Skip to content

aws.ec2-security-group resource

Description

SecurityGroup is an EC2 security group: a named, stateful firewall attached to a VPC. The fields mirror the EC2 CreateSecurityGroup API. The name, description, and VPC fix the group's identity, so a change to any of them replaces the group; only the tags change in place. This resource manages the group itself, not its rules: it removes the allow-all egress rule EC2 attaches to a new group, so the group's egress is only what the separate egress rule resources declare; ingress and egress rules are managed by those resources.

Source: internal/service/ec2/security_group_rsrc.go:29

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.ec2-security-group {
    # Set input fields here.
  }
}

Inputs

name

optional(string)

name-prefix

optional(string)

description

string

required

vpc-id

optional(string)

tags

map(string)

revoke-rules-on-delete

optional(boolean)

RevokeRulesOnDelete, when true, strips this group's own rules before the group is deleted, so the delete is not blocked by a rule that references another group. It is a delete-time switch with no presence in the cloud, so it is never sent to create or read.

Input Constraints

Field combinations

At most one of name or name-prefix.

Outputs

id

string

arn

string

owner-id

string