edit-icon download-icon


Last Updated: Jun 13, 2018

The Out ALIYUN::ECS::SecurityGroupEgress type is used to create the egress access rule of a security group.


  1. {
  2. "Type" : "ALIYUN::ECS::SecurityGroupEgress",
  3. "Properties" : {
  4. "SecurityGroupId" : String,
  5. "IpProtocol" : String,
  6. "PortRange" : String,
  7. "DestGroupId" : String,
  8. "DestGroupOwnerAccount" : String,
  9. "DestCidrIp" : String,
  10. "Policy" : String,
  11. "Priority" : String,
  12. "NicType" : String
  13. }
  14. }


Attribute name Type Required Update allowed Description Constraint
IpProtocol string Yes No IP protocol. Value options: tcp, udp, icmp, gre, and all.The value “all” indicates that it supports all the four protocols.
PortRange string No No Range of the port numbers of a specific IP protocol. When IpProtocol is set to “tcp” or “udp”, the default port numbers are used, and the port number range is [1, 65,535]. For example, “1/200” indicates the port number range 1–200. If the value “200/1” is entered, an error returns when the interface is called. When IpProtocol is set to “icmp”, the port number range is -1/-1.When IpProtocol is set to “gre”, the port number range is -1/-1.When IpProtocol is set to “all”, the port number range is -1/-1.
SecurityGroupId string No No ID of the security group for which an egress access rule is to be created. N/A
NicType string No No Network type. Value options: Internet and intranet. Default value: Internet.
Priority integer No No Authorization policy priority. Value range: [1, 100]. Default value: 1.
DestGroupId string No No ID of the target security group in the same region. Either DestGroupId or DestCidrIp must be set. If both are set, DestCidrIp is authorized by default. If this parameter is specified but DestCidrIp is unspecified, NicType can only be set to intranet.
DestCidrIp string No No Target IP address range. The IP address range must be specified in CIDR format. The default value is (indicating that no restriction is applied). Other supported formats include Only IPv4 is supported.
Policy string No No Authorization policy. Value options: accept (access request accepted) and drop (access request denied). Default value: accept.
DestGroupOwnerAccount string No No The Alibaba Cloud account to which the target security group belongs. This parameter is applicable in cross-user security group authorization. N/A

Return values




  1. {
  2. "ROSTemplateFormatVersion" : "2015-09-01",
  3. "Resources" : {
  4. "SG": {
  5. "Type": "ALIYUN::ECS::SecurityGroupEgress",
  6. "Properties": {
  7. "SecurityGroupId": "sg-25bowo058",
  8. "IpProtocol": "tcp",
  9. "PortRange": "65535/65535",
  10. "DestCidrIp": ""
  11. }
  12. }
  13. }
  14. }
Thank you! We've received your feedback.