Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.ec2.DefaultSecurityGroup
Explore with Pulumi AI
Provides a resource to manage a default security group. This resource can manage the default security group of the default or a non-default VPC.
NOTE: This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The
aws.ec2.DefaultSecurityGroupresource behaves differently from normal resources. This provider does not create this resource but instead attempts to “adopt” it into management.
When the provider first begins managing the default security group, it immediately removes all ingress and egress rules in the Security Group. It then creates any rules specified in the configuration. This way only the rules specified in the configuration are created.
This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diff shown. For these reasons, this resource is incompatible with the aws.ec2.SecurityGroupRule resource.
For more information about default security groups, see the AWS documentation on [Default Security Groups][aws-default-security-groups]. To manage normal security groups, see the aws.ec2.SecurityGroup resource.
Example Usage
The following config gives the default security group the same rules that AWS provides by default but under management by this provider. This means that any ingress or egress rules added or changed will be detected as drift.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultSecurityGroup("default", {
vpcId: mainvpc.id,
ingress: [{
protocol: "-1",
self: true,
fromPort: 0,
toPort: 0,
}],
egress: [{
fromPort: 0,
toPort: 0,
protocol: "-1",
cidrBlocks: ["0.0.0.0/0"],
}],
});
import pulumi
import pulumi_aws as aws
mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
default = aws.ec2.DefaultSecurityGroup("default",
vpc_id=mainvpc.id,
ingress=[{
"protocol": "-1",
"self": True,
"from_port": 0,
"to_port": 0,
}],
egress=[{
"from_port": 0,
"to_port": 0,
"protocol": "-1",
"cidr_blocks": ["0.0.0.0/0"],
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.1.0.0/16"),
})
if err != nil {
return err
}
_, err = ec2.NewDefaultSecurityGroup(ctx, "default", &ec2.DefaultSecurityGroupArgs{
VpcId: mainvpc.ID(),
Ingress: ec2.DefaultSecurityGroupIngressArray{
&ec2.DefaultSecurityGroupIngressArgs{
Protocol: pulumi.String("-1"),
Self: pulumi.Bool(true),
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
},
},
Egress: ec2.DefaultSecurityGroupEgressArray{
&ec2.DefaultSecurityGroupEgressArgs{
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
Protocol: pulumi.String("-1"),
CidrBlocks: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
{
CidrBlock = "10.1.0.0/16",
});
var @default = new Aws.Ec2.DefaultSecurityGroup("default", new()
{
VpcId = mainvpc.Id,
Ingress = new[]
{
new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
{
Protocol = "-1",
Self = true,
FromPort = 0,
ToPort = 0,
},
},
Egress = new[]
{
new Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs
{
FromPort = 0,
ToPort = 0,
Protocol = "-1",
CidrBlocks = new[]
{
"0.0.0.0/0",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Vpc;
import com.pulumi.aws.ec2.VpcArgs;
import com.pulumi.aws.ec2.DefaultSecurityGroup;
import com.pulumi.aws.ec2.DefaultSecurityGroupArgs;
import com.pulumi.aws.ec2.inputs.DefaultSecurityGroupIngressArgs;
import com.pulumi.aws.ec2.inputs.DefaultSecurityGroupEgressArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var mainvpc = new Vpc("mainvpc", VpcArgs.builder()
.cidrBlock("10.1.0.0/16")
.build());
var default_ = new DefaultSecurityGroup("default", DefaultSecurityGroupArgs.builder()
.vpcId(mainvpc.id())
.ingress(DefaultSecurityGroupIngressArgs.builder()
.protocol(-1)
.self(true)
.fromPort(0)
.toPort(0)
.build())
.egress(DefaultSecurityGroupEgressArgs.builder()
.fromPort(0)
.toPort(0)
.protocol("-1")
.cidrBlocks("0.0.0.0/0")
.build())
.build());
}
}
resources:
mainvpc:
type: aws:ec2:Vpc
properties:
cidrBlock: 10.1.0.0/16
default:
type: aws:ec2:DefaultSecurityGroup
properties:
vpcId: ${mainvpc.id}
ingress:
- protocol: -1
self: true
fromPort: 0
toPort: 0
egress:
- fromPort: 0
toPort: 0
protocol: '-1'
cidrBlocks:
- 0.0.0.0/0
Example Config To Deny All Egress Traffic, Allowing Ingress
The following denies all Egress traffic by omitting any egress rules, while including the default ingress rule to allow all traffic.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultSecurityGroup("default", {
vpcId: mainvpc.id,
ingress: [{
protocol: "-1",
self: true,
fromPort: 0,
toPort: 0,
}],
});
import pulumi
import pulumi_aws as aws
mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
default = aws.ec2.DefaultSecurityGroup("default",
vpc_id=mainvpc.id,
ingress=[{
"protocol": "-1",
"self": True,
"from_port": 0,
"to_port": 0,
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.1.0.0/16"),
})
if err != nil {
return err
}
_, err = ec2.NewDefaultSecurityGroup(ctx, "default", &ec2.DefaultSecurityGroupArgs{
VpcId: mainvpc.ID(),
Ingress: ec2.DefaultSecurityGroupIngressArray{
&ec2.DefaultSecurityGroupIngressArgs{
Protocol: pulumi.String("-1"),
Self: pulumi.Bool(true),
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
{
CidrBlock = "10.1.0.0/16",
});
var @default = new Aws.Ec2.DefaultSecurityGroup("default", new()
{
VpcId = mainvpc.Id,
Ingress = new[]
{
new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
{
Protocol = "-1",
Self = true,
FromPort = 0,
ToPort = 0,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Vpc;
import com.pulumi.aws.ec2.VpcArgs;
import com.pulumi.aws.ec2.DefaultSecurityGroup;
import com.pulumi.aws.ec2.DefaultSecurityGroupArgs;
import com.pulumi.aws.ec2.inputs.DefaultSecurityGroupIngressArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var mainvpc = new Vpc("mainvpc", VpcArgs.builder()
.cidrBlock("10.1.0.0/16")
.build());
var default_ = new DefaultSecurityGroup("default", DefaultSecurityGroupArgs.builder()
.vpcId(mainvpc.id())
.ingress(DefaultSecurityGroupIngressArgs.builder()
.protocol(-1)
.self(true)
.fromPort(0)
.toPort(0)
.build())
.build());
}
}
resources:
mainvpc:
type: aws:ec2:Vpc
properties:
cidrBlock: 10.1.0.0/16
default:
type: aws:ec2:DefaultSecurityGroup
properties:
vpcId: ${mainvpc.id}
ingress:
- protocol: -1
self: true
fromPort: 0
toPort: 0
Removing aws.ec2.DefaultSecurityGroup From Your Configuration
Removing this resource from your configuration will remove it from your statefile and management, but will not destroy the Security Group. All ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console.
Create DefaultSecurityGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DefaultSecurityGroup(name: string, args?: DefaultSecurityGroupArgs, opts?: CustomResourceOptions);@overload
def DefaultSecurityGroup(resource_name: str,
args: Optional[DefaultSecurityGroupArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def DefaultSecurityGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
egress: Optional[Sequence[DefaultSecurityGroupEgressArgs]] = None,
ingress: Optional[Sequence[DefaultSecurityGroupIngressArgs]] = None,
revoke_rules_on_delete: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
vpc_id: Optional[str] = None)func NewDefaultSecurityGroup(ctx *Context, name string, args *DefaultSecurityGroupArgs, opts ...ResourceOption) (*DefaultSecurityGroup, error)public DefaultSecurityGroup(string name, DefaultSecurityGroupArgs? args = null, CustomResourceOptions? opts = null)
public DefaultSecurityGroup(String name, DefaultSecurityGroupArgs args)
public DefaultSecurityGroup(String name, DefaultSecurityGroupArgs args, CustomResourceOptions options)
type: aws:ec2:DefaultSecurityGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DefaultSecurityGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DefaultSecurityGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DefaultSecurityGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DefaultSecurityGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DefaultSecurityGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var defaultSecurityGroupResource = new Aws.Ec2.DefaultSecurityGroup("defaultSecurityGroupResource", new()
{
Egress = new[]
{
new Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs
{
FromPort = 0,
Protocol = "string",
ToPort = 0,
CidrBlocks = new[]
{
"string",
},
Description = "string",
Ipv6CidrBlocks = new[]
{
"string",
},
PrefixListIds = new[]
{
"string",
},
SecurityGroups = new[]
{
"string",
},
Self = false,
},
},
Ingress = new[]
{
new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
{
FromPort = 0,
Protocol = "string",
ToPort = 0,
CidrBlocks = new[]
{
"string",
},
Description = "string",
Ipv6CidrBlocks = new[]
{
"string",
},
PrefixListIds = new[]
{
"string",
},
SecurityGroups = new[]
{
"string",
},
Self = false,
},
},
RevokeRulesOnDelete = false,
Tags =
{
{ "string", "string" },
},
VpcId = "string",
});
example, err := ec2.NewDefaultSecurityGroup(ctx, "defaultSecurityGroupResource", &ec2.DefaultSecurityGroupArgs{
Egress: ec2.DefaultSecurityGroupEgressArray{
&ec2.DefaultSecurityGroupEgressArgs{
FromPort: pulumi.Int(0),
Protocol: pulumi.String("string"),
ToPort: pulumi.Int(0),
CidrBlocks: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Ipv6CidrBlocks: pulumi.StringArray{
pulumi.String("string"),
},
PrefixListIds: pulumi.StringArray{
pulumi.String("string"),
},
SecurityGroups: pulumi.StringArray{
pulumi.String("string"),
},
Self: pulumi.Bool(false),
},
},
Ingress: ec2.DefaultSecurityGroupIngressArray{
&ec2.DefaultSecurityGroupIngressArgs{
FromPort: pulumi.Int(0),
Protocol: pulumi.String("string"),
ToPort: pulumi.Int(0),
CidrBlocks: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Ipv6CidrBlocks: pulumi.StringArray{
pulumi.String("string"),
},
PrefixListIds: pulumi.StringArray{
pulumi.String("string"),
},
SecurityGroups: pulumi.StringArray{
pulumi.String("string"),
},
Self: pulumi.Bool(false),
},
},
RevokeRulesOnDelete: pulumi.Bool(false),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
VpcId: pulumi.String("string"),
})
var defaultSecurityGroupResource = new DefaultSecurityGroup("defaultSecurityGroupResource", DefaultSecurityGroupArgs.builder()
.egress(DefaultSecurityGroupEgressArgs.builder()
.fromPort(0)
.protocol("string")
.toPort(0)
.cidrBlocks("string")
.description("string")
.ipv6CidrBlocks("string")
.prefixListIds("string")
.securityGroups("string")
.self(false)
.build())
.ingress(DefaultSecurityGroupIngressArgs.builder()
.fromPort(0)
.protocol("string")
.toPort(0)
.cidrBlocks("string")
.description("string")
.ipv6CidrBlocks("string")
.prefixListIds("string")
.securityGroups("string")
.self(false)
.build())
.revokeRulesOnDelete(false)
.tags(Map.of("string", "string"))
.vpcId("string")
.build());
default_security_group_resource = aws.ec2.DefaultSecurityGroup("defaultSecurityGroupResource",
egress=[{
"from_port": 0,
"protocol": "string",
"to_port": 0,
"cidr_blocks": ["string"],
"description": "string",
"ipv6_cidr_blocks": ["string"],
"prefix_list_ids": ["string"],
"security_groups": ["string"],
"self": False,
}],
ingress=[{
"from_port": 0,
"protocol": "string",
"to_port": 0,
"cidr_blocks": ["string"],
"description": "string",
"ipv6_cidr_blocks": ["string"],
"prefix_list_ids": ["string"],
"security_groups": ["string"],
"self": False,
}],
revoke_rules_on_delete=False,
tags={
"string": "string",
},
vpc_id="string")
const defaultSecurityGroupResource = new aws.ec2.DefaultSecurityGroup("defaultSecurityGroupResource", {
egress: [{
fromPort: 0,
protocol: "string",
toPort: 0,
cidrBlocks: ["string"],
description: "string",
ipv6CidrBlocks: ["string"],
prefixListIds: ["string"],
securityGroups: ["string"],
self: false,
}],
ingress: [{
fromPort: 0,
protocol: "string",
toPort: 0,
cidrBlocks: ["string"],
description: "string",
ipv6CidrBlocks: ["string"],
prefixListIds: ["string"],
securityGroups: ["string"],
self: false,
}],
revokeRulesOnDelete: false,
tags: {
string: "string",
},
vpcId: "string",
});
type: aws:ec2:DefaultSecurityGroup
properties:
egress:
- cidrBlocks:
- string
description: string
fromPort: 0
ipv6CidrBlocks:
- string
prefixListIds:
- string
protocol: string
securityGroups:
- string
self: false
toPort: 0
ingress:
- cidrBlocks:
- string
description: string
fromPort: 0
ipv6CidrBlocks:
- string
prefixListIds:
- string
protocol: string
securityGroups:
- string
self: false
toPort: 0
revokeRulesOnDelete: false
tags:
string: string
vpcId: string
DefaultSecurityGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DefaultSecurityGroup resource accepts the following input properties:
- Egress
List<Default
Security Group Egress> - Configuration block. Detailed below.
- Ingress
List<Default
Security Group Ingress> - Configuration block. Detailed below.
- Revoke
Rules boolOn Delete - Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Vpc
Id string - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
- Egress
[]Default
Security Group Egress Args - Configuration block. Detailed below.
- Ingress
[]Default
Security Group Ingress Args - Configuration block. Detailed below.
- Revoke
Rules boolOn Delete - map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Vpc
Id string - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
- egress
List<Default
Security Group Egress> - Configuration block. Detailed below.
- ingress
List<Default
Security Group Ingress> - Configuration block. Detailed below.
- revoke
Rules BooleanOn Delete - Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc
Id String - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
- egress
Default
Security Group Egress[] - Configuration block. Detailed below.
- ingress
Default
Security Group Ingress[] - Configuration block. Detailed below.
- revoke
Rules booleanOn Delete - {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc
Id string - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
- egress
Sequence[Default
Security Group Egress Args] - Configuration block. Detailed below.
- ingress
Sequence[Default
Security Group Ingress Args] - Configuration block. Detailed below.
- revoke_
rules_ boolon_ delete - Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc_
id str - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
- egress List<Property Map>
- Configuration block. Detailed below.
- ingress List<Property Map>
- Configuration block. Detailed below.
- revoke
Rules BooleanOn Delete - Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc
Id String - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
Outputs
All input properties are implicitly available as output properties. Additionally, the DefaultSecurityGroup resource produces the following output properties:
- Arn string
- ARN of the security group.
- Description string
- Description of the security group.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Name of the security group.
- Name
Prefix string - Owner
Id string - Owner ID.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Arn string
- ARN of the security group.
- Description string
- Description of the security group.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Name of the security group.
- Name
Prefix string - Owner
Id string - Owner ID.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
- ARN of the security group.
- description String
- Description of the security group.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Name of the security group.
- name
Prefix String - owner
Id String - Owner ID.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn string
- ARN of the security group.
- description string
- Description of the security group.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Name of the security group.
- name
Prefix string - owner
Id string - Owner ID.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn str
- ARN of the security group.
- description str
- Description of the security group.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Name of the security group.
- name_
prefix str - owner_
id str - Owner ID.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
- ARN of the security group.
- description String
- Description of the security group.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Name of the security group.
- name
Prefix String - owner
Id String - Owner ID.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Look up Existing DefaultSecurityGroup Resource
Get an existing DefaultSecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DefaultSecurityGroupState, opts?: CustomResourceOptions): DefaultSecurityGroup@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
description: Optional[str] = None,
egress: Optional[Sequence[DefaultSecurityGroupEgressArgs]] = None,
ingress: Optional[Sequence[DefaultSecurityGroupIngressArgs]] = None,
name: Optional[str] = None,
name_prefix: Optional[str] = None,
owner_id: Optional[str] = None,
revoke_rules_on_delete: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
vpc_id: Optional[str] = None) -> DefaultSecurityGroupfunc GetDefaultSecurityGroup(ctx *Context, name string, id IDInput, state *DefaultSecurityGroupState, opts ...ResourceOption) (*DefaultSecurityGroup, error)public static DefaultSecurityGroup Get(string name, Input<string> id, DefaultSecurityGroupState? state, CustomResourceOptions? opts = null)public static DefaultSecurityGroup get(String name, Output<String> id, DefaultSecurityGroupState state, CustomResourceOptions options)resources: _: type: aws:ec2:DefaultSecurityGroup get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- ARN of the security group.
- Description string
- Description of the security group.
- Egress
List<Default
Security Group Egress> - Configuration block. Detailed below.
- Ingress
List<Default
Security Group Ingress> - Configuration block. Detailed below.
- Name string
- Name of the security group.
- Name
Prefix string - Owner
Id string - Owner ID.
- Revoke
Rules boolOn Delete - Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Vpc
Id string - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
- Arn string
- ARN of the security group.
- Description string
- Description of the security group.
- Egress
[]Default
Security Group Egress Args - Configuration block. Detailed below.
- Ingress
[]Default
Security Group Ingress Args - Configuration block. Detailed below.
- Name string
- Name of the security group.
- Name
Prefix string - Owner
Id string - Owner ID.
- Revoke
Rules boolOn Delete - map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Vpc
Id string - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
- arn String
- ARN of the security group.
