AWS Fundamentals Logo
AWS Fundamentals
L1 ConstructAWS::EC2::SecurityGroup

CfnSecurityGroup

Specifies a security group. You must specify ingress rules to allow inbound traffic. By default, no inbound traffic is allowed. When you create a security group, if you do not add egress rules, we add egress rules that allow all outbound IPv4 and IPv6 traffic. Otherwise, we do not add them. After the security group is created, if you remove all egress rules that you added, we do not add egress rules, so no outbound traffic is allowed. If you modify a rule, CloudFormation removes the existing rule and then adds a new rule. There is a brief period when neither the original rule or the new rule exists, so the corresponding traffic is dropped. This type supports updates. For more information about updating stacks, see [AWS CloudFormation Stacks Updates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html) . > To cross-reference two security groups in the ingress and egress rules of those security groups, use the [AWS::EC2::SecurityGroupEgress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-egress.html) and [AWS::EC2::SecurityGroupIngress](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-security-group-ingress.html) resources to define your rules. Do not use the embedded ingress and egress rules in the `AWS::EC2::SecurityGroup` . Doing so creates a circular dependency, which CloudFormation doesn't allow.

Import

import { CfnSecurityGroup } from 'aws-cdk-lib/aws-ec2';

Or use the module namespace:

import * as ec2 from 'aws-cdk-lib/aws-ec2';
// ec2.CfnSecurityGroup

Properties

Configuration passed to the constructor as CfnSecurityGroupProps.

groupDescriptionRequired
string

A description for the security group. Constraints: Up to 255 characters in length Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

groupNameOptional
string

The name of the security group. Names are case-insensitive and must be unique within the VPC. Constraints: Up to 255 characters in length. Can't start with `sg-` . Valid characters: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

securityGroupEgressOptional
IResolvable | IResolvable | EgressProperty[]

The outbound rules associated with the security group.

securityGroupIngressOptional
IResolvable | IResolvable | IngressProperty[]

The inbound rules associated with the security group.

tagsOptional
CfnTag[]

Any tags assigned to the security group.

vpcIdOptional
string | IVPCRef

The ID of the VPC for the security group. If you do not specify a VPC, the default is to use the default VPC for the Region. If there's no specified VPC and no default VPC, security group creation fails.

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::EC2::SecurityGroupView in CloudFormation Explorer

Get the Amazon EC2 Cheat Sheet

Everything you need to know about Amazon EC2 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

LevelL1 (CloudFormation)
Moduleaws-ec2
CFN TypeAWS::EC2::SecurityGroup
Properties6

Related Constructs

Explore This Service

External Links