As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá. # Use `AuthorizeSecurityGroupIngress` com um AWS SDK ou CLI Os exemplos de código a seguir mostram como usar o `AuthorizeSecurityGroupIngress`. Exemplos de ações são trechos de código de programas maiores e devem ser executados em contexto. É possível ver essa ação em contexto nos seguintes exemplos de código: + [Conheça os conceitos básicos](example_ec2_Scenario_GetStartedInstances_section.md) + [Criar uma VPC com sub-redes privadas e gateways NAT](example_vpc_GettingStartedPrivate_section.md) + [Conceitos básicos da Amazon VPC](example_vpc_GettingStartedCLI_section.md) ------ #### [ .NET ] **SDK para .NET** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/EC2#code-examples). ``` ///

/// Authorize the local computer ingress to EC2 instances associated /// with the virtual private cloud (VPC) security group. ///

/// The name of the security group. /// A Boolean value indicating the success of the action. public async Task AuthorizeSecurityGroupIngress(string groupName) { try { // Get the IP address for the local computer. var ipAddress = await GetIpAddress(); Console.WriteLine($"Your IP address is: {ipAddress}"); var ipRanges = new List { new IpRange { CidrIp = $"{ipAddress}/32" } }; var permission = new IpPermission { Ipv4Ranges = ipRanges, IpProtocol = "tcp", FromPort = 22, ToPort = 22 }; var permissions = new List { permission }; var response = await _amazonEC2.AuthorizeSecurityGroupIngressAsync( new AuthorizeSecurityGroupIngressRequest(groupName, permissions)); return response.HttpStatusCode == HttpStatusCode.OK; } catch (AmazonEC2Exception ec2Exception) { if (ec2Exception.ErrorCode == "InvalidPermission.Duplicate") { _logger.LogError( $"The ingress rule already exists. {ec2Exception.Message}"); } throw; } catch (Exception ex) { _logger.LogError( $"An error occurred while authorizing ingress.: {ex.Message}"); throw; } } ///

/// Authorize the local computer for ingress to /// the Amazon EC2 SecurityGroup. ///

/// The IPv4 address of the computer running the scenario. private static async Task GetIpAddress() { var httpClient = new HttpClient(); var ipString = await httpClient.GetStringAsync("https://checkip.amazonaws.com"); // The IP address is returned with a new line // character on the end. Trim off the whitespace and // return the value to the caller. return ipString.Trim(); } ``` + Para obter detalhes da API, consulte [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/AuthorizeSecurityGroupIngress)a *Referência AWS SDK para .NET da API*. ------ #### [ Bash ] **AWS CLI com script Bash** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/aws-cli/bash-linux/ec2#code-examples). ``` ############################################################################### # function ec2_authorize_security_group_ingress # # This function authorizes an ingress rule for an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Parameters: # -g security_group_id - The ID of the security group. # -i ip_address - The IP address or CIDR block to authorize. # -p protocol - The protocol to authorize (e.g., tcp, udp, icmp). # -f from_port - The start of the port range to authorize. # -t to_port - The end of the port range to authorize. # # And: # 0 - If successful. # 1 - If it fails. ############################################################################### function ec2_authorize_security_group_ingress() { local security_group_id ip_address protocol from_port to_port response local option OPTARG # Required to use getopts command in a function. # bashsupport disable=BP5008 function usage() { echo "function ec2_authorize_security_group_ingress" echo "Authorizes an ingress rule for an Amazon Elastic Compute Cloud (Amazon EC2) security group." echo " -g security_group_id - The ID of the security group." echo " -i ip_address - The IP address or CIDR block to authorize." echo " -p protocol - The protocol to authorize (e.g., tcp, udp, icmp)." echo " -f from_port - The start of the