Package com.pulumi.aws.ec2

Class DefaultSecurityGroup

  • public class DefaultSecurityGroup
extends com.pulumi.resources.CustomResource
    Provides a resource to manage a default security group. This resource can manage the default security group of the default or a non-default VPC. > **NOTE:** This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The `aws.ec2.DefaultSecurityGroup` resource behaves differently from normal resources. This provider does not _create_ this resource but instead attempts to "adopt" it into management. When the provider first begins managing the default security group, it **immediately removes all ingress and egress rules in the Security Group**. It then creates any rules specified in the configuration. This way only the rules specified in the configuration are created. This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diff shown. For these reasons, this resource is incompatible with the `aws.ec2.SecurityGroupRule` resource. For more information about default security groups, see the AWS documentation on [Default Security Groups][aws-default-security-groups]. To manage normal security groups, see the `aws.ec2.SecurityGroup` resource. ## Example Usage The following config gives the default security group the same rules that AWS provides by default but under management by this provider. This means that any ingress or egress rules added or changed will be detected as drift. <!--Start PulumiCodeChooser --> <!--End PulumiCodeChooser --> ### Example Config To Deny All Egress Traffic, Allowing Ingress The following denies all Egress traffic by omitting any `egress` rules, while including the default `ingress` rule to allow all traffic. <!--Start PulumiCodeChooser --> <!--End PulumiCodeChooser --> ### Removing `aws.ec2.DefaultSecurityGroup` From Your Configuration Removing this resource from your configuration will remove it from your statefile and management, but will not destroy the Security Group. All ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console. ## Import Using `pulumi import`, import Security Groups using the security group `id`. For example: ```sh $ pulumi import aws:ec2/defaultSecurityGroup:DefaultSecurityGroup default_sg sg-903004f8 ```

    • Nested Class Summary

      • Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource

        com.pulumi.resources.CustomResource.CustomResourceInternal

      • Nested classes/interfaces inherited from class com.pulumi.resources.Resource

        com.pulumi.resources.Resource.LazyField<T extends java.lang.Object>, com.pulumi.resources.Resource.LazyFields, com.pulumi.resources.Resource.ResourceInternal

    • Field Summary

      • Fields inherited from class com.pulumi.resources.Resource

        childResources, remote

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      com.pulumi.core.Output<java.lang.String> arn()  
      com.pulumi.core.Output<java.lang.String> description()  
      com.pulumi.core.Output<java.util.List<DefaultSecurityGroupEgress>> egress()  
      static DefaultSecurityGroup get​(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, DefaultSecurityGroupState state, com.pulumi.resources.CustomResourceOptions options)
      Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
      com.pulumi.core.Output<java.util.List<DefaultSecurityGroupIngress>> ingress()  
      com.pulumi.core.Output<java.lang.String> name()  
      com.pulumi.core.Output<java.lang.String> namePrefix()  
      com.pulumi.core.Output<java.lang.String> ownerId()  
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> revokeRulesOnDelete()  
      com.pulumi.core.Output<java.util.Optional<java.util.Map<java.lang.String,​java.lang.String>>> tags()  
      com.pulumi.core.Output<java.util.Map<java.lang.String,​java.lang.String>> tagsAll()  
      com.pulumi.core.Output<java.lang.String> vpcId()  

      • Methods inherited from class com.pulumi.resources.CustomResource

        getId, id, idFuture

      • Methods inherited from class com.pulumi.resources.Resource

        getChildResources, getResourceName, getResourceType, getUrn, pulumiChildResources, pulumiResourceName, pulumiResourceType, urn

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • DefaultSecurityGroup

        public DefaultSecurityGroup​(java.lang.String name)
        Parameters:
        name - The _unique_ name of the resulting resource.

      • DefaultSecurityGroup

        public DefaultSecurityGroup​(java.lang.String name,
                            @Nullable
                            DefaultSecurityGroupArgs args)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.

      • DefaultSecurityGroup

        public DefaultSecurityGroup​(java.lang.String name,
                            @Nullable
                            DefaultSecurityGroupArgs args,
                            @Nullable
                            com.pulumi.resources.CustomResourceOptions options)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.
        options - A bag of options that control this resource's behavior.

    • Method Detail

      • arn

        public com.pulumi.core.Output<java.lang.String> arn()
        Returns:
        ARN of the security group.

      • description

        public com.pulumi.core.Output<java.lang.String> description()
        Returns:
        Description of the security group.

      • egress

        public com.pulumi.core.Output<java.util.List<DefaultSecurityGroupEgress>> egress()
        Returns:
        Configuration block. Detailed below.

      • ingress

        public com.pulumi.core.Output<java.util.List<DefaultSecurityGroupIngress>> ingress()
        Returns:
        Configuration block. Detailed below.

      • name

        public com.pulumi.core.Output<java.lang.String> name()
        Returns:
        Name of the security group.

      • namePrefix

        public com.pulumi.core.Output<java.lang.String> namePrefix()

      • ownerId

        public com.pulumi.core.Output<java.lang.String> ownerId()
        Returns:
        Owner ID.

      • revokeRulesOnDelete

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> revokeRulesOnDelete()

      • tags

        public com.pulumi.core.Output<java.util.Optional<java.util.Map<java.lang.String,​java.lang.String>>> tags()
        Returns:
        Map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.

      • tagsAll

        public com.pulumi.core.Output<java.util.Map<java.lang.String,​java.lang.String>> tagsAll()
        Returns:
        A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.

      • vpcId

        public com.pulumi.core.Output<java.lang.String> vpcId()
        Returns:
        VPC ID. **Note that changing the `vpc_id` will _not_ restore any default security group rules that were modified, added, or removed.** It will be left in its current state.

      • get

        public static DefaultSecurityGroup get​(java.lang.String name,
                                       com.pulumi.core.Output<java.lang.String> id,
                                       @Nullable
                                       DefaultSecurityGroupState state,
                                       @Nullable
                                       com.pulumi.resources.CustomResourceOptions options)
        Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
        Parameters:
        name - The _unique_ name of the resulting resource.
        id - The _unique_ provider ID of the resource to lookup.
        state -
        options - Optional settings to control the behavior of the CustomResource.