aws::security-group-rules¶

Add ingress and egress rules to a security group.

Example¶

aws::security-group backend
    vpc: $(aws::vpc vpc)

    name: "backend"
    description: "backend"
end

aws::security-group-rules backend
    security-group: $(aws::security-group backend)

    ingress
        protocol: -1
        security-group: $SELF.security-group
    end

    ingress
        protocol: -1
        security-group: $(aws::security-group master)
    end
end

Attributes¶

Attribute	Description
security-group	The security group to apply rules to. (Required)
ingress list subresource	A list of ingress rules to block inbound traffic. protocol The protocol for this Security Group Rule. `-1` is equivalent to “all”. Defaults to `tcp`. description The description for this Security Group Rule. from-port The starting port for this Security Group Rule. Required if `protocol` is not set as `-1`. to-port The ending port for this Security Group Rule. Required if `protocol` is not set as `-1`. cidr-block The IPv4 CIDR block to apply this Security Group Rule to. Required if `ipv6-cidr-block` or `security-group` not mentioned. ipv6-cidr-block The IPv6 CIDR blocks to apply this Security Group Rule to. Required if `cidr-block` or `security-group` not mentioned. security-group The security group referenced by this Security Group Rule.
egress list subresource	A list of egress rules to block outbound traffic. protocol The protocol for this Security Group Rule. `-1` is equivalent to “all”. Defaults to `tcp`. description The description for this Security Group Rule. from-port The starting port for this Security Group Rule. Required if `protocol` is not set as `-1`. to-port The ending port for this Security Group Rule. Required if `protocol` is not set as `-1`. cidr-block The IPv4 CIDR block to apply this Security Group Rule to. Required if `ipv6-cidr-block` or `security-group` not mentioned. ipv6-cidr-block The IPv6 CIDR blocks to apply this Security Group Rule to. Required if `cidr-block` or `security-group` not mentioned. security-group The security group referenced by this Security Group Rule.
keep-default-egress-rules	When set to `true`, the default egress rule is kept.