This action applies only to security groups in a VPC; it’s not supported for EC2 security
groups. For information about Amazon Virtual Private Cloud and VPC security groups, go to the
Amazon Virtual Private Cloud User Guide.
The action adds one or more egress rules to a VPC security group. Specifically, this permits
instances in a security group to send traffic to either one or more destination CIDR IP address
ranges, or to one or more destination security groups in the same VPC.
Each rule consists of the protocol (e.g., TCP), plus either a CIDR range, or a source group.
For the TCP and UDP protocols, you must also specify the destination port or port range. For
the ICMP protocol, you must also specify the ICMP type and code. You can use -1
as
a wildcard for the ICMP type or code.
Rule changes are propagated to instances within the security group as quickly as possible.
However, a small delay might occur.
Important: For VPC security groups: You can have up to 50 rules total per
group (covering both ingress and egress).
Access
Parameters
Parameter |
Type |
Required |
Description |
$group_id
|
string
|
Required
|
ID of the VPC security group to modify. |
$opt
|
array
|
Optional
|
An associative array of parameters that can have the following keys:
IpPermissions - array - Optional - List of IP permissions to authorize on the specified security group. Specifying permissions through IP permissions is the preferred way of authorizing permissions since it offers more flexibility and control. x - array - Optional - This represents a simple array index. IpProtocol - string - Optional - The IP protocol of this permission. Valid protocol values: tcp , udp , icmp FromPort - integer - Optional - Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).ToPort - integer - Optional - End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).Groups - array - Optional - The list of AWS user IDs and groups included in this permission. x - array - Optional - This represents a simple array index. UserId - string - Optional - The AWS user ID of an account.GroupName - string - Optional - Name of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.GroupId - string - Optional - ID of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.
IpRanges - string|array - Optional - The list of CIDR IP ranges included in this permission. Pass a string for a single value, or an indexed array for multiple values.
curlopts - array - Optional - A set of values to pass directly into curl_setopt() , where the key is a pre-defined CURLOPT_* constant.returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests. |
Returns
Examples
Authorize Security Group Egress
// Instantiate the class
$ec2 = new AmazonEC2();
$response = $ec2->authorize_security_group_egress('sg-830d1eef', array(
'IpPermissions' => array(
array( // Set 0
'IpProtocol' => 'tcp',
'FromPort' => '80',
'ToPort' => '80',
'IpRanges' => array(
array('CidrIp' => '205.192.0.0/16'), // Range 0
)
)
)
));
// Success?
var_dump($response->isOK());
Result:
bool(true)
Related Methods
Source
Method defined in services/ec2.class.php | Toggle source view (16 lines) | View on GitHub
public function authorize_security_group_egress($group_id, $opt = null)
{
if (!$opt) $opt = array();
$opt['GroupId'] = $group_id;
// Optional list + map
if (isset($opt['IpPermissions']))
{
$opt = array_merge($opt, CFComplexType::map(array(
'IpPermissions' => $opt['IpPermissions']
)));
unset($opt['IpPermissions']);
}
return $this->authenticate('AuthorizeSecurityGroupEgress', $opt);
}