Amazon Elastic Compute Cloud
API Reference (API Version 2016-11-15)


Describes a security group rule.


FromPort (request), fromPort (response)

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types.

Type: Integer

Required: No

UserIdGroupPairs (request), groups (response)

One or more security group and AWS account ID pairs.

Type: Array of UserIdGroupPair objects

Required: No

IpProtocol (request), ipProtocol (response)

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers).

[EC2-VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or 58 (ICMPv6) allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For 58 (ICMPv6), you can optionally specify a port range; if you don't, traffic for all types and codes is allowed when authorizing rules.

Type: String

Required: No

IpRanges (request), ipRanges (response)

One or more IPv4 ranges.

Type: Array of IpRange objects

Required: No

Ipv6Ranges (request), ipv6Ranges (response)

[EC2-VPC only] One or more IPv6 ranges.

Type: Array of Ipv6Range objects

Required: No

PrefixListIds (request), prefixListIds (response)

(Valid for AuthorizeSecurityGroupEgress, RevokeSecurityGroupEgress and DescribeSecurityGroups only) One or more prefix list IDs for an AWS service. In an AuthorizeSecurityGroupEgress request, this is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

Type: Array of PrefixListId objects

Required: No

ToPort (request), toPort (response)

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type.

Type: Integer

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

On this page: