security_group_egresses
Used to retrieve a list of security_group_egresses
in a region or to create or delete a security_group_egresses
resource, use security_group_egress
to read or update an individual resource.
Overview
Name | security_group_egresses |
Type | Resource |
Description | Adds the specified outbound (egress) rule to a security group.<br/> An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html).<br/> You must specify exactly one of the following destinations: an IPv4 address range, an IPv6 address range, a prefix list, or a security group.<br/> You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1.<br/> Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. |
Id | aws.ec2.security_group_egresses |
Fields
Name | Datatype | Description |
---|---|---|
id | string | |
region | string | AWS region. |
Methods
Name | Accessible by | Required Params |
---|---|---|
create_resource | INSERT | IpProtocol, GroupId, region |
delete_resource | DELETE | data__Identifier, region |
list_resource | SELECT | region |
SELECT
Example
SELECT
region,
id
FROM aws.ec2.security_group_egresses
WHERE region = 'us-east-1';
INSERT
Example
Use the following StackQL query and manifest file to create a new security_group_egress
resource, using stack-deploy
.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.ec2.security_group_egresses (
IpProtocol,
GroupId,
region
)
SELECT
'{{ IpProtocol }}',
'{{ GroupId }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.ec2.security_group_egresses (
CidrIp,
CidrIpv6,
Description,
FromPort,
ToPort,
IpProtocol,
DestinationSecurityGroupId,
DestinationPrefixListId,
GroupId,
region
)
SELECT
'{{ CidrIp }}',
'{{ CidrIpv6 }}',
'{{ Description }}',
'{{ FromPort }}',
'{{ ToPort }}',
'{{ IpProtocol }}',
'{{ DestinationSecurityGroupId }}',
'{{ DestinationPrefixListId }}',
'{{ GroupId }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: security_group_egress
props:
- name: CidrIp
value: '{{ CidrIp }}'
- name: CidrIpv6
value: '{{ CidrIpv6 }}'
- name: Description
value: '{{ Description }}'
- name: FromPort
value: '{{ FromPort }}'
- name: ToPort
value: '{{ ToPort }}'
- name: IpProtocol
value: '{{ IpProtocol }}'
- name: DestinationSecurityGroupId
value: '{{ DestinationSecurityGroupId }}'
- name: DestinationPrefixListId
value: '{{ DestinationPrefixListId }}'
- name: GroupId
value: '{{ GroupId }}'
DELETE
Example
/*+ delete */
DELETE FROM aws.ec2.security_group_egresses
WHERE data__Identifier = '<Id>'
AND region = 'us-east-1';
Permissions
To operate on the security_group_egresses
resource, the following permissions are required:
Create
ec2:AuthorizeSecurityGroupEgress,
ec2:RevokeSecurityGroupEgress,
ec2:DescribeSecurityGroupRules
List
ec2:DescribeSecurityGroupRules
Delete
ec2:RevokeSecurityGroupEgress,
ec2:DescribeSecurityGroupRules