AWS::EC2::SecurityGroupEgress

EC2 SecurityGroupEgress

Adds the specified outbound (egress) rule to a security group. An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html). You must specify exactly one of the following destinations: an IPv4 address range, a...

Properties

9 configurable properties. 2 required. Click a row to see details.

Filter:

Property	Type	Flags
`GroupId`	`string`	RequiredCreate-only
`IpProtocol`	`string`	RequiredCreate-only
`CidrIp`	`string`	Create-only
`CidrIpv6`	`string`	Create-only
`Description`	`string`
`DestinationPrefixListId`	`string`	Create-only
`DestinationSecurityGroupId`	`string`	Create-only
`FromPort`	`integer`	Create-only
`ToPort`	`integer`	Create-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`Id`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::EC2::SecurityGroupEgress

Resources:
  MyResource:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      IpProtocol: "value"
      GroupId: "my-groupid"
      Description: !Ref "AWS::StackName"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

read

ec2:DescribeSecurityGroupRules

create

ec2:AuthorizeSecurityGroupEgressec2:RevokeSecurityGroupEgressec2:DescribeSecurityGroupRules

update

ec2:UpdateSecurityGroupRuleDescriptionsEgress

list

ec2:DescribeSecurityGroupRules

delete

ec2:RevokeSecurityGroupEgressec2:DescribeSecurityGroupRules

Get the EC2 Cheat Sheet

Everything you need to know about EC2 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceEC2

Properties10

Required2

TaggingNot supported

Primary IDId

Supported Operations

ReadCreateUpdateListDelete

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

IpProtocolDestinationSecurityGroupIdToPortCidrIpFromPortGroupIdCidrIpv6DestinationPrefixListId

Related Resources

External Links

AWS Documentation