| « PreviousNext » | |
  | Did this page help you? Yes | No | Tell us about it... |
AuthorizeSecurityGroupEgress
Description
Adds one or more egress rules to a security group for use with a VPC. Specifically, this action permits instances to send traffic to one or more destination CIDR IP address ranges, or to one or more destination security groups for the same VPC.
Important
You can have up to 50 rules per security group (covering both ingress and egress rules).
A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. This action doesn't apply to security groups for EC2-Classic. For more information, see Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.
Each rule consists of the protocol (for example, TCP), plus either a CIDR range or a source group. For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.
Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.
Request Parameters
GroupIdThe ID of the security group to modify.
Type: String
Default: None
Required: Yes
IpPermissions.n.IpProtocolThe IP protocol name or number (see Protocol Numbers).
When you call
DescribeSecurityGroups, the protocol value returned is the number. Exception: For TCP, UDP, and ICMP, the value returned is the name (for example,tcp,udp, oricmp).Type: String
Valid values:
tcp|udp|icmpor any protocol number (see Protocol Numbers). Use-1to specify all.Required: Yes
IpPermissions.n.FromPortThe start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, you can use -1 to specify all ICMP types.
Type: Integer
Default: None
Required: Conditional
Condition: Required for ICMP and any protocol that uses ports
IpPermissions.n.ToPortThe end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, you can use -1 to specify all ICMP codes for the given ICMP type.
Type: Integer
Default: None
Required: Conditional
Condition: Required for ICMP and any protocol that uses ports
IpPermissions.n.Groups.m.GroupIdThe name of the destination security group. Cannot be used when specifying a CIDR IP address.
Type: String
Default: None
Condition: Required if modifying access for one or more destination security groups.
Required: Conditional
IpPermissions.n.IpRanges.m.CidrIpThe CIDR range. Cannot be used when specifying a destination security group.
Type: String
Default: None
Constraints: Valid CIDR IP address range.
Required: Conditional
Condition: Required if modifying access for one or more IP address ranges.
Response Elements
The following elements are returned in an
AuthorizeSecurityGroupEgressResponse element.
requestIdThe ID of the request.
Type: xsd:string
returnReturns
trueif the request succeeds. Otherwise, returns an error.Type: xsd:boolean
Examples
Example Request
This example grants your security group with the ID sg-1a2b3c4d access to the 192.0.2.0/24 and 198.51.100.0/24 address ranges on TCP port 80.
https://ec2.amazonaws.com/?Action=AuthorizeSecurityGroupEgress &GroupId=sg-1a2b3c4d &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=80 &IpPermissions.1.ToPort=80 &IpPermissions.1.IpRanges.1.CidrIp=192.0.2.0/24 &IpPermissions.1.IpRanges.2.CidrIp=198.51.100.0/24 &AUTHPARAMS
Example Request
This example grants your security group with the ID sg-1a2b3c4d access to your security group with ID sg-9a8d7f5c on TCP port 1433.
https://ec2.amazonaws.com/?Action=AuthorizeSecurityGroupEgress &GroupId=sg-1a2b3c4d &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=1433 &IpPermissions.1.ToPort=1433 &IpPermissions.1.Groups.1.GroupId=sg-9a8d7f5c &AUTHPARAMS
Example Response
<AuthorizeSecurityGroupEgressResponse xmlns="http://ec2.amazonaws.com/doc/2013-02-01/"> <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> <return>true</return> </AuthorizeSecurityGroupEgressResponse>
