ec2-authorize
ec2-authorize
group
[-P protocol
] (-p port_range
| -t icmp_type_code
) [-u source_group_user
...] [-o source_group
...] [-s source_subnet
...]
Adds a rule to the specified security group. If no source host, group or subnet is provided, requests from any source address will be honored.
Option | Description | Required |
---|---|---|
|
The group to which this rule will apply. Example: |
Yes |
|
The protocol to allow. Condition: Applies when specifying a CIDR subnet as the source. Valid Values: Example: |
Yes |
|
For the TCP or UDP protocols, this specifies the range of ports to allow. You an specify a single integer or a range (min-max). Condition: Applies when specifying a CIDR subnet as the source. Example: |
Yes |
|
For the ICMP protocol, the ICMP type and code must be specified. This must be specified in the format type:code where both are integers. Type, code, or both can be specified as -1, which is a wildcard. Condition: Applies when specifying a CIDR subnet as the source. Example: |
Yes |
|
The owner of a group specified using Example: |
No |
|
The network source from which traffic will be authorized
specified as a security Group. See the description of the
Example: |
No |
|
The network source from which traffic is to be authorized specified as a CIDR subnet range. Example: |
No |
Amazon EC2 returns a table that contains the following information:
-
Output type identifier ("GROUP", "PERMISSION").
-
Group name. Currently, this will report an empty string.
-
Type of rule. Currently, only ALLOW rules are supported.
-
Protocol to allow.
-
Start of port range.
-
End of port range.
-
FROM
-
Source.
Amazon EC2 displays errors on stderr.
This example grants TCP port 80 access from the 205.192.0.0/16 address range to the websrv
security group:
$
ec2-authorize websrv -P tcp -p 80 -s 205.192.0.0/16
GROUP websrv "" PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16