AuthorizeSecurityGroupIngress

Description

Adds permissions to a security group.

Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code fields.

Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.

When authorizing a user/group pair permission, GroupName, SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and CidrIp must be specified.

Request Parameters

Name	Description	Required
`UserId`	AWS Access Key ID. Type: String Default: None	Yes
`GroupName`	Name of the group to modify. The name must be valid and belong to the account Type: String Default: None	Yes
`IpProtocol`	IP protocol. Type: String Valid Values: `tcp` \| `udp` \| `icmp` Default: None	Yes
`FromPort`	Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number). Type: Integer Default: None	Yes
`ToPort`	End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code). Type: Integer Default: None	Yes
`SourceSecurityGroupOwnerId`	AWS User ID of an account. Cannot be used when specifying a CIDR IP address. Type: String Default: None	Yes
`SourceSecurityGroupName`	Name of the security group. Cannot be used when specifying a CIDR IP address. Type: String Default: None	Yes
`CidrIp`	CIDR range. Type: String Default: None Constraints: Valid CIDR IP address range.	Yes

Response Elements

Name Description

Name	Description
`AuthorizeSecurityGroupIngressResponseType`	`AuthorizeSecurityGroupIngressResponseType` element. Type: AuthorizeSecurityGroupIngressResponseType Ancestor: None Children: `requestId`, `return`
`requestId`	The ID of the request. Type: xsd:string Ancestor: `AuthorizeSecurityGroupIngressResponseType` Children: None
`return`	Returns true if request is successful. Otherwise, returns an error. Type: xsd:boolean Ancestor: `AuthorizeSecurityGroupIngressResponseType` Children: None

AuthorizeSecurityGroupIngressResponseType

AuthorizeSecurityGroupIngressResponseType element.

Type: AuthorizeSecurityGroupIngressResponseType

Ancestor: None

Children: requestId, return

requestId

The ID of the request.

Type: xsd:string

Ancestor: AuthorizeSecurityGroupIngressResponseType

Children: None

return

Returns true if request is successful. Otherwise, returns an error.

Type: xsd:boolean

Ancestor: AuthorizeSecurityGroupIngressResponseType

Children: None

Examples

Example Request

This example grants TCP port 80 access from the 205.192.0.0/16 address range to the websrv security group.

https://ec2.amazonaws.com/?Action=AuthorizeSecurityGroupIngress&GroupName=websrv &IpProtocol=tcp &FromPort=80
							&ToPort=80 &CidrIp=205.192.0.0/16 &AuthParams

Example Response

<AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2009-11-30/">
  <return>true</return>
</AuthorizeSecurityGroupIngressResponse>