port range to authorize." echo " -t to_port - The end of the port range to authorize." echo "" } # Retrieve the calling parameters. while getopts "g:i:p:f:t:h" option; do case "${option}" in g) security_group_id="${OPTARG}" ;; i) ip_address="${OPTARG}" ;; p) protocol="${OPTARG}" ;; f) from_port="${OPTARG}" ;; t) to_port="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 if [[ -z "$security_group_id" ]]; then errecho "ERROR: You must provide a security group ID with the -g parameter." usage return 1 fi if [[ -z "$ip_address" ]]; then errecho "ERROR: You must provide an IP address or CIDR block with the -i parameter." usage return 1 fi if [[ -z "$protocol" ]]; then errecho "ERROR: You must provide a protocol with the -p parameter." usage return 1 fi if [[ -z "$from_port" ]]; then errecho "ERROR: You must provide a start port with the -f parameter." usage return 1 fi if [[ -z "$to_port" ]]; then errecho "ERROR: You must provide an end port with the -t parameter." usage return 1 fi response=$(aws ec2 authorize-security-group-ingress \ --group-id "$security_group_id" \ --cidr "${ip_address}/32" \ --protocol "$protocol" \ --port "$from_port-$to_port" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports authorize-security-group-ingress operation failed.$response" return 1 } return 0 } ``` As funções utilitárias usadas neste exemplo. ``` ############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 } ``` + Para obter detalhes da API, consulte [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/AuthorizeSecurityGroupIngress)na *Referência de AWS CLI Comandos*. ------ #### [ C\$1\$1 ] **SDK para C\$1\$1** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/ec2#code-examples). ``` //! Authorize ingress to an Amazon Elastic Compute Cloud (Amazon EC2) group. /*! \param groupID: The EC2 group ID. \param clientConfiguration: The ClientConfiguration object. \return bool: True if the operation was successful, false otherwise. */ bool AwsDoc::EC2::authorizeSecurityGroupIngress(const Aws::String &groupID, const Aws::Client::ClientConfiguration &clientConfiguration) { Aws::EC2::EC2Client ec2Client(clientConfiguration); Aws::EC2::Model::AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest; authorizeSecurityGroupIngressRequest.SetGroupId(groupID); buildSampleIngressRule(authorizeSecurityGroupIngressRequest); Aws::EC2::Model::AuthorizeSecurityGroupIngressOutcome authorizeSecurityGroupIngressOutcome = ec2Client.AuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); if (authorizeSecurityGroupIngressOutcome.IsSuccess()) { std::cout << "Successfully authorized security group ingress." << std::endl; } else { std::cerr << "Error authorizing security group ingress: " << authorizeSecurityGroupIngressOutcome.GetError().GetMessage() << std::endl; } return authorizeSecurityGroupIngressOutcome.IsSuccess(); } ``` Função utilitária para criar uma regra de entrada. ``` //! Build a sample ingress rule. /*! \param authorize_request: An 'AuthorizeSecurityGroupIngressRequest' instance. \return void: */ void buildSampleIngressRule( Aws::EC2::Model::AuthorizeSecurityGroupIngressRequest &authorize_request) { Aws::String ingressIPRange = "203.0.113.0/24"; // Configure this for your allowed IP range. Aws::EC2::Model::IpRange ip_range; ip_range.SetCidrIp(ingressIPRange); Aws::EC2::Model::IpPermission permission1; permission1.SetIpProtocol("tcp"); permission1.SetToPort(80); permission1.SetFromPort(80); permission1.AddIpRanges(ip_range); authorize_request.AddIpPermissions(permission1); Aws::EC2::Model::IpPermission permission2; permission2.SetIpProtocol("tcp"); permission2.SetToPort(22); permission2.SetFromPort(22); permission2.AddIpRanges(ip_range); authorize_request.AddIpPermissions(permission2); } ``` + Para obter detalhes da API, consulte [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/goto/SdkForCpp/ec2-2016-11-15/AuthorizeSecurityGroupIngress)a *Referência AWS SDK para C\$1\$1 da API*. ------ #### [ CLI ] **AWS CLI** **Exemplo 1: adicionar