Class: Aws::EC2::SecurityGroup

Inherits:

Object

• Object
• Aws::EC2::SecurityGroup

Extended by:

Deprecations

Defined in:

lib/aws-sdk-ec2/security_group.rb

Defined Under Namespace

Classes: Collection

Read-Only Attributes

• #description ⇒ String

  A description of the security group.

• #group_name ⇒ String

  The name of the security group.

• #id ⇒ String (also: #group_id)
• #ip_permissions ⇒ Array<Types::IpPermission>

  One or more inbound rules associated with the security group.

• #ip_permissions_egress ⇒ Array<Types::IpPermission>

  [EC2-VPC] One or more outbound rules associated with the security group.

• #owner_id ⇒ String

  The AWS account ID of the owner of the security group.

• #tags ⇒ Array<Types::Tag>

  Any tags assigned to the security group.

• #vpc_id ⇒ String

  [EC2-VPC] The ID of the VPC for the security group.

Actions

• #authorize_egress(options = {}) ⇒ EmptyStructure
• #authorize_ingress(options = {}) ⇒ EmptyStructure
• #create_tags(options = {}) ⇒ Tag::Collection
• #delete(options = {}) ⇒ EmptyStructure
• #identifiers ⇒ Object deprecated private Deprecated.
• #revoke_egress(options = {}) ⇒ EmptyStructure
• #revoke_ingress(options = {}) ⇒ EmptyStructure

Instance Method Summary

• #client ⇒ Client
• #data ⇒ Types::SecurityGroup

  Returns the data for this SecurityGroup.

• #data_loaded? ⇒ Boolean

  Returns ‘true` if this resource is loaded.

• #initialize(*args) ⇒ SecurityGroup constructor

  A new instance of SecurityGroup.

• #load ⇒ self (also: #reload)

  Loads, or reloads #data for the current SecurityGroup.

Constructor Details

#initialize(id, options = {}) ⇒ SecurityGroup #initialize(options = {}) ⇒ SecurityGroup

Returns a new instance of SecurityGroup.

Overloads:

• #initialize(id, options = {}) ⇒ SecurityGroup

  Parameters:

  • id (String)

  Options Hash (options):

  • :client (Client)
• #initialize(options = {}) ⇒ SecurityGroup

  Options Hash (options):

  • :id (required, String)
  • :client (Client)

# File 'lib/aws-sdk-ec2/security_group.rb', line 19

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @id = extract_id(args, options)
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
end

Instance Method Details

#authorize_egress(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

security_group.authorize_egress({
  dry_run: false,
  ip_permissions: [
    {
      from_port: 1,
      ip_protocol: "String",
      ip_ranges: [
        {
          cidr_ip: "String",
        },
      ],
      ipv_6_ranges: [
        {
          cidr_ipv_6: "String",
        },
      ],
      prefix_list_ids: [
        {
          prefix_list_id: "String",
        },
      ],
      to_port: 1,
      user_id_group_pairs: [
        {
          group_id: "String",
          group_name: "String",
          peering_status: "String",
          user_id: "String",
          vpc_id: "String",
          vpc_peering_connection_id: "String",
        },
      ],
    },
  ],
  cidr_ip: "String",
  from_port: 1,
  ip_protocol: "String",
  to_port: 1,
  source_security_group_name: "String",
  source_security_group_owner_id: "String",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :dry_run (Boolean) —

  Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ‘DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.

• :ip_permissions (Array<Types::IpPermission>) —

  A set of IP permissions. You can’t specify a destination security group and a CIDR IP address range.

• :cidr_ip (String) —

  The CIDR IPv4 address range. We recommend that you specify the CIDR range in a set of IP permissions instead.

• :from_port (Integer) —

  The start of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

• :ip_protocol (String) —

  The IP protocol name or number. We recommend that you specify the protocol in a set of IP permissions instead.

• :to_port (Integer) —

  The end of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

• :source_security_group_name (String) —

  The name of a destination security group. To authorize outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

• :source_security_group_owner_id (String) —

  The AWS account number for a destination security group. To authorize outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-ec2/security_group.rb', line 189

def authorize_egress(options = {})
  options = options.merge(group_id: @id)
  resp = @client.authorize_security_group_egress(options)
  resp.data
end

#authorize_ingress(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

security_group.authorize_ingress({
  cidr_ip: "String",
  from_port: 1,
  group_name: "String",
  ip_permissions: [
    {
      from_port: 1,
      ip_protocol: "String",
      ip_ranges: [
        {
          cidr_ip: "String",
        },
      ],
      ipv_6_ranges: [
        {
          cidr_ipv_6: "String",
        },
      ],
      prefix_list_ids: [
        {
          prefix_list_id: "String",
        },
      ],
      to_port: 1,
      user_id_group_pairs: [
        {
          group_id: "String",
          group_name: "String",
          peering_status: "String",
          user_id: "String",
          vpc_id: "String",
          vpc_peering_connection_id: "String",
        },
      ],
    },
  ],
  ip_protocol: "String",
  source_security_group_name: "String",
  source_security_group_owner_id: "String",
  to_port: 1,
  dry_run: false,
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :cidr_ip (String) —

  The CIDR IPv4 address range. You can’t specify this parameter when specifying a source security group.

• :from_port (Integer) —

  The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. For the ICMP/ICMPv6 type number, use ‘-1` to specify all types.

• :group_name (String) —

  [EC2-Classic, default VPC] The name of the security group.

• :ip_permissions (Array<Types::IpPermission>) —

  A set of IP permissions. Can be used to specify multiple rules in a single command.

• :ip_protocol (String) —

  The IP protocol name (‘tcp`, `udp`, `icmp`) or number (see [Protocol Numbers]). (VPC only) Use `-1` to specify all protocols. If you specify `-1`, or a protocol number other than `tcp`, `udp`, `icmp`, or `58` (ICMPv6), traffic on all ports is allowed, regardless of any ports you specify. For `tcp`, `udp`, and `icmp`, you must specify a port range. For protocol `58` (ICMPv6), you can optionally specify a port range; if you don’t, traffic for all types and codes is allowed.

  [1]: www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

• :source_security_group_name (String) —

  [EC2-Classic, default VPC] The name of the source security group. You can’t specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.

• :source_security_group_owner_id (String) —

  [EC2-Classic] The AWS account number for the source security group, if the source security group is in a different account. You can’t specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.

• :to_port (Integer) —

  The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code number. For the ICMP/ICMPv6 code number, use ‘-1` to specify all codes.

• :dry_run (Boolean) —

  Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ‘DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-ec2/security_group.rb', line 290

def authorize_ingress(options = {})
  options = options.merge(group_id: @id)
  resp = @client.authorize_security_group_ingress(options)
  resp.data
end

#client ⇒ Client

Returns:

• (Client)

# File 'lib/aws-sdk-ec2/security_group.rb', line 80

def client
  @client
end

#create_tags(options = {}) ⇒ Tag::Collection

Examples:

Request syntax with placeholder values

tag = security_group.create_tags({
  dry_run: false,
  tags: [ # required
    {
      key: "String",
      value: "String",
    },
  ],
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :dry_run (Boolean) —

  Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ‘DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.

• :tags (required, Array<Types::Tag>) —

  One or more tags. The ‘value` parameter is required, but if you don’t want the tag to have a value, specify the parameter with no value, and we set the value to an empty string.

Returns:

• (Tag::Collection)

# File 'lib/aws-sdk-ec2/security_group.rb', line 318

def create_tags(options = {})
  batch = []
  options = Aws::Util.deep_merge(options, resources: [@id])
  resp = @client.create_tags(options)
  options[:tags].each do |t|
    batch << Tag.new(
      resource_id: @id,
      key: t[:key],
      value: t[:value],
      client: @client
    )
  end
  Tag::Collection.new([batch], size: batch.size)
end

#data ⇒ Types::SecurityGroup

Returns the data for this Aws::EC2::SecurityGroup. Calls Client#describe_security_groups if #data_loaded? is ‘false`.

