AuthorizeSecurityGroupIngress
Description
Adds permissions to a security group.
Permissions are specified by the IP protocol (TCP, UDP or
ICMP), the source of the request (by IP range or an
Amazon EC2 user-group pair), the source and destination port ranges (for
TCP and UDP), and the ICMP codes and types (for ICMP). When
authorizing ICMP, -1
can be used as a wildcard
in the type and code fields.
Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.
When authorizing a user/group pair permission, GroupName
,
SourceSecurityGroupName
and
SourceSecurityGroupOwnerId
must be specified. When
authorizing a CIDR IP permission, GroupName
, IpProtocol
,
FromPort
, ToPort
and CidrIp
must be
specified. Mixing these two types of parameters is not allowed.
Request Parameters
Name | Description | Required |
---|---|---|
| AWS Access Key ID. Type: String Default: None | Yes |
| Name of the group to modify. The name must be valid and belong to the account Type: String Default: None | Yes |
| IP protocol. Type: String Default: None Valid Values: | Yes |
| Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number). Type: Integer Default: None | Yes |
| End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code). Type: Integer Default: None | Yes |
| AWS User ID of an account. Type: String Default: None | Yes |
| Name of the security group. Type: String Default: None | Yes |
| CIDR range. Type: String Default: None Constraints: Valid CIDR IP address range. | Yes |
Response Elements
Name | Description |
---|---|
|
Type: |
Ancestor: None
Children: requestId
, return
requestId
The ID of the request.
Type: xsd:string
Ancestor: AuthorizeSecurityGroupIngressResponse
Children: None
return
Returns
Type: xsd:boolean
Ancestor: AuthorizeSecurityGroupIngressResponse
Children: None
Examples
Example Request
This example grants TCP port 80 access from the 205.192.0.0/16 address range to the websrv
security group.
https://ec2.amazonaws.com/?Action=AuthorizeSecurityGroupIngress&GroupName=websrv &IpProtocol=tcp &FromPort=80 &ToPort=80 &CidrIp=205.192.0.0/16 &AuthParams
Example Response
<AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2009-04-04/"> <return>true</return> </AuthorizeSecurityGroupIngressResponse>