aws.ec2-security-group-ingress-rule resource¶
Description¶
SecurityGroupIngressRule is one inbound rule on a VPC security group. It authorizes traffic from a single source -- an IPv4 or IPv6 CIDR, a prefix list, or another security group -- for a protocol and optional port range. Each property maps to the AWS SDK field that holds it; the description rides inside the chosen source rather than as a standalone field.
Source: internal/service/ec2/security_group_ingress_rule_rsrc.go:16
Example usage:
imports: {
aws: 'github.com/cloudboss/unobin-library-aws'
}
resources: {
example: aws.ec2-security-group-ingress-rule {
# Set input fields here.
}
}
Inputs¶
security-group-id
string
ip-protocol
string
from-port
optional(integer)
to-port
optional(integer)
cidr-ipv4
optional(string)
cidr-ipv6
optional(string)
prefix-list-id
optional(string)
referenced-security-group-id
optional(string)
description
optional(string)
tags
map(string)
Input Constraints¶
Field combinations
Exactly one of cidr-ipv4, cidr-ipv6, prefix-list-id, or referenced-security-group-id.
From port rules
from-port must be between -1 and 65535.
Rule logic
- When
input.from-port != null- Require
(input.from-port == null || input.from-port >= -1)
&& (input.from-port == null || input.from-port <= 65535)
To port rules
to-port must be between -1 and 65535.
Rule logic
- When
input.to-port != null- Require
(input.to-port == null || input.to-port >= -1)
&& (input.to-port == null || input.to-port <= 65535)
Outputs¶
security-group-rule-id
string
arn
string