AuthorizeSecurityGroupIngress
The AuthorizeSecurityGroupIngress
operation
adds permissions to a security group.
Permissions are specified by the IP protocol (TCP, UDP or
ICMP), the source of the request (by IP range or an
Amazon EC2 user-group pair), the source and destination port ranges (for
TCP and UDP), and the ICMP codes and types (for ICMP). When
authorizing ICMP, -1
can be used as a wildcard
in the type and code fields.
Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.
When authorizing a user/group pair permission, GroupName
,
SourceSecurityGroupName
and
SourceSecurityGroupOwnerId
must be specified. When
authorizing a CIDR IP permission, GroupName
, IpProtocol
,
FromPort
, ToPort
and CidrIp
must be
specified. Mixing these two types of parameters is not allowed.
The following table describes the request parameters for
AuthorizeSecurityGroupIngress
. Parameter
names are case sensitive.
Name | Description | Required |
---|---|---|
|
Name of the group to modify. Type: String |
Yes |
|
Name of security group to authorize access to when operating on a user/group pair. Type: String |
When authorizing user/group pair permission. |
|
Owner of security group to authorize access to when operating on a user/group pair. Type: String |
When authorizing user/group pair permission. |
|
IP protocol to authorize access to when operating on a CIDR IP. Type: String Valid Values: |
When authorizing CIDR IP permission. |
|
Bottom of port range to authorize access to when operating on a CIDR IP. This contains the ICMP type if ICMP is being authorized. Type: Int |
When authorizing CIDR IP permission. |
|
Top of port range to authorize access to when operating on a CIDR IP. This contains the ICMP code if ICMP is being authorized. Type: Int |
When authorizing CIDR IP permission. |
|
CIDR IP range to authorize access to when operating on a CIDR IP. Type: String |
When authorizing CIDR IP permission. |
The following table describes the default response tags included
in AuthorizeSecurityGroupIngress
responses.
Name | Description |
---|---|
|
Type: xsd:boolean |
https://ec2.amazonaws.com/ ?Action=AuthorizeSecurityGroupIngress &IpProtocol=tcp &FromPort=80 &ToPort=80 &CidrIp=0.0.0.0/0 &...auth parameters...
<AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2008-02-01"> <return>true</return> </AuthorizeSecurityGroupIngressResponse>