The AuthorizeSecurityGroupIngress operation adds permissions to a security group.
Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request (by
IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and
UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1
can be
used as a wildcard in the type and code fields.
Permission changes are propagated to instances within the security group as quickly as
possible. However, depending on the number of instances, a small delay might occur.
Access
Parameters
Parameter |
Type |
Required |
Description |
$opt
|
array
|
Optional
|
An associative array of parameters that can have the following keys:
GroupName - string - Optional - Name of the standard (EC2) security group to modify. The group must belong to your account. Can be used instead of GroupID for standard (EC2) security groups.GroupId - string - Optional - ID of the standard (EC2) or VPC security group to modify. The group must belong to your account. Required for VPC security groups; can be used instead of GroupName for standard (EC2) security groups.IpPermissions - array - Optional - List of IP permissions to authorize on the specified security group. Specifying permissions through IP permissions is the preferred way of authorizing permissions since it offers more flexibility and control. x - array - Optional - This represents a simple array index. IpProtocol - string - Optional - The IP protocol of this permission. Valid protocol values: tcp , udp , icmp FromPort - integer - Optional - Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).ToPort - integer - Optional - End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).Groups - array - Optional - The list of AWS user IDs and groups included in this permission. x - array - Optional - This represents a simple array index. UserId - string - Optional - The AWS user ID of an account.GroupName - string - Optional - Name of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.GroupId - string - Optional - ID of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.
IpRanges - string|array - Optional - The list of CIDR IP ranges included in this permission. Pass a string for a single value, or an indexed array for multiple values.
curlopts - array - Optional - A set of values to pass directly into curl_setopt() , where the key is a pre-defined CURLOPT_* constant.returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests. |
Returns
Examples
Authorize Security Group Ingress
// Instantiate the class
$ec2 = new AmazonEC2();
$response = $ec2->authorize_security_group_ingress(array(
'GroupName' => 'default',
'IpPermissions' => array(
array( // Set 0
'IpProtocol' => 'tcp',
'FromPort' => '80',
'ToPort' => '80',
'IpRanges' => array(
array('CidrIp' => '205.192.0.0/16'), // Range 0
)
)
)
));
// Success?
var_dump($response->isOK());
Result:
bool(true)
Changelog
Version |
Description |
1.3
|
The AuthorizeSecurityGroupIngress operation introduced backwards-incompatible changes in the 2011-01-01 API release. The GroupName parameter is no longer required. Instead GroupName or GroupId are conditionally required. |
Related Methods
Source
Method defined in services/ec2.class.php | Toggle source view (15 lines) | View on GitHub
public function authorize_security_group_ingress($opt = null)
{
if (!$opt) $opt = array();
// Optional list + map
if (isset($opt['IpPermissions']))
{
$opt = array_merge($opt, CFComplexType::map(array(
'IpPermissions' => $opt['IpPermissions']
)));
unset($opt['IpPermissions']);
}
return $this->authenticate('AuthorizeSecurityGroupIngress', $opt);
}