Authorize Security Group Ingress operation

The Authorize Security Group Ingress operation enables you to add permissions for a security group in Amazon EC2.

The following figure shows the sample <items> XML element for the Authorize Security Group Ingress operation. 

Sample <items> XML element for the Authorize Security Group Ingress operation

<items>
   <item>
       <parameters>
           <user-id></user-id>
           <group-name></group-name>
           <ip-permissions>
               <!--Zero or more repetition-->
               <item>
                   <ip-protocol></ip-protocol>
                   <from-port></from-port>
                   <to-port></to-port>
                   <groups>
                       <!--Zero or more repetition-->
                       <item>
                           <user-id></user-id>
                           <group-name></group-name>
                       </item>
                   </groups>
                   <ip-ranges>
                       <!--Zero or more repetition-->
                       <item>
                           <cidr-ip></cidr-ip>
                       </item>
                   </ip-ranges>
               </item>
           </ip-permissions>
       </parameters>
   </item>
</items>

The following table shows the adapter request elements for the Authorize Security Group Ingress operation. 

Adapter request elements for the Authorize Security Group Ingress operation

Element

Definition

Required

<wsdl-location>

Specifies the target Web Service Description Language (WSDL) URL for Amazon EC2

Examples:

Conditional:

  • Required if not specified in the configuration
  • If specified in the configuration and request, the value in the request overrides the value in the configuration
<endpoint-address>

Specifies the web service endpoint for the adapter to use while performing operations on Amazon EC2 instances across different regions

Default value: US East region: http://us-east-1.ec2.amazonaws.com/

No

<signature-properties>

Specifies the mode for signing the adapter request

Conditional:

  • Required if not specified in the configuration
  • If <signature-properties mode = "key-files">, requires <private-key-file>
     and <certificate-file>
  • If <signature-properties mode = "key-data">, requires <private-key-data> and <certificate-data>
<operation-name>

Contains the name of the operation: authorize-security-group-ingress

Yes

<user-id>

Specifies the Access Key ID for the Amazon web services

No

<group-name>

Specifies the name of the security group to modify
The security group name must be valid and must belong to your Amazon EC2 account.

Yes

<ip-permissions>

Specifies the set of permissions for the security group
The <ip-permissions> element has the following child elements:

  • <ip-protocol>
  • <from-port>
  • <to-port>
  • <groups>
  • <ip-ranges>
  • <user-id>

Yes

<ip-protocol>

Specifies the protocol to be used to revoke permissions from the specified security group
Valid values: tcp, udp, icmp

Yes

<from-port>

Specifies the start of the port range for the TCP and UDP protocols, or an ICMP type number
A value of -1 indicates a wild card (any ICMP code).

Yes

<to-port>

Specifies the end of the port range for the TCP and UDP protocols, or an ICMP type number
A value of -1 indicates a wild card (any ICMP code).

Yes

<groups>

Specifies the list of security group and user-id pairs

This element cannot be used to specify a CIDR IP address.

Yes

<ip-ranges>

Specifies the list of CIDR IP ranges

Yes

The following figure shows a sample adapter request for the Authorize Security Group Ingress operation. 

Sample adapter request for the Authorize Security Group Ingress operation

<amazon-ec2-request>
   <wsdl-location>http://ec2.amazonaws.com/doc/2009-11-30/</wsdl-location>
   <endpoint-address>http://us-east-1.ec2.amazonaws.com/</endpoint-address>
   <signature-properties mode = "key-files">
       <private-key-file>C:\Security\
pk-MJ5GIUNLM2XJ3VRJSYTKOFDWILELDQHB.PEM</private-key-file>
       <certificate-file>C:\Security\
cert-MJ5GIUNLM2XJ3VRJSYTKOFDWILELDQHB.PEM</certificate-file>
   </signature-properties>
   <operation-name>authorize-security-group-ingress</operation-name>
   <parameters>
       <user-id>AKIAJC5TEHAOKCDCZQ</user-id>
       <group-name>test1</group-name>
       <ip-permissions>
           <item>
               <ip-protocol>tcp</ip-protocol>
               <from-port>80</from-port>
               <to-port>80</to-port>
               <groups>
                   <item>
                       <user-id>122872856587</user-id>
                       <group-name>sec1</group-name>
                   </item>
               </groups>
               <ip-ranges/>
           </item>
           <item>
               <ip-protocol>tcp</ip-protocol>
               <from-port>10</from-port>
               <to-port>100</to-port>
               <ip-ranges>
                   <item>
                       <cidr-ip>205.192.0.0/16</cidr-ip>
                   </item>
                   <item>
                       <cidr-ip>205.10.10.0/8</cidr-ip>
                   </item>
               </ip-ranges>
           </item>
       </ip-permissions>
   </parameters>
</amazon-ec2-request>

The following figure shows the response for the sample adapter request for the Authorize Security Group Ingress operation. 

Sample adapter response for the Authorize Security Group Ingress operation

<amazon-ec2-response>
   <metadata>
       <status>success</status>
   </metadata>
   <AuthorizeSecurityGroupIngressResponse>
       <requestId>9f5082d8-a54c-4ca3-833d-e19e5b6e4eae</requestId>
       <return>true</return>
   </AuthorizeSecurityGroupIngressResponse>
</amazon-ec2-response>

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*