uma regra que permita tráfego SSH de entrada** O exemplo `authorize-security-group-ingress` a seguir adiciona uma regra que permite o tráfego de entrada na porta TCP 22 (SSH). ``` aws ec2 authorize-security-group-ingress \ --group-id sg-1234567890abcdef0 \ --protocol tcp \ --port 22 \ --cidr 203.0.113.0/24 ``` Saída: ``` { "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-01afa97ef3e1bedfc", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "CidrIpv4": "203.0.113.0/24" } ] } ``` **Exemplo 2: adicionar uma regra que permita tráfego HTTP de entrada de outro grupo de segurança** O exemplo `authorize-security-group-ingress` a seguir adiciona uma regra que permite o acesso de entrada na porta TCP 80 do grupo de segurança de origem `sg-1a2b3c4d`. O grupo de origem deve estar na mesma VPC ou em uma VPC de par (requer uma conexão de emparelhamento da VPC). O tráfego de entrada é permitido com base nos endereços IP privados das instâncias associadas ao grupo de segurança de origem (e não ao endereço IP público ou ao endereço IP elástico). ``` aws ec2 authorize-security-group-ingress \ --group-id sg-1234567890abcdef0 \ --protocol tcp \ --port 80 \ --source-group sg-1a2b3c4d ``` Saída: ``` { "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-01f4be99110f638a7", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "ReferencedGroupInfo": { "GroupId": "sg-1a2b3c4d", "UserId": "123456789012" } } ] } ``` **Exemplo 3: adicionar várias regras na mesma chamada** O exemplo `authorize-security-group-ingress` a seguir usa o parâmetro `ip-permissions` para adicionar duas regras de entrada, uma que habilita o acesso de entrada na porta TCP 3389 (RDP) e a outra que habilita o ping e ICMP. ``` aws ec2 authorize-security-group-ingress \ --group-id sg-1234567890abcdef0 \ --ip-permissions 'IpProtocol=tcp,FromPort=3389,ToPort=3389,IpRanges=[{CidrIp=172.31.0.0/16}]' 'IpProtocol=icmp,FromPort=-1,ToPort=-1,IpRanges=[{CidrIp=172.31.0.0/16}]' ``` Saída: ``` { "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-00e06e5d3690f29f3", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": 3389, "ToPort": 3389, "CidrIpv4": "172.31.0.0/16" }, { "SecurityGroupRuleId": "sgr-0a133dd4493944b87", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": -1, "ToPort": -1, "CidrIpv4": "172.31.0.0/16" } ] } ``` **Exemplo 4: adicionar uma regra para o tráfego ICMP** O exemplo `authorize-security-group-ingress` a seguir usa o parâmetro `ip-permissions` para adicionar uma regra de entrada que permite a mensagem do ICMP `Destination Unreachable: Fragmentation Needed and Don't Fragment was Set` (Tipo 3, Código 4) de qualquer lugar. ``` aws ec2 authorize-security-group-ingress \ --group-id sg-1234567890abcdef0 \ --ip-permissions 'IpProtocol=icmp,FromPort=3,ToPort=4,IpRanges=[{CidrIp=0.0.0.0/0}]' ``` Saída: ``` { "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-0de3811019069b787", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "icmp", "FromPort": 3, "ToPort": 4, "CidrIpv4": "0.0.0.0/0" } ] } ``` **Exemplo 5: Para adicionar uma regra para IPv6 tráfego** O `authorize-security-group-ingress` exemplo a seguir usa o `ip-permissions` parâmetro para adicionar uma regra de entrada que permite acesso SSH (porta 22) a IPv6 partir do intervalo. `2001:db8:1234:1a00::/64` ``` aws ec2 authorize-security-group-ingress \ --group-id sg-1234567890abcdef0 \ --ip-permissions 'IpProtocol=tcp,FromPort=22,ToPort=22,Ipv6Ranges=[{CidrIpv6=2001:db8:1234:1a00::/64}]' ``` Saída: ``` { "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-0455bc68b60805563", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "CidrIpv6": "2001:db8:1234:1a00::/64" } ] } ``` **Exemplo 6: Para adicionar uma regra para ICMPv6 tráfego** O `authorize-security-group-ingress` exemplo a seguir usa o `ip-permissions` parâmetro para adicionar uma regra de entrada que permite ICMPv6 tráfego de qualquer lugar. ``` aws ec2 authorize-security-group-ingress \ --group-id sg-1234567890abcdef0 \ --ip-permissions 