ec2-authorize
Syntax
ec2-authorize group [-P protocol] (-p port_range | -t icmp_type_code) [-u source_group_user ...] [-o source_group ...] [-s source_subnet ...]
Description
Adds a rule to the specified security group. If no source host, group or subnet is provided, requests from any source address will be honored.
Options
| Option | Description | Required |
|---|---|---|
| The group to which this rule will apply. Example: | Yes |
| The protocol to allow. Condition: Applies when specifying a CIDR subnet as the source. Valid Values: Example: | No |
| For the TCP or UDP protocols, this specifies the range of ports to allow. You specify a single integer or a range (min-max). Condition: Applies when specifying a CIDR subnet as the source. Example: | No |
| For the ICMP protocol, the ICMP type and code must be specified. This must be specified in the format type:code where both are integers. Type, code, or both can be specified as -1, which is a wildcard. Condition: Applies when specifying a CIDR subnet as the source. Example: | No |
| The owner of a group specified using Example: | No |
| The network source from which traffic will be authorized
specified as a security Group. See the description of the
Example: | No |
| The network source from which traffic is to be authorized specified as a CIDR subnet range. Example: | No |
Output
Amazon EC2 returns a table that contains the following information:
Output type identifier ("GROUP", "PERMISSION")
Group name. Currently, this will report an empty string
Type of rule. Currently, only ALLOW rules are supported
Protocol to allow
Start of port range
End of port range
FROMSource
Amazon EC2 displays errors on stderr.
Example
This example grants TCP port 80 access from the 205.192.0.0/16 address range to the websrv security group.
PROMPT>ec2-authorize websrv -P tcp -p 80 -s 205.192.0.0/16GROUP websrv "" PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16