Menu
Amazon Elastic Compute Cloud
API Reference (API Version 2016-11-15)

AuthorizeSecurityGroupEgress

[EC2-VPC only] Adds one or more egress rules to a security group for use with a VPC. Specifically, this action permits instances to send traffic to one or more destination IPv4 or IPv6 CIDR address ranges, or to one or more destination security groups for the same VPC. This action doesn't apply to security groups for use in EC2-Classic. For more information, see Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide. For more information about security group limits, see Amazon VPC Limits.

Each rule consists of the protocol (for example, TCP), plus either a CIDR range or a source group. For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

Request Parameters

The following parameters are for this specific action. For more information about required and optional parameters that are common to all actions, see Common Query Parameters.

CidrIp

The CIDR IPv4 address range. We recommend that you specify the CIDR range in a set of IP permissions instead.

Type: String

Required: No

DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Type: Boolean

Required: No

FromPort

The start of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

Type: Integer

Required: No

GroupId

The ID of the security group.

Type: String

Required: Yes

IpPermissions.N

A set of IP permissions. You can't specify a destination security group and a CIDR IP address range.

Type: array of IpPermission objects

Required: No

IpProtocol

The IP protocol name or number. We recommend that you specify the protocol in a set of IP permissions instead.

Type: String

Required: No

SourceSecurityGroupName

The name of a destination security group. To authorize outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

Type: String

Required: No

SourceSecurityGroupOwnerId

The AWS account number for a destination security group. To authorize outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

Type: String

Required: No

ToPort

The end of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

Type: Integer

Required: No

Response Elements

The following elements are returned by the service.

requestId

The ID of the request.

Type: String

return

Is true if the request succeeds, and an error otherwise.

Type: Boolean

Errors

For information about the errors that are common to all actions, see Common Errors.

Examples

Example 1

This example request grants your security group with the ID sg-1a2b3c4d access to the 192.0.2.0/24 and 198.51.100.0/24 IPv4 address ranges on TCP port 80.

Sample Request

Copy
https://ec2.amazonaws.com/?Action=AuthorizeSecurityGroupEgress &GroupId=sg-1a2b3c4d &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=80 &IpPermissions.1.ToPort=80 &IpPermissions.1.IpRanges.1.CidrIp=192.0.2.0/24 &IpPermissions.1.IpRanges.2.CidrIp=198.51.100.0/24 &AUTHPARAMS

Sample Response

Copy
<AuthorizeSecurityGroupEgressResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/"> <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> <return>true</return> </AuthorizeSecurityGroupEgressResponse>

Example 2

This example request grants egress access from the security group with the ID sg-1a2b3c4d to the security group with the ID sg-9a8d7f5c on TCP port 1433.

Sample Request

Copy
https://ec2.amazonaws.com/?Action=AuthorizeSecurityGroupEgress &GroupId=sg-1a2b3c4d &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=1433 &IpPermissions.1.ToPort=1433 &IpPermissions.1.Groups.1.GroupId=sg-9a8d7f5c &AUTHPARAMS

Example 3

This example request grants your security group with the ID sg-1a2b3c4d access to the 2001:db8:1234:1a00::/64 IPv6 address range on TCP port 22.

Sample Request

Copy
https://ec2.amazonaws.com/?Action=AuthorizeSecurityGroupEgress &GroupId=sg-1a2b3c4d &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=22 &IpPermissions.1.ToPort=22 &IpPermissions.1.Ipv6Ranges.1.CidrIpv6=2001:db8:1234:1a00::/64 &AUTHPARAMS

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: