ec2-authorize group [-P protocol] (-p port_range | -t icmp_type_code) [-u source_group_user ...] [-o source_group ...] [-s source_subnet ...]
Adds a rule to the specified security group. If no source host, group or subnet is provided, requests from any source address will be honored.
| Option | Description | Required |
|---|---|---|
|
|
The group to which this rule will apply. Example: |
Yes |
|
|
The protocol to allow. Condition: Applies when specifying a CIDR subnet as the source. Valid Values: Example: |
Yes |
|
|
For the TCP or UDP protocols, this specifies the range of ports to allow. You specify a single integer or a range (min-max). Condition: Applies when specifying a CIDR subnet as the source. Example: |
Yes |
|
|
For the ICMP protocol, the ICMP type and code must be specified. This must be specified in the format type:code where both are integers. Type, code, or both can be specified as -1, which is a wildcard. Condition: Applies when specifying a CIDR subnet as the source. Example: |
Yes |
|
|
The owner of a group specified using Example: |
No |
|
|
The network source from which traffic will be authorized
specified as a security Group. See the description of the
Example: |
No |
|
|
The network source from which traffic is to be authorized specified as a CIDR subnet range. Example: |
No |
Amazon EC2 returns a table that contains the following information:
-
Output type identifier ("GROUP", "PERMISSION")
-
Group name. Currently, this will report an empty string
-
Type of rule. Currently, only ALLOW rules are supported
-
Protocol to allow
-
Start of port range
-
End of port range
-
FROM -
Source
Amazon EC2 displays errors on stderr.
This example grants TCP port 80 access from the 205.192.0.0/16 address range to the websrv security group.
$ec2-authorize websrv -P tcp -p 80 -s 205.192.0.0/16GROUP websrv "" PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16