A SecurityGroup is a managed resource that represents an AWS VPC Security Group.
Type
CRD
Group
ec2.aws.crossplane.io
Version
v1beta1
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: SecurityGroup
A SecurityGroupSpec defines the desired state of a SecurityGroup.
SecurityGroupParameters define the desired state of an AWS VPC Security Group.
[EC2-VPC] One or more outbound rules associated with the security group.
The IPv4 ranges.
The IPv6 ranges. [VPC only]
PrefixListIDs for an AWS service. With outbound rules, this is the AWS service to access through a VPC endpoint from instances associated with the security group. [VPC only]
UserIDGroupPairs are the source security group and AWS account ID pairs. It contains one or more accounts and security groups to allow flows from security groups of other accounts.
GroupIDRef reference a security group to retrieve its GroupID
Policies for referencing.
GroupIDSelector selects reference to a security group to retrieve its GroupID
Policies for selection.
VPCIDRef reference a VPC to retrieve its vpcId
Policies for referencing.
VPCIDSelector selects reference to a VPC to retrieve its vpcId
Policies for selection.
One or more inbound rules associated with the security group.
The IPv4 ranges.
The IPv6 ranges. [VPC only]
PrefixListIDs for an AWS service. With outbound rules, this is the AWS service to access through a VPC endpoint from instances associated with the security group. [VPC only]
UserIDGroupPairs are the source security group and AWS account ID pairs. It contains one or more accounts and security groups to allow flows from security groups of other accounts.
GroupIDRef reference a security group to retrieve its GroupID
Policies for referencing.
GroupIDSelector selects reference to a security group to retrieve its GroupID
Policies for selection.
VPCIDRef reference a VPC to retrieve its vpcId
Policies for referencing.
VPCIDSelector selects reference to a VPC to retrieve its vpcId
Policies for selection.
VPCIDRef references a VPC to and retrieves its vpcId
Policies for referencing.
VPCIDSelector selects a reference to a VPC to and retrieves its vpcId
Policies for selection.
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. providerConfigRef
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
A SecurityGroupStatus represents the observed state of a SecurityGroup.
SecurityGroupObservation keeps the state for the external resource
Conditions of the resource.
sample-environment-sg
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: SecurityGroup
metadata:
name: sample-environment-sg
spec:
deletionPolicy: Delete
forProvider:
description: Security Group for Amazon MWAA Environment
egress:
- fromPort: -1
ipProtocol: "-1"
ipRanges:
- cidrIp: 0.0.0.0/0
toPort: -1
groupName: sample-mwaa-sg
ingress:
- fromPort: 443
ipProtocol: tcp
ipRanges:
- cidrIp: 0.0.0.0/0
toPort: 443
- fromPort: 5432
ipProtocol: tcp
ipRanges:
- cidrIp: 0.0.0.0/0
toPort: 5432
region: us-east-1
vpcIdRef:
name: sample-vpc
providerConfigRef:
name: example
sample-cluster-sg
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: SecurityGroup
metadata:
name: sample-cluster-sg
spec:
forProvider:
description: Cluster communication with worker nodes
groupName: my-cool-ekscluster-sg
ingress:
- fromPort: 80
ipProtocol: tcp
ipRanges:
- cidrIp: 10.0.0.0/8
toPort: 80
region: us-east-1
vpcIdRef:
name: sample-vpc
providerConfigRef:
name: example
db-security-group
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: SecurityGroup
metadata:
name: db-security-group
spec:
forProvider:
description: Enable rds access
egress:
- ipProtocol: "-1"
ipRanges:
- cidrIp: 0.0.0.0/0
groupName: db-sg
ingress:
- fromPort: 5432
ipProtocol: tcp
ipRanges:
- cidrIp: 10.0.0.0/8
toPort: 5432
region: us-east-1
vpcIdRef:
name: sample-vpc
providerConfigRef:
name: example
sample-mwaa-endpoint-sg
apiVersion: ec2.aws.crossplane.io/v1beta1
kind: SecurityGroup
metadata:
name: sample-mwaa-endpoint-sg
spec:
deletionPolicy: Delete
forProvider:
description: Security Group for Amazon MWAA Environments to access VPC endpoints
groupName: mwaa-vpc-endpoints
ingress:
- fromPort: 443
ipProtocol: tcp
ipRanges:
- cidrIp: 10.0.0.0/8
description: Sample CIDR
toPort: 443
region: us-east-1
vpcIdRef:
name: sample-vpc
providerConfigRef:
name: example