'IpProtocol=icmpv6,Ipv6Ranges=[{CidrIpv6=::/0}]' ``` Saída: ``` { "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-04b612d9363ab6327", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "icmpv6", "FromPort": -1, "ToPort": -1, "CidrIpv6": "::/0" } ] } ``` **Exemplo 7: adicionar uma regra com uma descrição** O `authorize-security-group-ingress` exemplo a seguir usa o `ip-permissions` parâmetro para adicionar uma regra de entrada que permite tráfego RDP do intervalo de IPv4 endereços especificado. A regra inclui uma descrição para ajudar a identificá-lo posteriormente. ``` aws ec2 authorize-security-group-ingress \ --group-id sg-1234567890abcdef0 \ --ip-permissions 'IpProtocol=tcp,FromPort=3389,ToPort=3389,IpRanges=[{CidrIp=203.0.113.0/24,Description='RDP access from NY office'}]' ``` Saída: ``` { "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-0397bbcc01e974db3", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "tcp", "FromPort": 3389, "ToPort": 3389, "CidrIpv4": "203.0.113.0/24", "Description": "RDP access from NY office" } ] } ``` **Exemplo 8: adicionar uma regra de entrada que use uma lista de prefixos** O exemplo `authorize-security-group-ingress` a seguir usa o parâmetro `ip-permissions` para adicionar uma regra de entrada que permite todo o tráfego para os intervalos CIDR na lista de prefixos especificada. ``` aws ec2 authorize-security-group-ingress \ --group-id sg-04a351bfe432d4e71 \ --ip-permissions 'IpProtocol=all,PrefixListIds=[{PrefixListId=pl-002dc3ec097de1514}]' ``` Saída: ``` { "Return": true, "SecurityGroupRules": [ { "SecurityGroupRuleId": "sgr-09c74b32f677c6c7c", "GroupId": "sg-1234567890abcdef0", "GroupOwnerId": "123456789012", "IsEgress": false, "IpProtocol": "-1", "FromPort": -1, "ToPort": -1, "PrefixListId": "pl-0721453c7ac4ec009" } ] } ``` Para obter mais informações, consulte [Grupos de segurança](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html) no *Manual do usuário da Amazon VPC*. + Para obter detalhes da API, consulte [AuthorizeSecurityGroupIngress](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/authorize-security-group-ingress.html)na *Referência de AWS CLI Comandos*. ------ #### [ Java ] **SDK para Java 2.x** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/ec2#code-examples). ``` /** * Creates a new security group asynchronously with the specified group name, description, and VPC ID. It also * authorizes inbound traffic on ports 80 and 22 from the specified IP address. * * @param groupName the name of the security group to create * @param groupDesc the description of the security group * @param vpcId the ID of the VPC in which to create the security group * @param myIpAddress the IP address from which to allow inbound traffic (e.g., "192.168.1.1/0" to allow traffic from * any IP address in the 192.168.1.0/24 subnet) * @return a CompletableFuture that, when completed, returns the ID of the created security group * @throws RuntimeException if there was a failure creating the security group or authorizing the inbound traffic */ public CompletableFuture createSecurityGroupAsync(String groupName, String groupDesc, String vpcId, String myIpAddress) { CreateSecurityGroupRequest createRequest = CreateSecurityGroupRequest.builder() .groupName(groupName) .description(groupDesc) .vpcId(vpcId) .build(); return getAsyncClient().createSecurityGroup(createRequest) .thenCompose(createResponse -> { String groupId = createResponse.groupId(); IpRange ipRange = IpRange.builder() .cidrIp(myIpAddress + "/32") .build(); IpPermission ipPerm = IpPermission.builder() .ipProtocol("tcp") .toPort(80) .fromPort(80) .ipRanges(ipRange) .build(); IpPermission ipPerm2 = IpPermission.builder() .ipProtocol("tcp") .toPort(22) .fromPort(22) .ipRanges(ipRange) .build(); AuthorizeSecurityGroupIngressRequest authRequest = AuthorizeSecurityGroupIngressRequest.builder() .groupName(groupName) .ipPermissions(ipPerm, ipPerm2) .build(); return getAsyncClient().authorizeSecurityGroupIngress(authRequest) .thenApply(authResponse -> groupId); }) .whenComplete((result, exception) -> { if (exception != null) { if (exception instanceof CompletionException && exception.getCause() instanceof Ec2Exception) { throw (Ec2Exception) exception.getCause(); } else { throw new RuntimeException("Failed to create security group: " + exception.getMessage(), exception); } } }); } ``` + Para obter detalhes da API, consulte [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/goto/SdkForJavaV2/ec2-2016-11-15/AuthorizeSecurityGroupIngress)a *Referência AWS SDK for Java 2.x da API*. ------ #### [ JavaScript ] **SDK para JavaScript (v3)** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/ec2#code-examples). ``` import { AuthorizeSecurityGroupIngressCommand, EC2Client, } from "@aws-sdk/client-ec2"; /** * Adds the specified inbound (ingress) rules to a security group. * @param {{ groupId: string, ipAddress: string }} options */ export const main = async ({ groupId, ipAddress }) => { const client = new EC2Client({}); const command = new AuthorizeSecurityGroupIngressCommand({ // Use a group ID from the AWS console or // the DescribeSecurityGroupsCommand. GroupId: groupId, IpPermissions: [ { IpProtocol: "tcp", FromPort: 22, ToPort: 22, // The IP address to authorize. // For more information on this notation, see // https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation IpRanges: [{ CidrIp: `${ipAddress}/32` }], }, ], }); try { const { SecurityGroupRules } = await client.send(command); console.log(JSON.stringify(SecurityGroupRules, null, 2)); } catch (caught) { if (caught instanceof Error && caught.name === "InvalidGroupId.Malformed") { console.warn(`${caught.message}. Please provide a valid GroupId.`); } else { throw caught; } } }; ``` + Para obter detalhes da API, consulte [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/ec2/command/AuthorizeSecurityGroupIngressCommand)a *Referência AWS SDK para JavaScript da API*. ------ #### [ Kotlin ] **SDK para Kotlin** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/kotlin/services/ec2#code-examples). ``` suspend fun createEC2SecurityGroupSc( groupNameVal: String?, groupDescVal: String?, vpcIdVal: String?, myIpAddress: String?, ): String? { val request = CreateSecurityGroupRequest { groupName = groupNameVal description = groupDescVal vpcId = vpcIdVal } Ec2Client.fromEnvironment { region = "us-west-2" }.use { ec2 -> val resp = ec2.createSecurityGroup(request) val ipRange = IpRange { cidrIp = "$myIpAddress/0" } val ipPerm = IpPermission { ipProtocol = "tcp" toPort = 80 fromPort = 80 ipRanges = listOf(ipRange) } val ipPerm2 = IpPermission { ipProtocol = "tcp" toPort = 22 fromPort = 22 ipRanges = listOf(ipRange) } val authRequest = AuthorizeSecurityGroupIngressRequest { groupName = groupNameVal ipPermissions = listOf(ipPerm, ipPerm2) } ec2.authorizeSecurityGroupIngress(authRequest) println("Successfully added ingress policy to Security Group $groupNameVal") return resp.groupId } } ``` + Para obter detalhes da API, consulte a [AuthorizeSecurityGroupIngress](https://sdk.amazonaws.com/kotlin/api/latest/index.html)referência da API *AWS SDK for Kotlin*. ------ #### [ PowerShell ] **Ferramentas para PowerShell V4** **Exemplo 1: esse exemplo define regras de entrada de um grupo de segurança para EC2-VPC. Essas regras concedem acesso a um endereço IP específico para SSH (porta 22) e RDC (porta 3389). Vale lembrar que é necessário identificar os grupos de segurança do EC2-VPC usando o ID do grupo de segurança, não o nome dele. A sintaxe usada neste exemplo requer a PowerShell versão 3 ou superior.** ``` $ip1 = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.25/32" } $ip2 = @{ IpProtocol="tcp"; FromPort="3389"; ToPort="3389"; IpRanges="203.0.113.25/32" } Grant-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission @( $ip1, $ip2 ) ``` **Exemplo 2: Com a PowerShell versão 2, você deve usar New-Object para criar os IpPermission objetos.