AuthorizeSecurityGroupIngress

Amazon Elastic Compute Cloud: 2009-10-31

previous page next page

AuthorizeSecurityGroupIngress

Description

Adds permissions to a security group.

Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code fields.

Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.

When authorizing a user/group pair permission, GroupName, SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and CidrIp must be specified.

Request Parameters

NameDescriptionRequired

UserId

AWS Access Key ID.

Type: String

Default: None

Yes

GroupName

Name of the group to modify. The name must be valid and belong to the account

Type: String

Default: None

Yes

IpProtocol

IP protocol.

Type: String

Valid Values: tcp | udp | icmp

Default: None

Yes

FromPort

Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).

Type: Integer

Default: None

Yes

ToPort

End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).

Type: Integer

Default: None

Yes

SourceSecurityGroupOwnerId

AWS User ID of an account. Cannot be used when specifying a CIDR IP address.

Type: String

Default: None

Yes

SourceSecurityGroupName

Name of the security group. Cannot be used when specifying a CIDR IP address.

Type: String

Default: None

Yes

CidrIp

CIDR range.

Type: String

Default: None

Constraints: Valid CIDR IP address range.

Yes

Response Elements

NameDescription

AuthorizeSecurityGroupIngressResponseType

AuthorizeSecurityGroupIngressResponseType element.

Type:

AuthorizeSecurityGroupIngressResponseType

Ancestor: None

Children: requestId, return

requestId

The ID of the request.

Type: xsd:string

Ancestor: AuthorizeSecurityGroupIngressResponseType

Children: None

return

Returns true if request is successful. Otherwise, returns an error.

Type: xsd:boolean

Ancestor: AuthorizeSecurityGroupIngressResponseType

Children: None

Examples

Example Request

This example grants TCP port 80 access from the 205.192.0.0/16 address range to the websrv security group.

https://ec2.amazonaws.com/?Action=AuthorizeSecurityGroupIngress&GroupName=websrv
&IpProtocol=tcp
&FromPort=80
&ToPort=80
&CidrIp=205.192.0.0/16
&AuthParams

Example Response

<AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2009-10-31/">
  <return>true</return>
</AuthorizeSecurityGroupIngressResponse>
previous page start next page