Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Authorize Security Group Ingress operation

The Authorize Security Group Ingress operation enables you to add permissions for a security group in Amazon EC2.

The following figure shows the sample <items> XML element for the Authorize Security Group Ingress operation. 

Sample <items> XML element for the Authorize Security Group Ingress operation

<items>
   <item>
       <parameters>
           <user-id></user-id>
           <group-name></group-name>
           <ip-permissions>
               <!--Zero or more repetition-->
               <item>
                   <ip-protocol></ip-protocol>
                   <from-port></from-port>
                   <to-port></to-port>
                   <groups>
                       <!--Zero or more repetition-->
                       <item>
                           <user-id></user-id>
                           <group-name></group-name>
                       </item>
                   </groups>
                   <ip-ranges>
                       <!--Zero or more repetition-->
                       <item>
                           <cidr-ip></cidr-ip>
                       </item>
                   </ip-ranges>
               </item>
           </ip-permissions>
       </parameters>
   </item>
</items>

The following table shows the adapter request elements for the Authorize Security Group Ingress operation. 

Adapter request elements for the Authorize Security Group Ingress operation

Element

Definition

Required

<wsdl-location>

Specifies the target Web Service Description Language (WSDL) URL for Amazon EC2

Examples:

Conditional:

  • Required if not specified in the configuration
  • If specified in the configuration and request, the value in the request overrides the value in the configuration
<endpoint-address>

Specifies the web service endpoint for the adapter to use while performing operations on Amazon EC2 instances across different regions

Default value: US East region: http://us-east-1.ec2.amazonaws.com/

No

<signature-properties>

Specifies the mode for signing the adapter request

Conditional:

  • Required if not specified in the configuration
  • If <signature-properties mode = "key-files">, requires <private-key-file>
     and <certificate-file>
  • If <signature-properties mode = "key-data">, requires <private-key-data> and <certificate-data>
<operation-name>

Contains the name of the operation: authorize-security-group-ingress

Yes

<user-id>

Specifies the Access Key ID for the Amazon web services

No

<group-name>

Specifies the name of the security group to modify
The security group name must be valid and must belong to your Amazon EC2 account.

Yes

<ip-permissions>

Specifies the set of permissions for the security group
The <ip-permissions> element has the following child elements:

  • <ip-protocol>
  • <from-port>
  • <to-port>
  • <groups>
  • <ip-ranges>
  • <user-id>

Yes

<ip-protocol>

Specifies the protocol to be used to revoke permissions from the specified security group
Valid values: tcp, udp, icmp

Yes

<from-port>

Specifies the start of the port range for the TCP and UDP protocols, or an ICMP type number
A value of -1 indicates a wild card (any ICMP code).

Yes

<to-port>

Specifies the end of the port range for the TCP and UDP protocols, or an ICMP type number
A value of -1 indicates a wild card (any ICMP code).

Yes

<groups>

Specifies the list of security group and user-id pairs

This element cannot be used to specify a CIDR IP address.

Yes

<ip-ranges>

Specifies the list of CIDR IP ranges

Yes

The following figure shows a sample adapter request for the Authorize Security Group Ingress operation. 

Sample adapter request for the Authorize Security Group Ingress operation

<amazon-ec2-request>
   <wsdl-location>http://ec2.amazonaws.com/doc/2009-11-30/</wsdl-location>
   <endpoint-address>http://us-east-1.ec2.amazonaws.com/</endpoint-address>
   <signature-properties mode = "key-files">
       <private-key-file>C:\Security\
pk-MJ5GIUNLM2XJ3VRJSYTKOFDWILELDQHB.PEM</private-key-file>
       <certificate-file>C:\Security\
cert-MJ5GIUNLM2XJ3VRJSYTKOFDWILELDQHB.PEM</certificate-file>
   </signature-properties>
   <operation-name>authorize-security-group-ingress</operation-name>
   <parameters>
       <user-id>AKIAJC5TEHAOKCDCZQ</user-id>
       <group-name>test1</group-name>
       <ip-permissions>
           <item>
               <ip-protocol>tcp</ip-protocol>
               <from-port>80</from-port>
               <to-port>80</to-port>
               <groups>
                   <item>
                       <user-id>122872856587</user-id>
                       <group-name>sec1</group-name>
                   </item>
               </groups>
               <ip-ranges/>
           </item>
           <item>
               <ip-protocol>tcp</ip-protocol>
               <from-port>10</from-port>
               <to-port>100</to-port>
               <ip-ranges>
                   <item>
                       <cidr-ip>205.192.0.0/16</cidr-ip>
                   </item>
                   <item>
                       <cidr-ip>205.10.10.0/8</cidr-ip>
                   </item>
               </ip-ranges>
           </item>
       </ip-permissions>
   </parameters>
</amazon-ec2-request>

The following figure shows the response for the sample adapter request for the Authorize Security Group Ingress operation. 

Sample adapter response for the Authorize Security Group Ingress operation

<amazon-ec2-response>
   <metadata>
       <status>success</status>
   </metadata>
   <AuthorizeSecurityGroupIngressResponse>
       <requestId>9f5082d8-a54c-4ca3-833d-e19e5b6e4eae</requestId>
       <return>true</return>
   </AuthorizeSecurityGroupIngressResponse>
</amazon-ec2-response>

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*