Skip to main content

security_group_egress

Gets an individual security_group_egress resource

Overview

Namesecurity_group_egress
TypeResource
DescriptionAdds the specified outbound (egress) rule to a security group.<br/> An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html).<br/> You must specify exactly one of the following destinations: an IPv4 address range, an IPv6 address range, a prefix list, or a security group.<br/> You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1.<br/> Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
Idaws.ec2.security_group_egress

Fields

NameDatatypeDescription
cidr_ipstringThe IPv4 address range, in CIDR format.<br/> You must specify exactly one of the following: ``CidrIp``, ``CidrIpv6``, ``DestinationPrefixListId``, or ``DestinationSecurityGroupId``.<br/> For examples of rules that you can add to security groups for specific access scenarios, see [Security group rules for different use cases](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html) in the *User Guide*.
cidr_ipv6stringThe IPv6 address range, in CIDR format.<br/> You must specify exactly one of the following: ``CidrIp``, ``CidrIpv6``, ``DestinationPrefixListId``, or ``DestinationSecurityGroupId``.<br/> For examples of rules that you can add to security groups for specific access scenarios, see [Security group rules for different use cases](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html) in the *User Guide*.
descriptionstringThe description of an egress (outbound) security group rule.<br/> Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
from_portintegerIf the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
to_portintegerIf the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
ip_protocolstringThe IP protocol name (``tcp``, ``udp``, ``icmp``, ``icmpv6``) or number (see [Protocol Numbers](https://docs.aws.amazon.com/http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)).<br/> Use ``-1`` to specify all protocols. When authorizing security group rules, specifying ``-1`` or a protocol number other than ``tcp``, ``udp``, ``icmp``, or ``icmpv6`` allows traffic on all ports, regardless of any port range you specify. For ``tcp``, ``udp``, and ``icmp``, you must specify a port range. For ``icmpv6``, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
destination_security_group_idstringThe ID of the security group.<br/> You must specify exactly one of the following: ``CidrIp``, ``CidrIpv6``, ``DestinationPrefixListId``, or ``DestinationSecurityGroupId``.
idstring
destination_prefix_list_idstringThe prefix list IDs for an AWS service. This is the AWS service to access through a VPC endpoint from instances associated with the security group.<br/> You must specify exactly one of the following: ``CidrIp``, ``CidrIpv6``, ``DestinationPrefixListId``, or ``DestinationSecurityGroupId``.
group_idstringThe ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
regionstringAWS region.

Methods

NameAccessible byRequired Params
update_resourceUPDATEdata__Identifier, data__PatchDocument, region
delete_resourceDELETEdata__Identifier, region
get_resourceSELECTdata__Identifier, region

SELECT Example

SELECT
region,
cidr_ip,
cidr_ipv6,
description,
from_port,
to_port,
ip_protocol,
destination_security_group_id,
id,
destination_prefix_list_id,
group_id
FROM aws.ec2.security_group_egress
WHERE data__Identifier = '<Id>';

Permissions

To operate on the security_group_egress resource, the following permissions are required:

Read

ec2:DescribeSecurityGroupRules

Update

ec2:UpdateSecurityGroupRuleDescriptionsEgress

Delete

ec2:RevokeSecurityGroupEgress,
ec2:DescribeSecurityGroupRules