AuthorizeSecurityGroupIngress

The AuthorizeSecurityGroupIngress operation adds permissions to a security group.

Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code fields.

Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.

When authorizing a user/group pair permission, GroupName, SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and CidrIp must be specified. Mixing these two types of parameters is not allowed.

Request Parameters

The following table describes the request parameters for AuthorizeSecurityGroupIngress. Parameter names are case sensitive.

Name	Description	Required
`GroupName`	Name of the group to modify. Type: String	Yes
`SourceSecurityGroupName`	Name of security group to authorize access to when operating on a user/group pair. Type: String	When authorizing user/group pair permission.
`SourceSecurityGroupOwnerId`	Owner of security group to authorize access to when operating on a user/group pair. Type: String	When authorizing user/group pair permisison.
`IpProtocol`	IP protocol to authorize access to when operating on a CIDR IP. Type: String Valid Values: `tcp` \| `udp` \| `icmp`	When authorizing CIDR IP permission.
`FromPort`	Bottom of port range to authorize access to when operating on a CIDR IP. This contains the ICMP type if ICMP is being authorized. Type: Int	When authorizing CIDR IP permission.
`ToPort`	Top of port range to authorize access to when operating on a CIDR IP. This contains the ICMP code if ICMP is being authorized. Type: Int	When authorizing CIDR IP permission.
`CidrIp`	CIDR IP range to authorize access to when operating on a CIDR IP. Type: String	When authorizing CIDR IP permission.

Response Elements

The following table describes the default response tags included in AuthorizeSecurityGroupIngress responses.

Name Description

Name	Description
`return`	`true` if permissions successfully added. Type: xsd:boolean

return

true if permissions successfully added.

Type: xsd:boolean

Sample Request

https://ec2.amazonaws.com/
?Action=AuthorizeSecurityGroupIngress
&IpProtocol=tcp
&FromPort=80
&ToPort=80
&CidrIp=0.0.0.0/0
&...auth parameters...

Sample Response

<AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2007-08-29">
  <return>true</return>
</AuthorizeSecurityGroupIngressResponse>

AuthorizeSecurityGroupIngress

Request Parameters

Response Elements

Sample Request

Sample Response

Related Operations