security_group_rule#

State module for managing EC2 Security Group Rules

async idem_aws.states.aws.ec2.security_group_rule.present(hub, ctx, name: str, group_id: str, ip_protocol: str, from_port: int, to_port: int, is_egress: bool, resource_id: str = None, cidr_ipv4: str = None, cidr_ipv6: str = None, prefix_list_id: str = None, referenced_group_info: Dict = None, tags: Dict[str, Any] = None, description: str = None) Dict[str, Any][source]#

Creates a security group rule.

Adds the specified inbound (ingress) or outbound (egress) rules to a security group:
  • An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups.You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

  • An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified source security groups. You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes. Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

Parameters:
  • name (str) – An Idem name to identify the security group rule resource.

  • group_id (str) – The ID of the security group

  • is_egress (bool) – To find the type of rule, whether it is a ingress or egress.

  • ip_protocol (str) – The IP protocol name (tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ). [VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

  • from_port (int) – The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

  • to_port (int) – The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

  • cidr_ipv4 (str, Optional) – The IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.

  • resource_id (str, Optional) – AWS Security group rule ID.

  • cidr_ipv6 (str, Optional) – The IPv6 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.

  • prefix_list_id (str, Optional) – The ID of the prefix.

  • referenced_group_info (dict, Optional) – The security group and Amazon Web Services account ID pairs.

  • description (str, Optional) – The description of the security group rule.

  • tags (dict or list, Optional) –

    Dict in the format of {tag-key: tag-value} or List of tags in the format of [{"Key": tag-key, "Value": tag-value}] to associate with the security group rule. Each tag consists of a key name and an associated value. Defaults to None.

    • Key (str, Optional):

      The key of the tag. Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

    • Value (str, Optional):

      The value of the tag. Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

Request Syntax:
[security_group_rule_name]:
  aws.ec2.security_group_rule.present:
    - group_id: 'string'
    - is_egress: 'bool'
    - ip_protocol: 'string'
    - from_port: 'int'
    - to_port: 'int'
    - cidr_ipv4: 'string'
    - cidr_ipv6: 'string'
    - prefix_list_id: 'string'
    - referenced_group_info: 'dict'
    - tags:
        - Key: 'string'
          Value: 'string'
    - description: 'string'
Returns:

Dict[str, Any]

Examples

my-sg-rule:
  aws.ec2.security_group_rule.present:
    - group_id: sg-0dd442ba9f89c5d59
    - is_egress: false
    - ip_protocol: tcp
    - from_port: 60
    - to_port: 60
    - cidr_ipv4: 0.0.0.0/0
    - tags:
        - Key: test_name5
          Value: test-rule5
    - description: 'Security group desc'
async idem_aws.states.aws.ec2.security_group_rule.absent(hub, ctx, name: str, group_id: str = None, resource_id: str = None) Dict[str, Any][source]#

Deletes a security group rule.

Parameters:
  • name (str) – An Idem name to identify the security group rule resource.

  • group_id (str, Optional) – AWS Security Group ID. Idem automatically considers this resource being absent if this field is not specified.

  • resource_id (str, Optional) – AWS Security Group rule ID. Idem automatically considers this resource being absent if this field is not specified.

Request Syntax:
[security_group_rule-resource-id]:
  aws.ec2.security_group_rule.absent:
    - name: "string"
    - resource_id: "string"
Returns:

Dict[str, Any]

Examples

resource_is_absent:
  aws.ec2.security_group_rule.absent:
    - name: value
    - group_id: "sg-0008bd25b7867b5cf"
async idem_aws.states.aws.ec2.security_group_rule.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function

Returns:

Dict[str, Any]

Examples

$ idem describe aws.ec2.security_group_rule