The AuthorizeSecurityGroupIngress operation
adds permissions to a security group.
Permissions are specified in terms of the IP protocol (TCP, UDP or
ICMP), the source of the request (by IP range or an
AmazonĀ EC2 user-group pair), source and destination port ranges (for
TCP and UDP), and ICMP codes and types (for ICMP). When
authorizing ICMP, -1 may be used as a wildcard
in the type and code fields.
Permission changes are propagated to instances within the security group being modified as quickly as possible. However, a small delay is likely, depending on the number of instances that are members of the indicated group.
When authorizing a user/group pair permission, GroupName,
SourceSecurityGroupName and
SourceSecurityGroupOwnerId must be specified. When
authorizing a CIDR IP permission, GroupName, IpProtocol,
FromPort, ToPort and CidrIp must be
specified. Mixing these two types of parameters is not allowed.
The following table describes the request parameters for
AuthorizeSecurityGroupIngress. Parameter
names are case sensitive.
| Element Name | Definition | Required? | Type |
|---|---|---|---|
GroupName
| Name of the group to modify. | Yes | string |
SourceSecurityGroupName
| Name of security group to authorize access to when operating on a user/group pair. | When authorizing user/group pair permission. |
string
|
SourceSecurityGroupOwnerId
| Owner of security group to authorize access to when operating on a user/group pair. | When authorizing user/group pair permisison. |
string
|
IpProtocol
|
IP protocol to authorize access to when operating on a CIDR
IP. Valid values are tcp,
udp and icmp.
| When authorizing CIDR IP permission. |
string
|
FromPort
| Bottom of port range to authorize access to when operating on a CIDR IP. This contains the ICMP type if ICMP is being authorized. | When authorizing CIDR IP permission. |
int
|
ToPort
| Top of port range to authorize access to when operating on a CIDR IP. This contains the ICMP code if ICMP is being authorized. | When authorizing CIDR IP permission. |
int
|
CidrIp
| CIDR IP range to authorize access to when operating on a CIDR IP. | When authorizing CIDR IP permission. |
string
|
The following table describes the default response tags included
in AuthorizeSecurityGroupIngress responses.
| Element Name | Definition | Type |
|---|---|---|
return
|
true if permissions successfully
added.
| xsd:boolean |
https://ec2.amazonaws.com/ ?Action=AuthorizeSecurityGroupIngress &IpProtocol=tcp &FromPort=80 &ToPort=80 &CidrIp=0.0.0.0/0 &...auth parameters...
<AuthorizeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2007-01-19"> <return>true</return> </AuthorizeSecurityGroupIngressResponse>