AuthorizeSecurityGroupIngress
Description
Adds permissions to a security group.
Permissions are specified by the IP protocol (TCP, UDP or
ICMP), the source of the request (by IP range or an
Amazon EC2 user-group pair), the source and destination port ranges (for
TCP and UDP), and the ICMP codes and types (for ICMP). When
authorizing ICMP, -1 can be used as a wildcard
in the type and code fields.
Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.
When authorizing a user/group pair permission, GroupName,
SourceSecurityGroupName and
SourceSecurityGroupOwnerId must be specified. When
authorizing a CIDR IP permission, GroupName, IpProtocol,
FromPort, ToPort and CidrIp must be
specified. Mixing these two types of parameters is not allowed.
Request Parameters
| Name | Description | Required |
|---|---|---|
|
Type: |
Ancestor: None
Children: userId, groupName, and ipPermissions
userId
AWS Access Key ID.
Type: xsd:string
Default: None
Ancestor: AuthorizeSecurityGroupIngressType
Children: None
Yes
groupName
Name of the group to modify. The name must be valid and belong to the account
Type: xsd:string
Default: None
Ancestor: AuthorizeSecurityGroupIngressType
Children: None
Yes
ipPermissions
Set of permissions.
Type: IpPermissionSetType
Ancestor: AuthorizeSecurityGroupIngressType
Children: item
Yes
item
Set of IP permissions.
Type: IpPermissionType
Ancestor: ipPermissions
Children: ipProtocol, fromPort, toPort, groups, and ipRanges
Yes
ipProtocol
IP protocol.
Type: xsd:string
Default: None
Valid Values: tcp | udp | icmp
Ancestor: item
Children: None
Yes
fromPort
Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).
Type: xsd:int
Default: None
Ancestor: item
Children: None
Yes
toPort
End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).
Type: xsd:int
Default: None
Ancestor: item
Children: None
Yes
groups
List of security group and user ID pairs.
Type: UserIdGroupPairSetType
Ancestor: item
Children: item
Yes
item
Information for one security group.
Type: UserIdGroupPairType
Ancestor: groups
Children: userId, groupName
Yes
userId
AWS User ID of an account.
Type: xsd:string
Default: None
Ancestor: item
Children: None
Yes
groupName
Name of the security group.
Type: xsd:string
Default: None
Ancestor: item
Children: None
Yes
ipRanges
IP ranges.
Type: IpRangeSetType
Ancestor: item
Children: item
Yes
item
Information for one IP range.
Type: IpRangeItemType
Ancestor: ipRanges
Children: cidrIp
Yes
cidrIp
CIDR range.
Type: xsd:string
Default: None
Constraints: Valid CIDR IP address range.
Ancestor: item
Children: None
Yes
Response Elements
| Name | Description |
|---|---|
|
|
Type: AuthorizeSecurityGroupIngressResponseType Ancestor: None Children: |
|
The ID of the request. Type: xsd:string Ancestor: Children: None |
|
Returns "true" if request is successful; otherwise "false". Type: xsd:boolean Ancestor: Children: None |
Examples
Example Request
This example grants TCP port 80 access from the 205.192.0.0/16 address range to the websrv security group.
<AuthorizeSecurityGroupIngress xmlns="http://ec2.amazonaws.com/doc/2009-07-15/">
<userId/>
<groupName>websrv</groupName>
<ipPermissions>
<item>
<ipProtocol>tcp</ipProtocol>
<fromPort>80</fromPort>
<toPort>80</toPort>
<groups/>
<ipRanges>
<item>
<cidrIp>205.192.0.0/16</cidrIp>
</item>
</ipRanges>
</item>
</ipPermissions>
</AuthorizeSecurityGroupIngress>
Example Response
<AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2009-07-15/"> <return>true</return> </AuthorizeSecurityGroupIngressResponse>