ALIYUN::ECS::SecurityGroupEgress is used to create an outbound access rule for a security group.

Statement

{
  "Type": "ALIYUN::ECS::SecurityGroupEgress",
  "Properties": {
    "SecurityGroupId": String,
    "IpProtocol": String,
    "PortRange": String,
    "DestGroupId": String,
    "DestGroupOwnerAccount": String,
    "DestCidrIp": String,
    "Policy": String,
    "Priority": String,
    "NicType": String,
    "Ipv6DestCidrIp": String
  }
}

Properties

Parameter Type Required Editable Description Constraint
IpProtocol String No No The transport layer protocol. Valid values: tcp, udp, icmp, gre, and all. A value of all specifies that all the four protocols are supported.
PortRange String No No The range of destination ports relevant to transport layer protocols. Valid values:
  • When the IpProtocol parameter is set to tcp or udp, the port number range is 1 to 65535. Separate the starting port and the ending port with a forward slash (/). Correct example: 1/200. Incorrect example: 200/1.
  • When the IpProtocol parameter is set to icmp, the port number range is -1/-1, indicating that all ports are available.
  • When the IpProtocol parameter is set to gre, the port number range is -1/-1, indicating that all ports are available.
  • When the IpProtocol parameter is set to all, the port number range is -1/-1, indicating that all ports are available.

For more information about the application scenarios of the ports, see Typical applications of commonly used ports.

SecurityGroupId String Yes Released The ID of the source security group. None
NicType String Yes Released The type of the ENI. Valid values:
  • Network interface controller
  • intranet

Default value: internet.

If the DestGroupId parameter is specified, but the DestCidrIp parameter is not, this parameter must be set to intranet.
Priority String Optional Released The priority of the security group rule. Valid values: 1 to 100. Default value: 1
DestGroupId String Yes Released The ID of the source security group for which you want to set access permissions. You must specify at least one of the DestGroupId and DestCidrIp parameters. If the DestGroupId parameter is specified, but the DestCidrIp parameter is not, the NicType parameter must be set to intranet. If both the DestGroupId and DestCidrIp parameters are specified, the DestCidrIp parameter prevails by default.
DestCidrIp String Yes Released The destination CIDR block. Only IPv4 CIDR blocks are supported.
Policy String Yes Released The authorization policy. Valid values:
  • accept: grants access
  • drop: denies access

Default value: accept.

DestGroupOwnerAccount String Yes Released The Alibaba Cloud account that manages the destination security group when you set a security group rule across accounts. If neither the DestGroupOwnerAccount parameter nor the DestGroupOwnerId parameter is specified, the access permission is configured on another security group managed by your account. If the DestCidrIp parameter is specified, this parameter is ignored.
Description String Yes True The description of the security group rule. The description must be 1 to 512 characters in length.
DestGroupOwnerId String Yes Released The ID of the Alibaba Cloud account that manages the destination security group when you set a security group rule across accounts. If neither the DestGroupOwnerId parameter nor the DestGroupOwnerAccount parameter is specified, the access permission is configured on another security group managed by your account. If the DestCidrIp parameter is specified, the DestGroupOwnerId parameter is ignored.
Ipv6DestCidrIp String Yes Released The destination IPv6 CIDR block. IPv6 CIDR blocks are supported. You can only specify the IP addresses of ECS instances in VPCs.

Response parameters

Fn::GetAtt

None

Sample request

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Resources": {
    "SG": {
      "Type": "ALIYUN::ECS::SecurityGroupEgress",
      "Properties": {
        "SecurityGroupId": "sg-25bow****",
        "IpProtocol": "tcp",
        "PortRange": "65535/65535",
        "DestCidrIp": "0.0.0.0/0"
      }
    }
  }
}