- description String
- Description of the security group.
- egress
List<Default
Security Group Egress> - Configuration block. Detailed below.
- ingress
List<Default
Security Group Ingress> - Configuration block. Detailed below.
- name String
- Name of the security group.
- name
Prefix String - owner
Id String - Owner ID.
- revoke
Rules BooleanOn Delete - Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - vpc
Id String - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
- arn string
- ARN of the security group.
- description string
- Description of the security group.
- egress
Default
Security Group Egress[] - Configuration block. Detailed below.
- ingress
Default
Security Group Ingress[] - Configuration block. Detailed below.
- name string
- Name of the security group.
- name
Prefix string - owner
Id string - Owner ID.
- revoke
Rules booleanOn Delete - {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - vpc
Id string - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
- arn str
- ARN of the security group.
- description str
- Description of the security group.
- egress
Sequence[Default
Security Group Egress Args] - Configuration block. Detailed below.
- ingress
Sequence[Default
Security Group Ingress Args] - Configuration block. Detailed below.
- name str
- Name of the security group.
- name_
prefix str - owner_
id str - Owner ID.
- revoke_
rules_ boolon_ delete - Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - vpc_
id str - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
- arn String
- ARN of the security group.
- description String
- Description of the security group.
- egress List<Property Map>
- Configuration block. Detailed below.
- ingress List<Property Map>
- Configuration block. Detailed below.
- name String
- Name of the security group.
- name
Prefix String - owner
Id String - Owner ID.
- revoke
Rules BooleanOn Delete - Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - vpc
Id String - VPC ID. Note that changing the
vpc_idwill not restore any default security group rules that were modified, added, or removed. It will be left in its current state.
Supporting Types
DefaultSecurityGroupEgress, DefaultSecurityGroupEgressArgs
- From
Port int - Start port (or ICMP type number if protocol is
icmp) - Protocol string
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - To
Port int - End range port (or ICMP code if protocol is
icmp). - Cidr
Blocks List<string> - List of CIDR blocks.
- Description string
- Description of this rule.
- Ipv6Cidr
Blocks List<string> - List of IPv6 CIDR blocks.
- Prefix
List List<string>Ids - List of prefix list IDs (for allowing access to VPC endpoints)
- Security
Groups List<string> - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- Self bool
- Whether the security group itself will be added as a source to this egress rule.
- From
Port int - Start port (or ICMP type number if protocol is
icmp) - Protocol string
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - To
Port int - End range port (or ICMP code if protocol is
icmp). - Cidr
Blocks []string - List of CIDR blocks.
- Description string
- Description of this rule.
- Ipv6Cidr
Blocks []string - List of IPv6 CIDR blocks.
- Prefix
List []stringIds - List of prefix list IDs (for allowing access to VPC endpoints)
- Security
Groups []string - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- Self bool
- Whether the security group itself will be added as a source to this egress rule.
- from
Port Integer - Start port (or ICMP type number if protocol is
icmp) - protocol String
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - to
Port Integer - End range port (or ICMP code if protocol is
icmp). - cidr
Blocks List<String> - List of CIDR blocks.
- description String
- Description of this rule.
- ipv6Cidr
Blocks List<String> - List of IPv6 CIDR blocks.
- prefix
List List<String>Ids - List of prefix list IDs (for allowing access to VPC endpoints)
- security
Groups List<String> - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self Boolean
- Whether the security group itself will be added as a source to this egress rule.
- from
Port number - Start port (or ICMP type number if protocol is
icmp) - protocol string
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - to
Port number - End range port (or ICMP code if protocol is
icmp). - cidr
Blocks string[] - List of CIDR blocks.
- description string
- Description of this rule.
- ipv6Cidr
Blocks string[] - List of IPv6 CIDR blocks.
- prefix
List string[]Ids - List of prefix list IDs (for allowing access to VPC endpoints)
- security
Groups string[] - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self boolean
- Whether the security group itself will be added as a source to this egress rule.
- from_
port int - Start port (or ICMP type number if protocol is
icmp) - protocol str
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - to_
port int - End range port (or ICMP code if protocol is
icmp). - cidr_
blocks Sequence[str] - List of CIDR blocks.
- description str
- Description of this rule.
- ipv6_
cidr_ Sequence[str]blocks - List of IPv6 CIDR blocks.
- prefix_
list_ Sequence[str]ids - List of prefix list IDs (for allowing access to VPC endpoints)
- security_
groups Sequence[str] - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self bool
- Whether the security group itself will be added as a source to this egress rule.
- from
Port Number - Start port (or ICMP type number if protocol is
icmp) - protocol String
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - to
Port Number - End range port (or ICMP code if protocol is
icmp). - cidr
Blocks List<String> - List of CIDR blocks.
- description String
- Description of this rule.
- ipv6Cidr
Blocks List<String> - List of IPv6 CIDR blocks.
- prefix
List List<String>Ids - List of prefix list IDs (for allowing access to VPC endpoints)
- security
Groups List<String> - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self Boolean
- Whether the security group itself will be added as a source to this egress rule.
DefaultSecurityGroupIngress, DefaultSecurityGroupIngressArgs
- From
Port int - Start port (or ICMP type number if protocol is
icmp) - Protocol string
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - To
Port int - End range port (or ICMP code if protocol is
icmp). - Cidr
Blocks List<string> - List of CIDR blocks.
- Description string
- Description of the security group.
- Ipv6Cidr
Blocks List<string> - List of IPv6 CIDR blocks.
- Prefix
List List<string>Ids - List of prefix list IDs (for allowing access to VPC endpoints)
- Security
Groups List<string> - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- Self bool
- Whether the security group itself will be added as a source to this egress rule.
- From
Port int - Start port (or ICMP type number if protocol is
icmp) - Protocol string
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - To
Port int - End range port (or ICMP code if protocol is
icmp). - Cidr
Blocks []string - List of CIDR blocks.
- Description string
- Description of the security group.
- Ipv6Cidr
Blocks []string - List of IPv6 CIDR blocks.
- Prefix
List []stringIds - List of prefix list IDs (for allowing access to VPC endpoints)
- Security
Groups []string - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- Self bool
- Whether the security group itself will be added as a source to this egress rule.
- from
Port Integer - Start port (or ICMP type number if protocol is
icmp) - protocol String
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - to
Port Integer - End range port (or ICMP code if protocol is
icmp). - cidr
Blocks List<String> - List of CIDR blocks.
- description String
- Description of the security group.
- ipv6Cidr
Blocks List<String> - List of IPv6 CIDR blocks.
- prefix
List List<String>Ids - List of prefix list IDs (for allowing access to VPC endpoints)
- security
Groups List<String> - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self Boolean
- Whether the security group itself will be added as a source to this egress rule.
- from
Port number - Start port (or ICMP type number if protocol is
icmp) - protocol string
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - to
Port number - End range port (or ICMP code if protocol is
icmp). - cidr
Blocks string[] - List of CIDR blocks.
- description string
- Description of the security group.
- ipv6Cidr
Blocks string[] - List of IPv6 CIDR blocks.
- prefix
List string[]Ids - List of prefix list IDs (for allowing access to VPC endpoints)
- security
Groups string[] - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self boolean
- Whether the security group itself will be added as a source to this egress rule.
- from_
port int - Start port (or ICMP type number if protocol is
icmp) - protocol str
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - to_
port int - End range port (or ICMP code if protocol is
icmp). - cidr_
blocks Sequence[str] - List of CIDR blocks.
- description str
- Description of the security group.
- ipv6_
cidr_ Sequence[str]blocks - List of IPv6 CIDR blocks.
- prefix_
list_ Sequence[str]ids - List of prefix list IDs (for allowing access to VPC endpoints)
- security_
groups Sequence[str] - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self bool
- Whether the security group itself will be added as a source to this egress rule.
- from
Port Number - Start port (or ICMP type number if protocol is
icmp) - protocol String
- Protocol. If you select a protocol of "-1" (semantically equivalent to
all, which is not a valid value here), you must specify afrom_portandto_portequal to0. If noticmp,tcp,udp, or-1use the protocol number. - to
Port Number - End range port (or ICMP code if protocol is
icmp). - cidr
Blocks List<String> - List of CIDR blocks.
- description String
- Description of the security group.
- ipv6Cidr
Blocks List<String> - List of IPv6 CIDR blocks.
- prefix
List List<String>Ids - List of prefix list IDs (for allowing access to VPC endpoints)
- security
Groups List<String> - List of security groups. A group name can be used relative to the default VPC. Otherwise, group ID.
- self Boolean
- Whether the security group itself will be added as a source to this egress rule.
Import
Using pulumi import, import Security Groups using the security group id. For example:
$ pulumi import aws:ec2/defaultSecurityGroup:DefaultSecurityGroup default_sg sg-903004f8
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.