** ``` $ip1 = New-Object Amazon.EC2.Model.IpPermission $ip1.IpProtocol = "tcp" $ip1.FromPort = 22 $ip1.ToPort = 22 $ip1.IpRanges.Add("203.0.113.25/32") $ip2 = new-object Amazon.EC2.Model.IpPermission $ip2.IpProtocol = "tcp" $ip2.FromPort = 3389 $ip2.ToPort = 3389 $ip2.IpRanges.Add("203.0.113.25/32") Grant-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission @( $ip1, $ip2 ) ``` **Exemplo 3: Este exemplo define regras de entrada de um grupo de segurança para EC2-Classic. Essas regras concedem acesso a um endereço IP específico para SSH (porta 22) e RDC (porta 3389). A sintaxe usada neste exemplo requer a PowerShell versão 3 ou superior.** ``` $ip1 = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.25/32" } $ip2 = @{ IpProtocol="tcp"; FromPort="3389"; ToPort="3389"; IpRanges="203.0.113.25/32" } Grant-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission @( $ip1, $ip2 ) ``` **Exemplo 4: Com a PowerShell versão 2, você deve usar New-Object para criar os IpPermission objetos.** ``` $ip1 = New-Object Amazon.EC2.Model.IpPermission $ip1.IpProtocol = "tcp" $ip1.FromPort = 22 $ip1.ToPort = 22 $ip1.IpRanges.Add("203.0.113.25/32") $ip2 = new-object Amazon.EC2.Model.IpPermission $ip2.IpProtocol = "tcp" $ip2.FromPort = 3389 $ip2.ToPort = 3389 $ip2.IpRanges.Add("203.0.113.25/32") Grant-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission @( $ip1, $ip2 ) ``` **Exemplo 5: esse exemplo concede acesso à porta TCP 8081 do grupo de segurança de origem especificado (sg-1a2b3c4d) ao grupo de segurança especificado (sg-12345678).** ``` $ug = New-Object Amazon.EC2.Model.UserIdGroupPair $ug.GroupId = "sg-1a2b3c4d" $ug.UserId = "123456789012" Grant-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission @( @{ IpProtocol="tcp"; FromPort="8081"; ToPort="8081"; UserIdGroupPairs=$ug } ) ``` **Exemplo 6: esse exemplo adiciona o CIDR 5.5.5.5/32 às regras de entrada do grupo de segurança sg-1234abcd para tráfego da porta TCP 22 com uma descrição.** ``` $IpRange = New-Object -TypeName Amazon.EC2.Model.IpRange $IpRange.CidrIp = "5.5.5.5/32" $IpRange.Description = "SSH from Office" $IpPermission = New-Object Amazon.EC2.Model.IpPermission $IpPermission.IpProtocol = "tcp" $IpPermission.ToPort = 22 $IpPermission.FromPort = 22 $IpPermission.Ipv4Ranges = $IpRange Grant-EC2SecurityGroupIngress -GroupId sg-1234abcd -IpPermission $IpPermission ``` + Para obter detalhes da API, consulte [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/powershell/v4/reference)em *Referência de Ferramentas da AWS para PowerShell cmdlet (V4)*. **Ferramentas para PowerShell V5** **Exemplo 1: esse exemplo define regras de entrada de um grupo de segurança para EC2-VPC. Essas regras concedem acesso a um endereço IP específico para SSH (porta 22) e RDC (porta 3389). Vale lembrar que é necessário identificar os grupos de segurança do EC2-VPC usando o ID do grupo de segurança, não o nome dele. A sintaxe usada neste exemplo requer a PowerShell versão 3 ou superior.** ``` $ip1 = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.25/32" } $ip2 = @{ IpProtocol="tcp"; FromPort="3389"; ToPort="3389"; IpRanges="203.0.113.25/32" } Grant-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission @( $ip1, $ip2 ) ``` **Exemplo 2: Com a PowerShell versão 2, você deve usar New-Object para criar os IpPermission objetos.** ``` $ip1 = New-Object Amazon.EC2.Model.IpPermission $ip1.IpProtocol = "tcp" $ip1.FromPort = 22 $ip1.ToPort = 22 $ip1.IpRanges.Add("203.0.113.25/32") $ip2 = new-object Amazon.EC2.Model.IpPermission $ip2.IpProtocol = "tcp" $ip2.FromPort = 3389 $ip2.ToPort = 3389 $ip2.IpRanges.Add("203.0.113.25/32") Grant-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission @( $ip1, $ip2 ) ``` **Exemplo 3: Este exemplo define regras de entrada de um grupo de segurança para EC2-Classic. Essas regras concedem acesso a um endereço IP específico para SSH (porta 22) e RDC (porta 3389). A sintaxe usada neste exemplo requer a PowerShell versão 3 ou superior.** ``` $ip1 = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.25/32" } $ip2 = @{ IpProtocol="tcp"; FromPort="3389"; ToPort="3389"; IpRanges="203.0.113.25/32" } Grant-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission @( $ip1, $ip2 ) ``` **Exemplo 4: Com a PowerShell versão 2, você deve usar New-Object para criar os IpPermission objetos.** ``` $ip1 = New-Object Amazon.EC2.Model.IpPermission $ip1.IpProtocol = "tcp" $ip1.FromPort = 22 $ip1.ToPort = 22 $ip1.IpRanges.Add("203.0.113.25/32") $ip2 = new-object Amazon.EC2.Model.IpPermission $ip2.IpProtocol = "tcp" $ip2.FromPort = 3389 $ip2.ToPort = 3389 $ip2.IpRanges.Add("203.0.113.25/32") Grant-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission @( $ip1, $ip2 ) ``` **Exemplo 5: esse exemplo concede acesso à porta TCP 8081 do grupo de segurança de origem especificado (sg-1a2b3c4d) ao grupo de segurança especificado (sg-12345678).** ``` $ug = New-Object Amazon.EC2.Model.UserIdGroupPair $ug.GroupId = "sg-1a2b3c4d" $ug.UserId = "123456789012" Grant-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission @( @{ IpProtocol="tcp"; FromPort="8081"; ToPort="8081"; UserIdGroupPairs=$ug } ) ``` **Exemplo 6: esse exemplo adiciona o CIDR 5.5.5.5/32 às regras de entrada do grupo de segurança sg-1234abcd para tráfego da porta TCP 22 com uma descrição.** ``` $IpRange = New-Object -TypeName Amazon.EC2.Model.IpRange $IpRange.CidrIp = "5.5.5.5/32" $IpRange.Description = "SSH from Office" $IpPermission = New-Object Amazon.EC2.Model.IpPermission $IpPermission.IpProtocol = "tcp" $IpPermission.ToPort = 22 $IpPermission.FromPort = 22 $IpPermission.Ipv4Ranges = $IpRange Grant-EC2SecurityGroupIngress -GroupId sg-1234abcd -IpPermission $IpPermission ``` + Para obter detalhes da API, consulte [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/powershell/v5/reference)em *Referência de Ferramentas da AWS para PowerShell cmdlet (V5)*. ------ #### [ Python ] **SDK para Python (Boto3)** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/ec2#code-examples). ``` class SecurityGroupWrapper: """Encapsulates Amazon Elastic Compute Cloud (Amazon EC2) security group actions.""" def __init__(self, ec2_client: boto3.client, security_group: Optional[str] = None): """ Initializes the SecurityGroupWrapper with an EC2 client and an optional security group ID. :param ec2_client: A Boto3 Amazon EC2 client. This client provides low-level access to AWS EC2 services. :param security_group: The ID of a security group to manage. This is a high-level identifier that represents the security group. """ self.ec2_client = ec2_client self.security_group = security_group @classmethod def from_client(cls) -> "SecurityGroupWrapper": """ Creates a SecurityGroupWrapper instance with a default EC2 client. :return: An instance of SecurityGroupWrapper initialized with the default EC2 client. """ ec2_client = boto3.client("ec2") return cls(ec2_client) def authorize_ingress(self, ssh_ingress_ip: str) -> Optional[Dict[str, Any]]: """ Adds a rule to the security group to allow access to SSH. :param ssh_ingress_ip: The IP address that is granted inbound access to connect to port 22 over TCP, used for SSH. :return: The response to the authorization request. The 'Return' field of the response indicates whether the request succeeded or failed, or None if no security group is set. :raise Handles AWS SDK service-level ClientError, with special handling for ResourceAlreadyExists """ if self.security_group is None: logger.info("No security group to update.") return None try: ip_permissions = [ { # SSH ingress open to only the specified IP address. "IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "IpRanges": [{"CidrIp": f"{ssh_ingress_ip}/32"}], } ] response = self.ec2_client.authorize_security_group_ingress( GroupId=self.security_group, IpPermissions=ip_permissions ) except ClientError as err: if err.response["Error"]["Code"] == "InvalidPermission.Duplicate": logger.error( f"The SSH ingress rule for IP {ssh_ingress_ip} already exists" f"in security group '{self.security_group}'." ) raise else: return response ``` + Para obter detalhes da API, consulte a [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/goto/boto3/ec2-2016-11-15/AuthorizeSecurityGroupIngress)Referência da API *AWS SDK for Python (Boto3*). ------ #### [ Rust ] **SDK para Rust** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/rustv1/examples/ec2#code-examples). ``` /// Add an ingress rule to a security group explicitly allowing IPv4 address /// as {ip}/32 over TCP port 22. pub async fn authorize_security_group_ssh_ingress( &self, group_id: &str, ingress_ips: Vec, ) -> Result<(), EC2Error> { tracing::info!("Authorizing ingress for security group {group_id}"); self.client .authorize_security_group_ingress() .group_id(group_id) .set_ip_permissions(Some( ingress_ips .into_iter() .map(|ip| { IpPermission::builder() .ip_protocol("tcp") .from_port(22) .to_port(22) .ip_ranges(IpRange::builder().cidr_ip(format!("{ip}/32")).build()) .build() }) .collect(), )) .send() .await?; Ok(()) } ``` + Para obter detalhes da API, consulte a [AuthorizeSecurityGroupIngress](https://docs.rs/aws-sdk-ec2/latest/aws_sdk_ec2/client/struct.Client.html#method.authorize_security_group_ingress)referência da *API AWS SDK for Rust*. ------ #### [ SAP ABAP ] **SDK para SAP ABAP** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/ec2#code-examples). ``` " Create IP permissions for SSH access (port 22) " iv_cidr_ip = '192.0.2.0/24' DATA lt_ip_permissions TYPE /aws1/cl_ec2ippermission=>tt_ippermissionlist. DATA(lo_ip_permission) = NEW /aws1/cl_ec2ippermission( iv_ipprotocol = 'tcp' iv_fromport = 22 iv_toport = 22 it_ipranges = VALUE /aws1/cl_ec2iprange=>tt_iprangelist( ( NEW /aws1/cl_ec2iprange( iv_cidrip = iv_cidr_ip ) ) ) ). APPEND lo_ip_permission TO lt_ip_permissions. TRY. oo_result = lo_ec2->authsecuritygroupingress( " oo_result is returned for testing purposes. " iv_groupid = iv_group_id it_ippermissions = lt_ip_permissions ). MESSAGE 'Authorized ingress rule for security group.' TYPE 'I'. CATCH /aws1/cx_rt_service_generic INTO DATA(lo_exception). DATA(lv_error) = |"{ lo_exception->av_err_code }" - { lo_exception->av_err_msg }|. MESSAGE lv_error TYPE 'E'. ENDTRY. ``` + Para obter detalhes da API, consulte a [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)referência da *API AWS SDK for SAP ABAP*. ------ #### [ Swift ] **SDK para Swift** Tem mais sobre GitHub. Encontre o exemplo completo e saiba como configurar e executar no [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/ec2#code-examples). ``` import AWSEC2 /// Authorize ingress of connections for the security group. /// /// - Parameters: /// - groupId: The group ID of the security group to authorize access for. /// - ipAddress: The IP address of the device to grant access to. /// /// - Returns: `true` if access is successfully granted; otherwise `false`. func authorizeSecurityGroupIngress(groupId: String, ipAddress: String) async -> Bool { let ipRange = EC2ClientTypes.IpRange(cidrIp: "\(ipAddress)/0") let httpPermission = EC2ClientTypes.IpPermission( fromPort: 80, ipProtocol: "tcp", ipRanges: [ipRange], toPort: 80 ) let sshPermission = EC2ClientTypes.IpPermission( fromPort: 22, ipProtocol: "tcp", ipRanges: [ipRange], toPort: 22 ) do { _ = try await ec2Client.authorizeSecurityGroupIngress( input: AuthorizeSecurityGroupIngressInput( groupId: groupId, ipPermissions: [httpPermission, sshPermission] ) ) return true } catch { print("*** Error authorizing ingress for the security group: \(error.localizedDescription)") return false } } ``` + Para obter detalhes da API, consulte [AuthorizeSecurityGroupIngress](https://sdk.amazonaws.com/swift/api/awsec2/latest/documentation/awsec2/ec2client/authorizesecuritygroupingress(input:))a *referência da API AWS SDK for Swift*. ------ Para obter uma lista completa dos guias do desenvolvedor do AWS SDK e exemplos de código, consulte[Crie recursos do Amazon EC2 usando um AWS SDK](sdk-general-information-section.md). Este tópico também inclui informações sobre como começar e detalhes sobre versões anteriores do SDK.