Security_Group_Operations for the Amazon EC2 REST adapter
The following topic describes the adapter request and response for the Security_Group_Operations.
Authorize Security Group Ingress operation
The Authorize Security Group Ingress operation enables you to add permissions for a security group in Amazon EC2.
The following figure shows the sample <items> XML element for the Authorize Security Group Ingress operation.
Sample <items> XML element for the Authorize Security Group Ingress operation
<item>
<parameters>
<group-name></group-name>
<ip-permissions>
<!-Zero or more repetition->
<item>
<ip-protocol></ip-protocol>
<from-port></from-port>
<to-port></to-port>
<groups>
<!-Zero or more repetition->
<item>
<user-id></user-id>
<group-name></group-name>
</item>
</groups>
<ip-ranges>
<!-Zero or more repetition->
<item>
<cidr-ip></cidr-ip>
</item>
</ip-ranges>
</item>
</ip-permissions>
</parameters>
</item>
</items>
The following table shows the adapter request elements for the Authorize Security Group Ingress operation.
Adapter request elements for the Authorize Security Group Ingress operation
Element | Definition | Required |
---|---|---|
<access-key> | Specifies the Amazon Web Services (AWS) access key You need to generate the AWS access key by going to the Security Credentials tab in the AWS console. | Conditional;
|
<secret-key> | Specifies the AWS secret access key You need to generate the AWS secret access key by going to the Security Credentials tab in the AWS console. | Conditional;
|
<region> | Specifies the region with which you want the adapter to communicate Amazon EC2 is hosted in multiple locations world-wide. You must specify the region in which you want the adapter to perform the actions. Valid values:
| No |
<operation-name> | Contains the name of the operation: authorize-security-group-ingress | Yes |
<user-id> | Specifies the user ID for the Amazon EC2 account | No |
<group-name> | Specifies the name of the security group to modify The security group name must be valid and must belong to your Amazon EC2 account. | Yes |
<ip-permissions> | Specifies the set of permissions for the security group The <ip-permissions> element has the following child elements:
| Yes |
<ip-protocol> | Specifies the protocol to be used to revoke permissions from the specified security group | Yes |
<from-port> | Specifies the start of the port range for the TCP and UDP protocols, or an ICMP type number | Yes |
<to-port> | Specifies the end of the port range for the TCP and UDP protocols, or an ICMP type number | Yes |
<groups> | Specifies the list of security group and user-id pairs | Yes |
<ip-ranges> | Specifies the list of CIDR IP ranges | Yes |
The following figure shows a sample adapter request for the Authorize Security Group Ingress operation.
Sample adapter request for the Authorize Security Group Ingress operation
<access-key>AKIAI**********HQTRA</access-key>
<secret-key>7Z8wlSJ41*******************ED8h3P223Q7</secret-key>
<region>us-west-2</region>
<operation-name>authorize-security-group-ingress</operation-name>
<parameters>
<group-name>bmc1</group-name>
<ip-permissions>
<item>
<ip-protocol>icmp</ip-protocol>
<from-port>-1</from-port>
<to-port>-1</to-port>
<groups>
<item>
<user-id>246495073671</user-id>
<group-name>launch-wizard-17</group-name>
</item>
<item>
<user-id>246495073671</user-id>
<group-name>launch-wizard-11</group-name>
</item>
<item>
<user-id>246495073671</user-id>
<group-name>launch-wizard-4</group-name>
</item>
</groups>
<ip-ranges />
</item>
<item>
<ip-protocol>tcp</ip-protocol>
<from-port>0</from-port>
<to-port>22</to-port>
<groups>
<item>
<user-id />
<group-name />
</item>
</groups>
<ip-ranges>
<item>
<cidr-ip>10.20.0.0/16</cidr-ip>
</item>
</ip-ranges>
</item>
</ip-permissions>
</parameters>
</amazon-ec2-rest-request>
The following figure shows the response for the sample adapter request for the Authorize Security Group Ingress operation.
Sample adapter response for the Authorize Security Group Ingress operation
<metadata>
<status>success</status>
</metadata>
<AuthorizeSecurityGroupIngressResponse>
<return>true</return>
</AuthorizeSecurityGroupIngressResponse>
</amazon-ec2-rest-response>
Create Security Group operation
The Create Security Group operation enables you to create a new security group. The security group name must be unique for each Amazon EC2 account.
The following figure shows the sample <items> XML element for the Create Security Group operation.
Sample <items> XML element for the Create Security Group operation
<item>
<parameters>
<group-name></group-name>
<group-description></group-description>
</parameters>
</item>
</items>
The following table shows the adapter request elements for this request.
Adapter request elements for the Create Security Group operation
Element | Definition | Required |
---|---|---|
<access-key> | Specifies the Amazon Web Services (AWS) access key You need to generate the AWS access key by going to the Security Credentials tab in the AWS console. | Conditional;
|
<secret-key> | Specifies the AWS secret access key You need to generate the AWS secret access key by going to the Security Credentials tab in the AWS console. | Conditional;
|
<region> | Specifies the region with which you want the adapter to communicate Amazon EC2 is hosted in multiple locations world-wide. You must specify the region in which you want the adapter to perform the actions. Valid values:
| No |
<operation-name> | Contains the name of the operation: create-security-group | Yes |
<group-name> | Specifies the name of the security group | Yes |
<group-description> | Specifies the description for the security group | Yes |
<vpc-id> | Specifies the ID for the amazon web services Virtual Private Cloud in which you want to create the security_group | Yes |
The following figure shows a sample adapter request for the Create Security Group operation.
Sample adapter request for the Create Security Group operation
<access-key>AKIAI**********HQTRA</access-key>
<secret-key>7Z8wlSJ41***************FZWYVED8h3P223Q7</secret-key>
<region>us-west-2</region>
<operation-name>create-security-group</operation-name>
<parameters>
<group-name>bmc2</group-name>
<group-description>bmc2</group-description>
</parameters>
</amazon-ec2-rest-request>
The following figure shows the sample adapter response for the Create Security Group operation.
Sample adapter response for the Create Security Group operation
<metadata>
<status>success</status>
</metadata>
<CreateSecurityGroupResponse>
<groupId>sg-827944b2</groupId>
<return>true</return>
</CreateSecurityGroupResponse>
</amazon-ec2-rest-response>
Delete Security Group operation
The Delete Security Group operation enables you to delete a security group that you own.
The following figure shows a sample <items> XML element for the Delete Security Group operation.
Sample <items> XML element for the Delete Security Group operation
<item>
<parameters>
<group-name></group-name>
</parameters>
</item>
</items>
The following table describes the adapter request elements for this request.
Adapter request elements for the Delete Security Group operation
Element | Definition | Required |
---|---|---|
<access-key> | Specifies the Amazon Web Services (AWS) access key You need to generate the AWS access key by going to the Security Credentials tab in the AWS console. | Conditional;
|
<secret-key> | Specifies the AWS secret access key You need to generate the AWS secret access key by going to the Security Credentials tab in the AWS console. | Conditional;
|
<region> | Specifies the region with which you want the adapter to communicate Amazon EC2 is hosted in multiple locations world-wide. You must specify the region in which you want the adapter to perform the actions. Valid values:
| No |
<operation-name> | Contains the name of the operation: delete-security-group | Yes |
<group-name> | Specifies the name of the security group that you want to delete | Yes |
The following figure shows the sample adapter request for the Delete Security Group operation.
Sample adapter request for the Delete Security Group operation
<access-key>AKIAI**********HQTRA</access-key>
<secret-key>7Z8wlSJ41***************FZWYVED8h3P223Q7</secret-key>
<region>us-west-2</region>
<operation-name>delete-security-group</operation-name>
<parameters>
<group-name>bmc3</group-name>
</parameters>
</amazon-ec2-rest-request>
</request-data>
The following figure shows the sample adapter response for the Delete Security Group operation.
Sample adapter response for the Delete Security Group operation
<metadata>
<status>success</status>
</metadata>
<DeleteSecurityGroupResponse>
<return>true</return>
</DeleteSecurityGroupResponse>
</amazon-ec2-rest-response>
Describe Security Groups operation
The Describe Security Groups operations retrieves information about the security groups that you own.
The following figure shows the sample <items> XML element for the Describe Security Groups operation.
Sample <items> XML element for the Describe Security Groups operation
<item>
<parameters>
<security-group-set>
<!--Zero or more repetitions:-->
<item>
<group-name></group-name>
</item>
</security-group-set>
</parameters>
</item>
</items>
The following table shows the adapter request elements for this request.
Adapter request elements for the Describe Security Groups operation
Element | Definition | Required |
---|---|---|
<access-key> | Specifies the Amazon Web Services (AWS) access key You need to generate the AWS access key by going to the Security Credentials tab in the AWS console. | Conditional;
|
<secret-key> | Specifies the AWS secret access key You need to generate the AWS secret access key by going to the Security Credentials tab in the AWS console. | Conditional;
|
<region> | Specifies the region with which you want the adapter to communicate Amazon EC2 is hosted in multiple locations world-wide. You must specify the region in which you want the adapter to perform the actions. Valid values:
| No |
<operation-name> | Contains the name of the operation: describe-security-group | Yes |
<security-group-set> | Specifies the set of security groups containing the name of the security groups to be described | Yes |
The following figure shows a sample adapter request for the Describe Security Groups operation.
Sample adapter request for the Describe Security Groups operation
<access-key>AKIAI*********HQTRA</access-key>
<secret-key>7Z8wlSJ41***************FZWYVED8h3P223Q7</secret-key>
<region>us-west-2</region>
<operation-name>describe-security-groups</operation-name>
<parameters>
<security-group-set>
<item>
<group-name>bmc1</group-name>
</item>
<item>
<group-name>bmc2</group-name>
</item>
</security-group-set>
</parameters>
</amazon-ec2-rest-request>
The following figure shows the response for the sample adapter response for the Describe Security Groups operation.
Sample adapter response for the Describe Security Groups operation
<metadata>
<status>success</status>
</metadata>
<DescribeSecurityGroupsResponse>
<securityGroupInfo>
<item>
<ownerId>246495073671</ownerId>
<groupId>sg-827944b2</groupId>
<groupName>bmc2</groupName>
<groupDescription>bmc2</groupDescription>
<ipPermissions />
</item>
<item>
<ownerId>246495073671</ownerId>
<groupId>sg-a87e4398</groupId>
<groupName>bmc1</groupName>
<groupDescription>bmc1</groupDescription>
<ipPermissions>
<item>
<ipProtocol>tcp</ipProtocol>
<fromPort>0</fromPort>
<toPort>65535</toPort>
<groups />
<ipRanges>
<item>
<cidrIp>0.0.0.0/0</cidrIp>
</item>
</ipRanges>
</item>
<item>
<ipProtocol>icmp</ipProtocol>
<fromPort>-1</fromPort>
<toPort>-1</toPort>
<groups />
<ipRanges>
<item>
<cidrIp>0.0.0.0/0</cidrIp>
</item>
</ipRanges>
</item>
</ipPermissions>
</item>
</securityGroupInfo>
</DescribeSecurityGroupsResponse>
</amazon-ec2-rest-response>
Revoke Security Group Ingress operation
The Revoke Security Group Ingress operation enables you to revoke permissions from the specified security group. While revoking permissions, you must use the same values specified for granting the permissions.
The permissions for a security group are specified by:
- IP protocol—TCP, UDP, or ICMP
- Source of the request—IP range or an Amazon EC2 user-group pair
- Source and destination port ranges for TCP and UDP
Codes and types for ICMP
The following figure shows the sample <items> XML element for the Revoke Security Group Ingress operation.Sample <items> XML element for the Revoke Security Group Ingress operation
<items>
<item>
<parameters>
<user-id></user-id>
<group-name></group-name>
<ip-permissions>
<!--Zero or more repetition-->
<item>
<ip-protocol></ip-protocol>
<from-port></from-port>
<to-port></to-port>
<groups>
<!--Zero or more repetition-->
<item>
<user-id></user-id>
<group-name></group-name>
</item>
</groups>
<ip-ranges>
<!--Zero or more repetition-->
<item>
<cidr-ip></cidr-ip>
</item>
</ip-ranges>
</item>
</ip-permissions>
</parameters>
</item>
</items>The following table shows the adapter request elements for the Revoke Security Group Ingress operation.
Adapter request elements for the Revoke Security Group Ingress operation
The [confluence_table-plus] macro is a standalone macro and it cannot be used inline.
The following figure shows a sample adapter request for the Revoke Security Group Ingress operation.
Sample adapter request for the Revoke Security Group Ingress operation
<access-key>AKIAI**********HQTRA</access-key>
<secret-key>7Z8wlSJ41****************ZWYVED8h3P223Q7</secret-key>
<region>us-west-2</region>
<operation-name>revoke-security-group-ingress</operation-name>
<parameters>
<user-id>246495073671</user-id>
<group-name>bmc1</group-name>
<ip-permissions>
<item>
<ip-protocol>icmp</ip-protocol>
<from-port>-1</from-port>
<to-port>-1</to-port>
<groups>
<item>
<user-id>246495073671</user-id>
<group-name>launch-wizard-17</group-name>
</item>
</groups>
<ip-ranges>
<item>
<cidr-ip />
</item>
</ip-ranges>
</item>
<item>
<ip-protocol>tcp</ip-protocol>
<from-port>0</from-port>
<to-port>22</to-port>
<groups>
<item>
<user-id>246495073671</user-id>
<group-name>launch-wizard-4</group-name>
</item>
</groups>
<ip-ranges>
<item>
<cidr-ip>10.20.0.0/16</cidr-ip>
</item>
</ip-ranges>
</item>
</ip-permissions>
</parameters>
</amazon-ec2-rest-request>
The following figure shows the response for the sample adapter request for the Revoke Security Group Ingress operation.
Sample adapter response for the Revoke Security Group Ingress operation
<metadata>
<status>success</status>
</metadata>
<RevokeSecurityGroupIngressResponse>
<return>true</return>
</RevokeSecurityGroupIngressResponse>
</amazon-ec2-rest-response>