Class SecurityGroupRuleConfig

NetworkConfig / VpcConfig | VpcTemplatesConfig / SecurityGroupConfig / SecurityGroupRuleConfig

Security group rule configuration. Use this configuration to define ingress and egress rules for your security groups. The rules of a security group control the inbound traffic that's allowed to reach the resources that are associated with the security group. The rules also control the outbound traffic that's allowed to leave them.

Example

CIDR source:

- description: Remote access security group
  types:
    - RDP
    - SSH
  sources:
    - 10.0.0.0/16

Security group source:

- description: Remote access security group
  types:
    - RDP
    - SSH
  sources:
    - securityGroups:
      - accelerator-sg

Prefix list source:

- description: Remote access security group
  types:
    - RDP
    - SSH
  sources:
    - prefixLists:
      - accelerator-pl

Subnet source:

- description: Remote access security group
  types:
    - RDP
    - SSH
  sources:
    - account: Network
      vpc: Network-Endpoints
      subnets:
        - Network-Endpoints-A

IP Protocol:

- description: 'IP Protocol Rule'
  ipProtocols:
    - ESP
    - IDRP
    - ST
  sources:
    - 10.0.0.0/8

Hierarchy

SecurityGroupRuleConfig

Implements

TypeOf<typeof securityGroupRuleConfig>

Index

Constructors

constructor

Properties

description fromPort ipProtocols sources tcpPorts toPort types udpPorts

Constructors

constructor

new SecurityGroupRuleConfig(): SecurityGroupRuleConfig
Returns SecurityGroupRuleConfig

Properties

`Readonly` description

description: string = ''

A description for the security group rule.

`Readonly` fromPort

fromPort: undefined | number = undefined

(OPTIONAL) The port to start from in the security group rule.

Remarks

Use only for rules that are using the TCP, UDP, or ICMP types. Leave undefined for other rule types.

For TCP/UDP rules, this is the start of the port range.

For ICMP rules, this is the ICMP type number. A value of -1 indicates all types. The value of toPort must also be -1 if this value is -1.

`Readonly` ipProtocols

ipProtocols: string[] = []

(OPTIONAL) An array of custom IP Protocols for the security group rule

Remarks

Use only IP protocols that aren't either of the following: 'RDP', 'SSH', 'HTTP', 'HTTPS', 'MSSQL', 'MYSQL/AURORA', 'REDSHIFT', 'POSTGRESQL', 'ORACLE-RDS', 'TCP', 'UDP','ICMP','ALL'.

For input values, please use values from the Keyword column via - https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

NOTE: Can only use ipProtocols or 'types'. If you need to allow the same source IP address, use multiple ingress/egress rules.

`Readonly` sources

sources: string[] | SecurityGroupSourceConfig[] | PrefixListSourceConfig[] | SubnetSourceConfig[] = []

An array of sources for the security group rule.

Remarks

Valid sources are CIDR ranges, security group rules, prefix lists, and subnets.

See

SecurityGroupSourceConfig | PrefixListSourceConfig | SubnetSourceConfig

`Readonly` tcpPorts

tcpPorts: undefined | number[] = undefined

(OPTIONAL) An array of TCP ports to include in the security group rule.

Remarks

Use this property when you need to define ports that are not the common applications available in types. Leave undefined if using the types property.

`Readonly` toPort

toPort: undefined | number = undefined

(OPTIONAL) The port to end with in the security group rule.

Remarks

Use only for rules that are using the TCP, UDP, or ICMP types. Leave undefined for other rule types.

For TCP/UDP type rules, this is the end of the port range.

For ICMP type rules, this is the ICMP code number. A value of -1 indicates all types. The value must be -1 if the value of fromPort is -1.

`Readonly` types

(OPTIONAL) An array of port/protocol types to include in the security group rule.

Remarks

Use ALL to create a rule that allows all ports/protocols.
Use ICMP along with fromPort and toPort to create ICMP protocol rules. ICMP fromPort/toPort values use the same convention as the CloudFormation reference.
Use TCP or UDP along with fromPort and toPort to create TCP/UDP rules that target a range of ports.
Use any of the other common types included to create a rule that allows that specific application port/protocol.
You can leave this property undefined and use tcpPorts and udpPorts independently to define multiple TCP/UDP rules.

See

securityGroupRuleTypeEnum

`Readonly` udpPorts

udpPorts: undefined | number[] = undefined

(OPTIONAL) An array of UDP ports to include in the security group rule.

Remarks

Use this property when you need to define ports that are not the common applications available in types. Leave undefined if using the types property.

Class SecurityGroupRuleConfig

Example

Hierarchy

Implements

Index

Constructors

Properties

Constructors

constructor

Returns SecurityGroupRuleConfig

Properties

`Readonly` description

`Readonly` fromPort

Remarks

`Readonly` ipProtocols

Remarks

`Readonly` sources

Remarks

See

`Readonly` tcpPorts

Remarks

`Readonly` toPort

Remarks

`Readonly` types

Remarks

See

`Readonly` udpPorts

Remarks

Settings

Member Visibility

Theme

Class SecurityGroupRuleConfig

Example

Hierarchy

Implements

Index

Constructors

Properties

Constructors

constructor

Returns SecurityGroupRuleConfig

Properties

Readonly description

Readonly fromPort

Remarks

Readonly ipProtocols

Remarks

Readonly sources

Remarks

See

Readonly tcpPorts

Remarks

Readonly toPort

Remarks

Readonly types

Remarks

See

Readonly udpPorts

Remarks

Settings

Member Visibility

Theme

`Readonly` description

`Readonly` fromPort

`Readonly` ipProtocols

`Readonly` sources

`Readonly` tcpPorts

`Readonly` toPort

`Readonly` types

`Readonly` udpPorts