UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi/pulumi-aws

140 lines • 6.64 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.DefaultSecurityGroup = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Provides a resource to manage a default security group. This resource can manage the default security group of the default or a non-default VPC. * * > **NOTE:** This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The `aws.ec2.DefaultSecurityGroup` resource behaves differently from normal resources. This provider does not _create_ this resource but instead attempts to "adopt" it into management. * * When the provider first begins managing the default security group, it **immediately removes all ingress and egress rules in the Security Group**. It then creates any rules specified in the configuration. This way only the rules specified in the configuration are created. * * This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diff shown. For these reasons, this resource is incompatible with the `aws.ec2.SecurityGroupRule` resource. * * For more information about default security groups, see the AWS documentation on [Default Security Groups][aws-default-security-groups]. To manage normal security groups, see the `aws.ec2.SecurityGroup` resource. * * ## Example Usage * * The following config gives the default security group the same rules that AWS provides by default but under management by this provider. This means that any ingress or egress rules added or changed will be detected as drift. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"}); * const _default = new aws.ec2.DefaultSecurityGroup("default", { * vpcId: mainvpc.id, * ingress: [{ * protocol: "-1", * self: true, * fromPort: 0, * toPort: 0, * }], * egress: [{ * fromPort: 0, * toPort: 0, * protocol: "-1", * cidrBlocks: ["0.0.0.0/0"], * }], * }); * ``` * * ### Example Config To Deny All Egress Traffic, Allowing Ingress * * The following denies all Egress traffic by omitting any `egress` rules, while including the default `ingress` rule to allow all traffic. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"}); * const _default = new aws.ec2.DefaultSecurityGroup("default", { * vpcId: mainvpc.id, * ingress: [{ * protocol: "-1", * self: true, * fromPort: 0, * toPort: 0, * }], * }); * ``` * * ### Removing `aws.ec2.DefaultSecurityGroup` From Your Configuration * * Removing this resource from your configuration will remove it from your statefile and management, but will not destroy the Security Group. All ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console. * * ## Import * * Using `pulumi import`, import Security Groups using the security group `id`. For example: * * ```sh * $ pulumi import aws:ec2/defaultSecurityGroup:DefaultSecurityGroup default_sg sg-903004f8 * ``` */ class DefaultSecurityGroup extends pulumi.CustomResource { /** * Get an existing DefaultSecurityGroup resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new DefaultSecurityGroup(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of DefaultSecurityGroup. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === DefaultSecurityGroup.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["arn"] = state?.arn; resourceInputs["description"] = state?.description; resourceInputs["egress"] = state?.egress; resourceInputs["ingress"] = state?.ingress; resourceInputs["name"] = state?.name; resourceInputs["namePrefix"] = state?.namePrefix; resourceInputs["ownerId"] = state?.ownerId; resourceInputs["region"] = state?.region; resourceInputs["revokeRulesOnDelete"] = state?.revokeRulesOnDelete; resourceInputs["tags"] = state?.tags; resourceInputs["tagsAll"] = state?.tagsAll; resourceInputs["vpcId"] = state?.vpcId; } else { const args = argsOrState; resourceInputs["egress"] = args?.egress; resourceInputs["ingress"] = args?.ingress; resourceInputs["region"] = args?.region; resourceInputs["revokeRulesOnDelete"] = args?.revokeRulesOnDelete; resourceInputs["tags"] = args?.tags; resourceInputs["vpcId"] = args?.vpcId; resourceInputs["arn"] = undefined /*out*/; resourceInputs["description"] = undefined /*out*/; resourceInputs["name"] = undefined /*out*/; resourceInputs["namePrefix"] = undefined /*out*/; resourceInputs["ownerId"] = undefined /*out*/; resourceInputs["tagsAll"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(DefaultSecurityGroup.__pulumiType, name, resourceInputs, opts); } } exports.DefaultSecurityGroup = DefaultSecurityGroup; /** @internal */ DefaultSecurityGroup.__pulumiType = 'aws:ec2/defaultSecurityGroup:DefaultSecurityGroup'; //# sourceMappingURL=defaultSecurityGroup.js.map