Interface ISecurityGroupRuleConfig

NetworkConfig / VpcConfig | VpcTemplatesConfig / SecurityGroupConfig / SecurityGroupRuleConfig

Description

Use this configuration to define ingress and egress rules for your security groups. The rules of a security group control the inbound traffic that's allowed to reach the resources that are associated with the security group. The rules also control the outbound traffic that's allowed to leave them.

Example

CIDR source:

- description: Remote access security group
  types:
    - RDP
    - SSH
  sources:
    - 10.0.0.0/16

Security group source:

- description: Remote access security group
  types:
    - RDP
    - SSH
  sources:
    - securityGroups:
      - accelerator-sg

Prefix list source:

- description: Remote access security group
  types:
    - RDP
    - SSH
  sources:
    - prefixLists:
      - accelerator-pl

Subnet source:

- description: Remote access security group
  types:
    - RDP
    - SSH
  sources:
    - account: Network
      vpc: Network-Endpoints
      subnets:
        - Network-Endpoints-A

IP Protocol:

- description: 'IP Protocol Rule'
  ipProtocols:
    - ESP
    - IDRP
    - ST
  sources:
    - 10.0.0.0/8

interface ISecurityGroupRuleConfig {
    description: string;
    fromPort?: number;
    ipProtocols?: string[];
    sources: (
        | string
        | ISubnetSourceConfig
        | ISecurityGroupSourceConfig
        | IPrefixListSourceConfig)[];
    tcpPorts?: number[];
    toPort?: number;
    types?: SecurityGroupRuleType[];
    udpPorts?: number[];
}

Index

Properties

description fromPort? ipProtocols? sources tcpPorts? toPort? types? udpPorts?

Properties

`Readonly`description

description: string

A description for the security group rule.

`Optional` `Readonly`fromPort

fromPort?: number

(OPTIONAL) The port to start from in the security group rule.

Remarks

Use only for rules that are using the TCP, UDP, or ICMP types. Leave undefined for other rule types.

For TCP/UDP rules, this is the start of the port range.

For ICMP rules, this is the ICMP type number. A value of -1 indicates all types. The value of toPort must also be -1 if this value is -1.

`Optional` `Readonly`ipProtocols

ipProtocols?: string[]

(OPTIONAL) An array of custom IP Protocols for the security group rule

Remarks

Use only IP protocols that aren't either of the following: 'RDP', 'SSH', 'HTTP', 'HTTPS', 'MSSQL', 'MYSQL/AURORA', 'REDSHIFT', 'POSTGRESQL', 'ORACLE-RDS', 'TCP', 'UDP','ICMP','ALL'.

For input values, please use values from the Keyword column via - https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

NOTE: Can only use ipProtocols or 'types'. If you need to allow the same source IP address, use multiple ingress/egress rules.

`Readonly`sources

sources: (
    | string
    | ISubnetSourceConfig
    | ISecurityGroupSourceConfig
    | IPrefixListSourceConfig)[]

An array of sources for the security group rule.

Remarks

Valid sources are CIDR ranges, security group rules, prefix lists, and subnets.

See

SecurityGroupSourceConfig | PrefixListSourceConfig | SubnetSourceConfig

`Optional` `Readonly`tcpPorts

tcpPorts?: number[]

(OPTIONAL) An array of TCP ports to include in the security group rule.

Remarks

Use this property when you need to define ports that are not the common applications available in types. Leave undefined if using the types property.

`Optional` `Readonly`toPort

toPort?: number

(OPTIONAL) The port to end with in the security group rule.

Remarks

Use only for rules that are using the TCP, UDP, or ICMP types. Leave undefined for other rule types.

For TCP/UDP type rules, this is the end of the port range.

For ICMP type rules, this is the ICMP code number. A value of -1 indicates all types. The value must be -1 if the value of fromPort is -1.

`Optional` `Readonly`types

types?: SecurityGroupRuleType[]

(OPTIONAL) An array of port/protocol types to include in the security group rule.

Remarks

Use ALL to create a rule that allows all ports/protocols.
Use ICMP along with fromPort and toPort to create ICMP protocol rules. ICMP fromPort/toPort values use the same convention as the CloudFormation reference.
Use TCP or UDP along with fromPort and toPort to create TCP/UDP rules that target a range of ports.
Use any of the other common types included to create a rule that allows that specific application port/protocol.
You can leave this property undefined and use tcpPorts and udpPorts independently to define multiple TCP/UDP rules.

See

NetworkConfigTypes.securityGroupRuleTypeEnum

`Optional` `Readonly`udpPorts

udpPorts?: number[]

(OPTIONAL) An array of UDP ports to include in the security group rule.

Remarks

Use this property when you need to define ports that are not the common applications available in types. Leave undefined if using the types property.

Interface ISecurityGroupRuleConfig

Description

Example

Index

Properties

Properties

`Readonly`description

`Optional` `Readonly`fromPort

Remarks

`Optional` `Readonly`ipProtocols

Remarks

`Readonly`sources

Remarks

See

`Optional` `Readonly`tcpPorts

Remarks

`Optional` `Readonly`toPort

Remarks

`Optional` `Readonly`types

Remarks

See

`Optional` `Readonly`udpPorts

Remarks

Settings

On This Page

Interface ISecurityGroupRuleConfig

Description

Example

Index

Properties

Properties

Readonlydescription

Optional ReadonlyfromPort

Remarks

Optional ReadonlyipProtocols

Remarks

Readonlysources

Remarks

See

Optional ReadonlytcpPorts

Remarks

Optional ReadonlytoPort

Remarks

Optional Readonlytypes

Remarks

See

Optional ReadonlyudpPorts

Remarks

Settings

On This Page

`Readonly`description

`Optional` `Readonly`fromPort

`Optional` `Readonly`ipProtocols

`Readonly`sources

`Optional` `Readonly`tcpPorts

`Optional` `Readonly`toPort

`Optional` `Readonly`types

`Optional` `Readonly`udpPorts