Returns:

• (Types::SecurityGroup) —

  Returns the data for this Aws::EC2::SecurityGroup. Calls Client#describe_security_groups if #data_loaded? is ‘false`.

# File 'lib/aws-sdk-ec2/security_group.rb', line 100

def data
  load unless @data
  @data
end

#data_loaded? ⇒ Boolean

Returns ‘true` if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

• (Boolean) —

  Returns ‘true` if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

# File 'lib/aws-sdk-ec2/security_group.rb', line 108

def data_loaded?
  !!@data
end

#delete(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

security_group.delete({
  group_name: "String",
  dry_run: false,
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :group_name (String) —

  [EC2-Classic, default VPC] The name of the security group. You can specify either the security group name or the security group ID.

• :dry_run (Boolean) —

  Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ‘DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-ec2/security_group.rb', line 349

def delete(options = {})
  options = options.merge(group_id: @id)
  resp = @client.delete_security_group(options)
  resp.data
end

#description ⇒ String

A description of the security group.

Returns:

• (String)

# File 'lib/aws-sdk-ec2/security_group.rb', line 36

def description
  data.description
end

#group_name ⇒ String

The name of the security group.

Returns:

• (String)

# File 'lib/aws-sdk-ec2/security_group.rb', line 42

def group_name
  data.group_name
end

#id ⇒ String Also known as: group_id

Returns:

• (String)

# File 'lib/aws-sdk-ec2/security_group.rb', line 29

def id
  @id
end

#identifiers ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Deprecated.

# File 'lib/aws-sdk-ec2/security_group.rb', line 532

def identifiers
  { id: @id }
end

#ip_permissions ⇒ Array<Types::IpPermission>

One or more inbound rules associated with the security group.

Returns:

• (Array<Types::IpPermission>)

# File 'lib/aws-sdk-ec2/security_group.rb', line 48

def ip_permissions
  data.ip_permissions
end

#ip_permissions_egress ⇒ Array<Types::IpPermission>

[EC2-VPC] One or more outbound rules associated with the security group.

Returns:

• (Array<Types::IpPermission>)

# File 'lib/aws-sdk-ec2/security_group.rb', line 61

def ip_permissions_egress
  data.ip_permissions_egress
end

#load ⇒ self Also known as: reload

Loads, or reloads #data for the current Aws::EC2::SecurityGroup. Returns ‘self` making it possible to chain methods.

security_group.reload.data

Returns:

• (self)

# File 'lib/aws-sdk-ec2/security_group.rb', line 90

def load
  resp = @client.describe_security_groups(group_ids: [@id])
  @data = resp.security_groups[0]
  self
end

#owner_id ⇒ String

The AWS account ID of the owner of the security group.

Returns:

• (String)

# File 'lib/aws-sdk-ec2/security_group.rb', line 54

def owner_id
  data.owner_id
end

#revoke_egress(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

security_group.revoke_egress({
  dry_run: false,
  ip_permissions: [
    {
      from_port: 1,
      ip_protocol: "String",
      ip_ranges: [
        {
          cidr_ip: "String",
        },
      ],
      ipv_6_ranges: [
        {
          cidr_ipv_6: "String",
        },
      ],
      prefix_list_ids: [
        {
          prefix_list_id: "String",
        },
      ],
      to_port: 1,
      user_id_group_pairs: [
        {
          group_id: "String",
          group_name: "String",
          peering_status: "String",
          user_id: "String",
          vpc_id: "String",
          vpc_peering_connection_id: "String",
        },
      ],
    },
  ],
  cidr_ip: "String",
  from_port: 1,
  ip_protocol: "String",
  to_port: 1,
  source_security_group_name: "String",
  source_security_group_owner_id: "String",
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :dry_run (Boolean) —

  Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ‘DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.

• :ip_permissions (Array<Types::IpPermission>) —

  A set of IP permissions. You can’t specify a destination security group and a CIDR IP address range.

• :cidr_ip (String) —

  The CIDR IP address range. We recommend that you specify the CIDR range in a set of IP permissions instead.

• :from_port (Integer) —

  The start of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

• :ip_protocol (String) —

  The IP protocol name or number. We recommend that you specify the protocol in a set of IP permissions instead.

• :to_port (Integer) —

  The end of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

• :source_security_group_name (String) —

  The name of a destination security group. To revoke outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

• :source_security_group_owner_id (String) —

  The AWS account number for a destination security group. To revoke outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-ec2/security_group.rb', line 430

def revoke_egress(options = {})
  options = options.merge(group_id: @id)
  resp = @client.revoke_security_group_egress(options)
  resp.data
end

#revoke_ingress(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values

security_group.revoke_ingress({
  cidr_ip: "String",
  from_port: 1,
  group_name: "String",
  ip_permissions: [
    {
      from_port: 1,
      ip_protocol: "String",
      ip_ranges: [
        {
          cidr_ip: "String",
        },
      ],
      ipv_6_ranges: [
        {
          cidr_ipv_6: "String",
        },
      ],
      prefix_list_ids: [
        {
          prefix_list_id: "String",
        },
      ],
      to_port: 1,
      user_id_group_pairs: [
        {
          group_id: "String",
          group_name: "String",
          peering_status: "String",
          user_id: "String",
          vpc_id: "String",
          vpc_peering_connection_id: "String",
        },
      ],
    },
  ],
  ip_protocol: "String",
  source_security_group_name: "String",
  source_security_group_owner_id: "String",
  to_port: 1,
  dry_run: false,
})

Parameters:

• options (Hash) (defaults to: {}) —

  ({})

Options Hash (options):

• :cidr_ip (String) —

  The CIDR IP address range. You can’t specify this parameter when specifying a source security group.

• :from_port (Integer) —

  The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use ‘-1` to specify all ICMP types.

• :group_name (String) —

  [EC2-Classic, default VPC] The name of the security group.

• :ip_permissions (Array<Types::IpPermission>) —

  A set of IP permissions. You can’t specify a source security group and a CIDR IP address range.

• :ip_protocol (String) —

  The IP protocol name (‘tcp`, `udp`, `icmp`) or number (see [Protocol Numbers]). Use `-1` to specify all.

  [1]: www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

• :source_security_group_name (String) —

  [EC2-Classic, default VPC] The name of the source security group. You can’t specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. For EC2-VPC, the source security group must be in the same VPC. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.

• :source_security_group_owner_id (String) —

  [EC2-Classic] The AWS account ID of the source security group, if the source security group is in a different account. You can’t specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.

• :to_port (Integer) —

  The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use ‘-1` to specify all ICMP codes for the ICMP type.

• :dry_run (Boolean) —

  Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ‘DryRunOperation`. Otherwise, it is `UnauthorizedOperation`.

Returns:

• (EmptyStructure)

# File 'lib/aws-sdk-ec2/security_group.rb', line 524

def revoke_ingress(options = {})
  options = options.merge(group_id: @id)
  resp = @client.revoke_security_group_ingress(options)
  resp.data
end

#tags ⇒ Array<Types::Tag>

Any tags assigned to the security group.

Returns:

• (Array<Types::Tag>)

# File 'lib/aws-sdk-ec2/security_group.rb', line 67

def tags
  data.tags
end

#vpc_id ⇒ String

[EC2-VPC] The ID of the VPC for the security group.

Returns:

• (String)

# File 'lib/aws-sdk-ec2/security_group.rb', line 73

def vpc_id
  data.vpc_id
end