AWS Amazon EC2 Rule

This page shows how to write Terraform and CloudFormation for Amazon EC2 Rule and write them securely.

aws_security_group_rule (Terraform)

The Rule in Amazon EC2 can be configured in Terraform with the resource name aws_security_group_rule. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

Explanation in Terraform Registry

Provides a security group rule resource. Represents a single ingress or egress group rule, which can be added to external Security Groups.

NOTE on Security Groups and Security Group Rules: Terraform currently provides both a standalone Security Group Rule resource (a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules. NOTE: Setting protocol = "all" or protocol = -1 with from_port and to_port will result in the EC2 API creating a security group rule with all ports open. This API behavior cannot be controlled by Terraform and may generate warnings in the future. NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.

AWS::EC2::SecurityGroup Egress (CloudFormation)

The SecurityGroup Egress in EC2 can be configured in CloudFormation with the resource name AWS::EC2::SecurityGroup Egress. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

CidrIp The IPv4 address range, in CIDR format.
Required: No
Type: String
Update requires: No interruption

CidrIpv6 The IPv6 address range, in CIDR format.
Required: No
Type: String
Update requires: No interruption

Description A description for the security group rule.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
Required: No
Type: String
Update requires: No interruption

DestinationPrefixListId [EC2-VPC only] The prefix list IDs for the destination AWS service. This is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.
Required: No
Type: String
Update requires: No interruption

DestinationSecurityGroupId The ID of the destination VPC security group.
Required: No
Type: String
Update requires: No interruption

FromPort The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.
Required: No
Type: Integer
Update requires: No interruption

IpProtocol The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).
[VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
Required: Yes
Type: String
Update requires: No interruption

ToPort The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.
Required: No
Type: Integer
Update requires: No interruption

Explanation in CloudFormation Registry

Specifies an outbound rule for a security group. An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, or to the instances associated with the specified destination security groups.

You must specify only one of the following properties: CidrIp, CidrIpv6, DestinationPrefixListId, or DestinationSecurityGroupId.

The EC2 Security Group Rule is an embedded property of the AWS::EC2::SecurityGroup type.

Frequently asked questions

What is AWS Amazon EC2 Rule?

AWS Amazon EC2 Rule is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.