Prev Next

ec2-authorize

SYNOPSIS

ec2-authorize GROUP [-P PROTOCOL] (-p PORT_RANGE | -t ICMP_TYPE_CODE) [-u SOURCE_GROUP_USER ...] [-o SOURCE_GROUP ...] [-s SOURCE_SUBNET ...]

DESCRIPTION

Adds a rule to the security group named GROUP. If no source host, group or subnet is provided, requests from any source address will be honored.

OUTPUT

A table containing the following information is returned:

Errors are displayed on stderr.

OPTIONS

OptionDefinitionRequired?Example
-P PROTOCOLThe protocol to allow. This can be tcp, udp or icmp. This option only applies when specifying a CIDR subnet as the source. Yes-P tcp
-p PORT_RANGEFor the TCP or UDP protocols, this specifies the range of ports to allow. This may be specified as a single integer or as a range (min-max). This option only applies when specifying a CIDR subnet as the source. Yes-p 80
-t ICMP_TYPE_CODEFor the ICMP protocol, the ICMP type and code must be specified. This must be specified as type:code where both are integers. Type or code (or both) may be specified as -1 which is a wildcard. This option only applies when specifying a CIDR subnet as the source. Yes-t 2:5
-u SOURCE_GROUP_USERThe owner of a group specified using -o. If this is not specified, all groups will refer to the current user. If specified more than once, there must be exactly one -u per -o and each user will be mapped to the corresponding group. No-u 495219933132
-o SOURCE_GROUPThe network source from which traffic is to be authorized specified as a security Group. See the description of the -u parameter for group owner information. No-o headoffice
-s SOURCE_SUBNETThe network source from which traffic is to be authorized specified as a CIDR Subnet range. No-s 205.192.8.45/24

EXAMPLE

$ ec2-authorize websrv -P tcp -p 80 -s 205.192.0.0/16
GROUP websrv ""
PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16

SEE ALSO

Prev Next