ec2-authorize

Syntax

Option	Description	Required
`group`	The group to which this rule will apply. Example: `webservers`	Yes
`-P` `protocol`	The protocol to allow. Condition: Applies when specifying a CIDR subnet as the source. Valid Values: `tcp` \| `udp` \| `icmp` Example: `-P tcp`	Yes
`-p` `port_range`	For the TCP or UDP protocols, this specifies the range of ports to allow. You specify a single integer or a range (min-max). Condition: Applies when specifying a CIDR subnet as the source. Example: `-p 80`	Yes
`-t` `icmp_type_code`	For the ICMP protocol, the ICMP type and code must be specified. This must be specified in the format type:code where both are integers. Type, code, or both can be specified as -1, which is a wildcard. Condition: Applies when specifying a CIDR subnet as the source. Example: `-t 2:5`	Yes
`-u` `source_group_user`	The owner of a group specified using `-o`. If this is not specified, all groups will refer to the current user. If specified more than once, there must be exactly one `-u` per `-o` and each user will be mapped to the corresponding group. Example: `-u 495219933132`	No
`-o` `source_group`	The network source from which traffic will be authorized specified as a security Group. See the description of the `-u` option for group owner information. Example: `-o headoffice`	No
`-s` `source_subnet`	The network source from which traffic is to be authorized specified as a CIDR subnet range. Example: `-s 205.192.8.45/24`	No

$ ec2-authorize websrv -P tcp -p 80 -s 205.192.0.0/16
GROUP websrv ""
PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16