Learn R
paws.compute (version 0.1.0)

ec2_authorize_security_group_ingress: Adds one or more ingress rules to a security group

Description

Adds one or more ingress rules to a security group.

Usage

ec2_authorize_security_group_ingress(CidrIp, FromPort, GroupId,
  GroupName, IpPermissions, IpProtocol, SourceSecurityGroupName,
  SourceSecurityGroupOwnerId, ToPort, DryRun)

Arguments

CidrIp

The CIDR IPv4 address range. You can't specify this parameter when specifying a source security group.

FromPort

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. For the ICMP/ICMPv6 type number, use -1 to specify all types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

GroupId

The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

GroupName

[EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.

IpPermissions

One or more sets of IP permissions. Can be used to specify multiple rules in a single command.

IpProtocol

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). (VPC only) Use -1 to specify all protocols. If you specify -1, or a protocol number other than tcp, udp, icmp, or 58 (ICMPv6), traffic on all ports is allowed, regardless of any ports you specify. For tcp, udp, and icmp, you must specify a port range. For protocol 58 (ICMPv6), you can optionally specify a port range; if you don't, traffic for all types and codes is allowed.

SourceSecurityGroupName

[EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.

SourceSecurityGroupOwnerId

[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.

ToPort

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code number. For the ICMP/ICMPv6 code number, use -1 to specify all codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Request syntax

svc$authorize_security_group_ingress(
  CidrIp = "string",
  FromPort = 123,
  GroupId = "string",
  GroupName = "string",
  IpPermissions = list(
    list(
      FromPort = 123,
      IpProtocol = "string",
      IpRanges = list(
        list(
          CidrIp = "string",
          Description = "string"
        )
      ),
      Ipv6Ranges = list(
        list(
          CidrIpv6 = "string",
          Description = "string"
        )
      ),
      PrefixListIds = list(
        list(
          Description = "string",
          PrefixListId = "string"
        )
      ),
      ToPort = 123,
      UserIdGroupPairs = list(
        list(
          Description = "string",
          GroupId = "string",
          GroupName = "string",
          PeeringStatus = "string",
          UserId = "string",
          VpcId = "string",
          VpcPeeringConnectionId = "string"
        )
      )
    )
  ),
  IpProtocol = "string",
  SourceSecurityGroupName = "string",
  SourceSecurityGroupOwnerId = "string",
  ToPort = 123,
  DryRun = TRUE|FALSE
)

Details

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

[EC2-Classic] This action gives one or more IPv4 CIDR address ranges permission to access a security group in your account, or gives one or more security groups (called the source groups) permission to access a security group for your account. A source group can be for your own AWS account, or another. You can have up to 100 rules per group.

[EC2-VPC] This action gives one or more IPv4 or IPv6 CIDR address ranges permission to access a security group in your VPC, or gives one or more other security groups (called the source groups) permission to access a security group for your VPC. The security groups must all be for the same VPC or a peer VPC in a VPC peering connection. For more information about VPC security group limits, see Amazon VPC Limits.

You can optionally specify a description for the security group rule.

Examples

Run this code
# NOT RUN {
# This example enables inbound traffic on TCP port 22 (SSH). The rule
# includes a description to help you identify it later.
# }
# NOT RUN {
svc$authorize_security_group_ingress(
  GroupId = "sg-903004f8",
  IpPermissions = list(
    list(
      FromPort = 22L,
      IpProtocol = "tcp",
      IpRanges = list(
        list(
          CidrIp = "203.0.113.0/24",
          Description = "SSH access from the LA office"
        )
      ),
      ToPort = 22L
    )
  )
)
# }
# NOT RUN {
# This example enables inbound traffic on TCP port 80 from the specified
# security group. The group must be in the same VPC or a peer VPC.
# Incoming traffic is allowed based on the private IP addresses of
# instances that are associated with the specified security group.
# }
# NOT RUN {
svc$authorize_security_group_ingress(
  GroupId = "sg-111aaa22",
  IpPermissions = list(
    list(
      FromPort = 80L,
      IpProtocol = "tcp",
      ToPort = 80L,
      UserIdGroupPairs = list(
        list(
          Description = "HTTP access from other instances",
          GroupId = "sg-1a2b3c4d"
        )
      )
    )
  )
)
# }
# NOT RUN {
# This example adds an inbound rule that allows RDP traffic from the
# specified IPv6 address range. The rule includes a description to help
# you identify it later.
# }
# NOT RUN {
svc$authorize_security_group_ingress(
  GroupId = "sg-123abc12 ",
  IpPermissions = list(
    list(
      FromPort = 3389L,
      IpProtocol = "tcp",
      Ipv6Ranges = list(
        list(
          CidrIpv6 = "2001:db8:1234:1a00::/64",
          Description = "RDP access from the NY office"
        )
      ),
      ToPort = 3389L
    )
  )
)
# }
# NOT RUN {
# }

Run the code above in your browser using DataLab