security_group_ingresses
Creates, updates, deletes or gets a security_group_ingress resource or lists security_group_ingresses in a region
Overview
| Name | security_group_ingresses |
| Type | Resource |
| Description | Resource Type definition for AWS::EC2::SecurityGroupIngress |
| Id | awscc.ec2.security_group_ingresses |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
id | string | The Security Group Rule Id |
cidr_ip | string | The IPv4 ranges |
cidr_ipv6 | string | [VPC only] The IPv6 ranges |
description | string | Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously |
from_port | integer | The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.<br />Use this for ICMP and any protocol that uses ports. |
group_id | string | The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.<br />You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property. |
group_name | string | The name of the security group. |
ip_protocol | string | The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).<br />[VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed. |
source_prefix_list_id | string | [EC2-VPC only] The ID of a prefix list.<br /> |
source_security_group_id | string | The ID of the security group. You must specify either the security group ID or the security group name. For security groups in a nondefault VPC, you must specify the security group ID. |
source_security_group_name | string | [EC2-Classic, default VPC] The name of the source security group.<br />You must specify the GroupName property or the GroupId property. For security groups that are in a VPC, you must use the GroupId property. |
source_security_group_owner_id | string | [nondefault VPC] The AWS account ID that owns the source security group. You can't specify this property with an IP address range.<br />If you specify SourceSecurityGroupName or SourceSecurityGroupId and that security group is owned by a different account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId; otherwise, this property is optional. |
to_port | integer | The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes.<br />Use this for ICMP and any protocol that uses ports. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
id | string | The Security Group Rule Id |
region | string | AWS region. |
For more information, see AWS::EC2::SecurityGroupIngress.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | security_group_ingresses | INSERT | IpProtocol, region |
delete_resource | security_group_ingresses | DELETE | Identifier, region |
update_resource | security_group_ingresses | UPDATE | Identifier, PatchDocument, region |
list_resources | security_group_ingresses_list_only | SELECT | region |
get_resource | security_group_ingresses | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual security_group_ingress.
SELECT
region,
id,
cidr_ip,
cidr_ipv6,
description,
from_port,
group_id,
group_name,
ip_protocol,
source_prefix_list_id,
source_security_group_id,
source_security_group_name,
source_security_group_owner_id,
to_port
FROM awscc.ec2.security_group_ingresses
WHERE
region = 'us-east-1' AND
Identifier = '{{ id }}';
Lists all security_group_ingresses in a region.
SELECT
region,
id
FROM awscc.ec2.security_group_ingresses_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new security_group_ingress resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.ec2.security_group_ingresses (
IpProtocol,
region
)
SELECT
'{{ ip_protocol }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.ec2.security_group_ingresses (
CidrIp,
CidrIpv6,
Description,
FromPort,
GroupId,
GroupName,
IpProtocol,
SourcePrefixListId,
SourceSecurityGroupId,
SourceSecurityGroupName,
SourceSecurityGroupOwnerId,
ToPort,
region
)
SELECT
'{{ cidr_ip }}',
'{{ cidr_ipv6 }}',
'{{ description }}',
'{{ from_port }}',
'{{ group_id }}',
'{{ group_name }}',
'{{ ip_protocol }}',
'{{ source_prefix_list_id }}',
'{{ source_security_group_id }}',
'{{ source_security_group_name }}',
'{{ source_security_group_owner_id }}',
'{{ to_port }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: security_group_ingress
props:
- name: cidr_ip
value: '{{ cidr_ip }}'
- name: cidr_ipv6
value: '{{ cidr_ipv6 }}'
- name: description
value: '{{ description }}'
- name: from_port
value: '{{ from_port }}'
- name: group_id
value: '{{ group_id }}'
- name: group_name
value: '{{ group_name }}'
- name: ip_protocol
value: '{{ ip_protocol }}'
- name: source_prefix_list_id
value: '{{ source_prefix_list_id }}'
- name: source_security_group_id
value: '{{ source_security_group_id }}'
- name: source_security_group_name
value: '{{ source_security_group_name }}'
- name: source_security_group_owner_id
value: '{{ source_security_group_owner_id }}'
- name: to_port
value: '{{ to_port }}'
UPDATE example
Use the following StackQL query and manifest file to update a security_group_ingress resource, using stack-deploy.
/*+ update */
UPDATE awscc.ec2.security_group_ingresses
SET PatchDocument = string('{{ {
"Description": description
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.ec2.security_group_ingresses
WHERE
Identifier = '{{ id }}' AND
region = 'us-east-1';
Permissions
To operate on the security_group_ingresses resource, the following permissions are required:
- Create
- Update
- Delete
- Read
- List
ec2:DescribeSecurityGroupRules,
ec2:AuthorizeSecurityGroupIngress
ec2:UpdateSecurityGroupRuleDescriptionsIngress
ec2:DescribeSecurityGroupRules,
ec2:RevokeSecurityGroupIngress
ec2:DescribeSecurityGroups,
ec2:DescribeSecurityGroupRules
ec2:DescribeSecurityGroupRules