authorize_security_group_egress ( $group_id, $opt )

This action applies only to security groups in a VPC; it’s not supported for EC2 security groups. For information about Amazon Virtual Private Cloud and VPC security groups, go to the Amazon Virtual Private Cloud User Guide.

The action adds one or more egress rules to a VPC security group. Specifically, this permits instances in a security group to send traffic to either one or more destination CIDR IP address ranges, or to one or more destination security groups in the same VPC.

Each rule consists of the protocol (e.g., TCP), plus either a CIDR range, or a source group. For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 as a wildcard for the ICMP type or code.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

Important: For VPC security groups: You can have up to 50 rules total per group (covering both ingress and egress).

Access

public

Parameters

Parameter

Type

Required

Description

$group_id

string

Required

ID of the VPC security group to modify.

$opt

array

Optional

An associative array of parameters that can have the following keys:

  • IpPermissions - array - Optional - List of IP permissions to authorize on the specified security group. Specifying permissions through IP permissions is the preferred way of authorizing permissions since it offers more flexibility and control.
    • x - array - Optional - This represents a simple array index.
      • IpProtocol - string - Optional - The IP protocol of this permission. Valid protocol values: tcp, udp, icmp
      • FromPort - integer - Optional - Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).
      • ToPort - integer - Optional - End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).
      • Groups - array - Optional - The list of AWS user IDs and groups included in this permission.
        • x - array - Optional - This represents a simple array index.
          • UserId - string - Optional - The AWS user ID of an account.
          • GroupName - string - Optional - Name of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.
          • GroupId - string - Optional - ID of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.
      • IpRanges - string|array - Optional - The list of CIDR IP ranges included in this permission. Pass a string for a single value, or an indexed array for multiple values.
  • curlopts - array - Optional - A set of values to pass directly into curl_setopt(), where the key is a pre-defined CURLOPT_* constant.
  • returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.

Returns

Type

Description

CFResponse

A CFResponse object containing a parsed HTTP response.

Examples

Authorize Security Group Egress

// Instantiate the class
$ec2 = new AmazonEC2();

$response = $ec2->authorize_security_group_egress('sg-830d1eef', array(
	'IpPermissions' => array(
		array( // Set 0
			'IpProtocol' => 'tcp',
			'FromPort' => '80',
			'ToPort' => '80',
			'IpRanges' => array(
				array('CidrIp' => '205.192.0.0/16'), // Range 0
			)
		)
	)
));

// Success?
var_dump($response->isOK());
Result:
bool(true)

Related Methods

Source

Method defined in services/ec2.class.php | Toggle source view (16 lines) | View on GitHub

public function authorize_security_group_egress($group_id, $opt = null)
{
    if (!$opt) $opt = array();
    $opt['GroupId'] = $group_id;
    
    // Optional list + map
    if (isset($opt['IpPermissions']))
    {
        $opt = array_merge($opt, CFComplexType::map(array(
            'IpPermissions' => $opt['IpPermissions']
        )));
        unset($opt['IpPermissions']);
    }

    return $this->authenticate('AuthorizeSecurityGroupEgress', $opt);
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback