ISecurityGroup

class aws_cdk.aws_ec2.ISecurityGroup(*args, **kwargs)

Bases: IResource, IPeer, Protocol

Interface for security group-like objects.

Methods

add_egress_rule(peer, connection, description=None, remote_rule=None)

Add an egress rule for the current security group.

remoteRule controls where the Rule object is created if the peer is also a securityGroup and they are in different stack. If false (default) the rule object is created under the current SecurityGroup object. If true and the peer is also a SecurityGroup, the rule object is created under the remote SecurityGroup object.

Parameters:

  • peer (IPeer) –

  • connection (Port) –

  • description (Optional[str]) –

  • remote_rule (Optional[bool]) –

Return type:

None

add_ingress_rule(peer, connection, description=None, remote_rule=None)

Add an ingress rule for the current security group.

remoteRule controls where the Rule object is created if the peer is also a securityGroup and they are in different stack. If false (default) the rule object is created under the current SecurityGroup object. If true and the peer is also a SecurityGroup, the rule object is created under the remote SecurityGroup object.

Parameters:

  • peer (IPeer) –

  • connection (Port) –

  • description (Optional[str]) –

  • remote_rule (Optional[bool]) –

Return type:

None

apply_removal_policy(policy)

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:

policy (RemovalPolicy) –

Return type:

None

to_egress_rule_config()

Produce the egress rule JSON for the given connection.

Return type:

Any

to_ingress_rule_config()

Produce the ingress rule JSON for the given connection.

Return type:

Any

Attributes

allow_all_outbound

Whether the SecurityGroup has been configured to allow all outbound traffic.

can_inline_rule

Whether the rule can be inlined into a SecurityGroup or not.

connections

The network connections associated with this resource.

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

node

The tree node.

security_group_id

ID for the current security group.

Attribute:

true

stack

The stack in which this resource is defined.

unique_id

A unique identifier for this connection peer.