ec2_authorize_security_group_egress: [EC2-VPC only] Adds one or more egress rules to a security group for use with a VPC

Description

[EC2-VPC only] Adds one or more egress rules to a security group for use with a VPC. Specifically, this action permits instances to send traffic to one or more destination IPv4 or IPv6 CIDR address ranges, or to one or more destination security groups for the same VPC. This action doesn't apply to security groups for use in EC2-Classic. For more information, see Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide. For more information about security group limits, see Amazon VPC Limits.

Usage

ec2_authorize_security_group_egress(DryRun, GroupId, IpPermissions,
  CidrIp, FromPort, IpProtocol, ToPort, SourceSecurityGroupName,
  SourceSecurityGroupOwnerId)

Arguments

DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

GroupId

[required] The ID of the security group.

IpPermissions

One or more sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions.

CidrIp

Not supported. Use a set of IP permissions to specify the CIDR.

FromPort

Not supported. Use a set of IP permissions to specify the port.

IpProtocol

Not supported. Use a set of IP permissions to specify the protocol name or number.

ToPort

Not supported. Use a set of IP permissions to specify the port.

SourceSecurityGroupName

Not supported. Use a set of IP permissions to specify a destination security group.

SourceSecurityGroupOwnerId

Not supported. Use a set of IP permissions to specify a destination security group.

Request syntax

svc$authorize_security_group_egress(
  DryRun = TRUE|FALSE,
  GroupId = "string",
  IpPermissions = list(
    list(
      FromPort = 123,
      IpProtocol = "string",
      IpRanges = list(
        list(
          CidrIp = "string",
          Description = "string"
        )
      ),
      Ipv6Ranges = list(
        list(
          CidrIpv6 = "string",
          Description = "string"
        )
      ),
      PrefixListIds = list(
        list(
          Description = "string",
          PrefixListId = "string"
        )
      ),
      ToPort = 123,
      UserIdGroupPairs = list(
        list(
          Description = "string",
          GroupId = "string",
          GroupName = "string",
          PeeringStatus = "string",
          UserId = "string",
          VpcId = "string",
          VpcPeeringConnectionId = "string"
        )
      )
    )
  ),
  CidrIp = "string",
  FromPort = 123,
  IpProtocol = "string",
  ToPort = 123,
  SourceSecurityGroupName = "string",
  SourceSecurityGroupOwnerId = "string"
)

Details

Each rule consists of the protocol (for example, TCP), plus either a CIDR range or a source group. For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes. You can optionally specify a description for the rule.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

Examples

Run this code

# NOT RUN {
# This example adds a rule that grants access to the specified address
# ranges on TCP port 80.
# }
# NOT RUN {
svc$authorize_security_group_egress(
  GroupId = "sg-1a2b3c4d",
  IpPermissions = list(
    list(
      FromPort = 80L,
      IpProtocol = "tcp",
      IpRanges = list(
        list(
          CidrIp = "10.0.0.0/16"
        )
      ),
      ToPort = 80L
    )
  )
)
# }
# NOT RUN {
# This example adds a rule that grants access to the specified security
# group on TCP port 80.
# }
# NOT RUN {
svc$authorize_security_group_egress(
  GroupId = "sg-1a2b3c4d",
  IpPermissions = list(
    list(
      FromPort = 80L,
      IpProtocol = "tcp",
      ToPort = 80L,
      UserIdGroupPairs = list(
        list(
          GroupId = "sg-4b51a32f"
        )
      )
    )
  )
)
# }
# NOT RUN {
# }

Run the code above in your browser using DataLab