ec2-authorize

SYNOPSIS

ec2-authorize GROUP [-P PROTOCOL] (-p PORT_RANGE | -t ICMP_TYPE_CODE) [-u SOURCE_GROUP_USER ...] [-o SOURCE_GROUP ...] [-s SOURCE_SUBNET ...]

Adds a rule to the security group named GROUP. If no source host, group or subnet is provided, requests from any source address will be honored.

A table containing the following information is returned:

Errors are displayed on stderr.

Option	Definition	Required?	Example
`-P PROTOCOL`	The protocol to allow. This can be `tcp`, `udp` or `icmp`. This option only applies when specifying a CIDR subnet as the source.	Yes	-P tcp
`-p PORT_RANGE`	For the TCP or UDP protocols, this specifies the range of ports to allow. This may be specified as a single integer or as a range (min-max). This option only applies when specifying a CIDR subnet as the source.	Yes	-p 80
`-t ICMP_TYPE_CODE`	For the ICMP protocol, the ICMP type and code must be specified. This must be specified as type:code where both are integers. Type or code (or both) may be specified as -1 which is a wildcard. This option only applies when specifying a CIDR subnet as the source.	Yes	-t 2:5
`-u SOURCE_GROUP_USER`	The owner of a group specified using `-o`. If this is not specified, all groups will refer to the current user. If specified more than once, there must be exactly one `-u` per `-o` and each user will be mapped to the corresponding group.	No	-u 495219933132
`-o SOURCE_GROUP`	The network source from which traffic is to be authorized specified as a security Group. See the description of the `-u` parameter for group owner information.	No	-o headoffice
`-s SOURCE_SUBNET`	The network source from which traffic is to be authorized specified as a CIDR Subnet range.	No	-s 205.192.8.45/24

$ ec2-authorize websrv -P tcp -p 80 -s 205.192.0.0/16
GROUP websrv ""
PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16