security_group_ingresses

Creates, updates, deletes or gets a security_group_ingress resource or lists security_group_ingresses in a region

Overview

Name	`security_group_ingresses`
Type	Resource
Description	Resource Type definition for AWS::EC2::SecurityGroupIngress
Id	`aws.ec2.security_group_ingresses`

Fields

Name	Datatype	Description
`id`	`string`	The Security Group Rule Id
`cidr_ip`	`string`	The IPv4 ranges
`cidr_ipv6`	`string`	[VPC only] The IPv6 ranges
`description`	`string`	Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously
`from_port`	`integer`	The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes. Use this for ICMP and any protocol that uses ports.
`group_id`	`string`	The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID. You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property.
`group_name`	`string`	The name of the security group.
`ip_protocol`	`string`	The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers). [VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.
`source_prefix_list_id`	`string`	[EC2-VPC only] The ID of a prefix list.
`source_security_group_id`	`string`	The ID of the security group. You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID.
`source_security_group_name`	`string`	[EC2-Classic, default VPC] The name of the source security group. You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property.
`source_security_group_owner_id`	`string`	[nondefault VPC] The AWS account ID that owns the source security group. You can't specify this property with an IP address range. If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId; otherwise, this property is optional.
`to_port`	`integer`	The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes. Use this for ICMP and any protocol that uses ports.
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`IpProtocol, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all security_group_ingresses in a region.

SELECT
region,
id,
cidr_ip,
cidr_ipv6,
description,
from_port,
group_id,
group_name,
ip_protocol,
source_prefix_list_id,
source_security_group_id,
source_security_group_name,
source_security_group_owner_id,
to_port
FROM aws.ec2.security_group_ingresses
WHERE region = 'us-east-1';

Gets all properties from an individual security_group_ingress.

SELECT
region,
id,
cidr_ip,
cidr_ipv6,
description,
from_port,
group_id,
group_name,
ip_protocol,
source_prefix_list_id,
source_security_group_id,
source_security_group_name,
source_security_group_owner_id,
to_port
FROM aws.ec2.security_group_ingresses
WHERE region = 'us-east-1' AND data__Identifier = '<Id>';

`INSERT` example

Use the following StackQL query and manifest file to create a new security_group_ingress resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.ec2.security_group_ingresses (
 IpProtocol,
 region
)
SELECT 
'{{ IpProtocol }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.ec2.security_group_ingresses (
 CidrIp,
 CidrIpv6,
 Description,
 FromPort,
 GroupId,
 GroupName,
 IpProtocol,
 SourcePrefixListId,
 SourceSecurityGroupId,
 SourceSecurityGroupName,
 SourceSecurityGroupOwnerId,
 ToPort,
 region
)
SELECT 
 '{{ CidrIp }}',
 '{{ CidrIpv6 }}',
 '{{ Description }}',
 '{{ FromPort }}',
 '{{ GroupId }}',
 '{{ GroupName }}',
 '{{ IpProtocol }}',
 '{{ SourcePrefixListId }}',
 '{{ SourceSecurityGroupId }}',
 '{{ SourceSecurityGroupName }}',
 '{{ SourceSecurityGroupOwnerId }}',
 '{{ ToPort }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: security_group_ingress
    props:
      - name: CidrIp
        value: '{{ CidrIp }}'
      - name: CidrIpv6
        value: '{{ CidrIpv6 }}'
      - name: Description
        value: '{{ Description }}'
      - name: FromPort
        value: '{{ FromPort }}'
      - name: GroupId
        value: '{{ GroupId }}'
      - name: GroupName
        value: '{{ GroupName }}'
      - name: IpProtocol
        value: '{{ IpProtocol }}'
      - name: SourcePrefixListId
        value: '{{ SourcePrefixListId }}'
      - name: SourceSecurityGroupId
        value: '{{ SourceSecurityGroupId }}'
      - name: SourceSecurityGroupName
        value: '{{ SourceSecurityGroupName }}'
      - name: SourceSecurityGroupOwnerId
        value: '{{ SourceSecurityGroupOwnerId }}'
      - name: ToPort
        value: '{{ ToPort }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.ec2.security_group_ingresses
WHERE data__Identifier = '<Id>'
AND region = 'us-east-1';

Permissions

To operate on the security_group_ingresses resource, the following permissions are required:

Create

ec2:DescribeSecurityGroupRules,
ec2:AuthorizeSecurityGroupIngress

Update

ec2:UpdateSecurityGroupRuleDescriptionsIngress

Delete

ec2:DescribeSecurityGroupRules,
ec2:RevokeSecurityGroupIngress

Read

ec2:DescribeSecurityGroups,
ec2:DescribeSecurityGroupRules

List

ec2:DescribeSecurityGroupRules

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Update​

Delete​

Read​

List​