AwsEc2SecurityGroupIpPermission - Amazon Security Hub
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AwsEc2SecurityGroupIpPermission

An IP permission for an EC2 security group.

Contents

FromPort

The start of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Type: Integer

Required: No

IpProtocol

The IP protocol name (tcp, udp, icmp, icmpv6) or number.

[VPC only] Use -1 to specify all protocols.

When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify.

For tcp, udp, and icmp, you must specify a port range.

For icmpv6, the port range is optional. If you omit the port range, traffic for all types and codes is allowed.

Type: String

Pattern: .*\S.*

Required: No

IpRanges

The IPv4 ranges.

Type: Array of AwsEc2SecurityGroupIpRange objects

Required: No

Ipv6Ranges

The IPv6 ranges.

Type: Array of AwsEc2SecurityGroupIpv6Range objects

Required: No

PrefixListIds

[VPC only] The prefix list IDs for an Amazon service. With outbound rules, this is the Amazon service to access through a VPC endpoint from instances associated with the security group.

Type: Array of AwsEc2SecurityGroupPrefixListId objects

Required: No

ToPort

The end of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Type: Integer

Required: No

UserIdGroupPairs

The security group and Amazon Web Services account ID pairs.

Type: Array of AwsEc2SecurityGroupUserIdGroupPair objects

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: