authorize_security_group_ingress ( $opt )

The AuthorizeSecurityGroupIngress operation adds permissions to a security group.

Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code fields.

Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.

Access

public

Parameters

Parameter

Type

Required

Description

$opt

array

Optional

An associative array of parameters that can have the following keys:

  • GroupName - string - Optional - Name of the standard (EC2) security group to modify. The group must belong to your account. Can be used instead of GroupID for standard (EC2) security groups.
  • GroupId - string - Optional - ID of the standard (EC2) or VPC security group to modify. The group must belong to your account. Required for VPC security groups; can be used instead of GroupName for standard (EC2) security groups.
  • IpPermissions - array - Optional - List of IP permissions to authorize on the specified security group. Specifying permissions through IP permissions is the preferred way of authorizing permissions since it offers more flexibility and control.
    • x - array - Optional - This represents a simple array index.
      • IpProtocol - string - Optional - The IP protocol of this permission. Valid protocol values: tcp, udp, icmp
      • FromPort - integer - Optional - Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).
      • ToPort - integer - Optional - End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).
      • Groups - array - Optional - The list of AWS user IDs and groups included in this permission.
        • x - array - Optional - This represents a simple array index.
          • UserId - string - Optional - The AWS user ID of an account.
          • GroupName - string - Optional - Name of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.
          • GroupId - string - Optional - ID of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.
      • IpRanges - string|array - Optional - The list of CIDR IP ranges included in this permission. Pass a string for a single value, or an indexed array for multiple values.
  • curlopts - array - Optional - A set of values to pass directly into curl_setopt(), where the key is a pre-defined CURLOPT_* constant.
  • returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.

Returns

Type

Description

CFResponse

A CFResponse object containing a parsed HTTP response.

Examples

Authorize Security Group Ingress

// Instantiate the class
$ec2 = new AmazonEC2();

$response = $ec2->authorize_security_group_ingress(array(
	'GroupName' => 'default',
	'IpPermissions' => array(
		array( // Set 0
			'IpProtocol' => 'tcp',
			'FromPort' => '80',
			'ToPort' => '80',
			'IpRanges' => array(
				array('CidrIp' => '205.192.0.0/16'), // Range 0
			)
		)
	)
));

// Success?
var_dump($response->isOK());
Result:
bool(true)

Changelog

Version

Description

1.3

The AuthorizeSecurityGroupIngress operation introduced backwards-incompatible changes in the 2011-01-01 API release. The GroupName parameter is no longer required. Instead GroupName or GroupId are conditionally required.

Related Methods

Source

Method defined in services/ec2.class.php | Toggle source view (15 lines) | View on GitHub

public function authorize_security_group_ingress($opt = null)
{
    if (!$opt) $opt = array();
            
    // Optional list + map
    if (isset($opt['IpPermissions']))
    {
        $opt = array_merge($opt, CFComplexType::map(array(
            'IpPermissions' => $opt['IpPermissions']
        )));
        unset($opt['IpPermissions']);
    }

    return $this->authenticate('AuthorizeSecurityGroupIngress', $opt);
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback