ║ ║ │ GroupA │◀────╬─┐ ┌───╬───▶│ GroupB │ ║ ║ └───────────┘ ║ │ │ ║ └───────────┘ ║ ║ ▲ ║ │ │ ║ ▲ ║ ║ │ ║ │ │ ║ │ ║ ║ │ ║ │ │ ║ │ ║ ║ ┌───────────┐ ║ └───┼───╬────┌───────────┐ ║ ║ │ EgressA │─────╬─────┘ ║ │ IngressB │ ║ ║ └───────────┘ ║ ║ └───────────┘ ║ ║ ║ ║ ║ ╚════════════════════╝ ╚════════════════════╝
By having the ability to switch the parent, we avoid the cyclic reference by keeping all rules in a single stack.
If this happens, we also have to change the construct ID, because otherwise we might have two objects with the same ID if we have multiple reversed security group relationships.
╔═══════════════════════════════════╗ ║┌───────────┐ ║ ║│ GroupB │ ║ ║└───────────┘ ║ ║ ▲ ║ ║ │ ┌───────────┐ ║ ║ ├────"from A"──│ IngressB │ ║ ║ │ └───────────┘ ║ ║ │ ┌───────────┐ ║ ║ ├─────"to B"───│ EgressA │ ║ ║ │ └───────────┘ ║ ║ │ ┌───────────┐ ║ ║ └─────"to B"───│ EgressC │ ║ <-- oops ║ └───────────┘ ║ ╚═══════════════════════════════════╝
438 439 440 441 442 443 444 |
# File 'ec2/security_group.rb', line 438 def determine_rule_scope(peer, connection, from_to, remote_rule = nil) Jsii::Type.check_type(peer, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLklQZWVyIn0=")), "peer") Jsii::Type.check_type(connection, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWMyLlBvcnQifQ==")), "connection") Jsii::Type.check_type(from_to, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "fromTo") Jsii::Type.check_type(remote_rule, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "remoteRule") unless remote_rule.nil? jsii_call_method("determineRuleScope", [peer, connection, from_to, remote_rule]) end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
161 162 163 |
# File 'ec2/security_group.rb', line 161 def env() jsii_get_property("env") end |
#generate_physical_name ⇒ String
310 311 312 |
# File 'ec2/security_group.rb', line 310 def generate_physical_name() jsii_call_method("generatePhysicalName", []) end |
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arn_attr, but if the resource is
referenced across environments, arn_components will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arn_components.
324 325 326 327 328 329 |
# File 'ec2/security_group.rb', line 324 def get_resource_arn_attribute(arn_attr, arn_components) Jsii::Type.check_type(arn_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arnAttr") arn_components = arn_components.is_a?(Hash) ? ::AWSCDK::ARNComponents.new(**arn_components.transform_keys(&:to_sym)) : arn_components Jsii::Type.check_type(arn_components, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5Bcm5Db21wb25lbnRzIn0=")), "arnComponents") jsii_call_method("getResourceArnAttribute", [arn_attr, arn_components]) end |
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to name_attr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
339 340 341 342 |
# File 'ec2/security_group.rb', line 339 def get_resource_name_attribute(name_attr) Jsii::Type.check_type(name_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "nameAttr") jsii_call_method("getResourceNameAttribute", [name_attr]) end |
#node ⇒ Constructs::Node
The tree node.
146 147 148 |
# File 'ec2/security_group.rb', line 146 def node() jsii_get_property("node") end |
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
- a concrete value (e.g.
"my-awesome-bucket") undefined, when a name should be generated by CloudFormation- a concrete name generated automatically during synthesis, in cross-environment scenarios.
175 176 177 |
# File 'ec2/security_group.rb', line 175 def physical_name() jsii_get_property("physicalName") end |
#security_group_id ⇒ String
The ID of the security group.
224 225 226 |
# File 'ec2/security_group.rb', line 224 def security_group_id() jsii_get_property("securityGroupId") end |
#security_group_ref ⇒ AWSCDK::Interfaces::AWSEC2::SecurityGroupReference
A reference to a SecurityGroup resource.
231 232 233 |
# File 'ec2/security_group.rb', line 231 def security_group_ref() jsii_get_property("securityGroupRef") end |
#security_group_vpc_id ⇒ String
The VPC ID this security group is part of.
238 239 240 |
# File 'ec2/security_group.rb', line 238 def security_group_vpc_id() jsii_get_property("securityGroupVpcId") end |
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
182 183 184 |
# File 'ec2/security_group.rb', line 182 def stack() jsii_get_property("stack") end |
#to_egress_rule_config ⇒ AWSCDK::EC2::EgressRuleConfig
Produce the egress rule JSON for the given connection.
449 450 451 |
# File 'ec2/security_group.rb', line 449 def to_egress_rule_config() jsii_call_method("toEgressRuleConfig", []) end |
#to_ingress_rule_config ⇒ AWSCDK::EC2::IngressRuleConfig
Produce the ingress rule JSON for the given connection.
456 457 458 |
# File 'ec2/security_group.rb', line 456 def to_ingress_rule_config() jsii_call_method("toIngressRuleConfig", []) end |
#to_string ⇒ String
Returns a string representation of this construct.
257 258 259 |
# File 'ec2/security_group.rb', line 257 def to_string() jsii_call_method("toString", []) end |
#unique_id ⇒ String
A unique identifier for this connection peer.
245 246 247 |
# File 'ec2/security_group.rb', line 245 def unique_id() jsii_get_property("uniqueId") end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the
start of the call, so constructs added by a mixin will not be visited.
Use multiple with() calls if subsequent mixins should apply to added
constructs.
270 271 272 273 274 275 |
# File 'ec2/security_group.rb', line 270 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |