| « PreviousNext » | |
  | Did this page help you? Yes | No | Tell us about it... |
Specify an EC2 Security Group
An Amazon EC2 security group controls which network traffic can flow to and from your Amazon EC2 instances, much like a firewall. For example, you can configure a security group to authorize inbound traffic from only a specified range of IP addresses, or perhaps only a single address. An AWS account can have up to 500 security groups, each of which is represented by a user-defined name.
By default, Amazon EC2 associates your instances with a security group that allows no inbound traffic, which means that you cannot communicate with them. To authorize your EC2 instances to accept inbound traffic you must explicitly associate them with a security group that authorizes ingress. For more information about security groups, go to Security Group Concepts.
If your account already has an appropriately configured security group, you can associate it with your instances, as follows:
To select an existing security group
Create and initialize a DescribeSecurityGroupsRequest object.
var secGroupRequest = new DescribeSecurityGroupsRequest(); secGroupRequest.WithGroupName("GroupName");The DescribeSecurityGroupsRequest object characterizes the request. This example sets the object's WithGroupName property to the name of the desired group.
Pass the request object to the Amazon EC2 client's DescribeSecurityGroups method, which returns a SecurityGroupResponse object.
DescribeSecurityGroupsResponse secGroupResponse = ec2Client.DescribeSecurityGroups(secGroupRequest); SecurityGroup secGroup = secGroupResponse.DescribeSecurityGroupsResult.SecurityGroup[0];
The object's DescribeSecurityGroupsResult.SecurityGroup property contains a list of the requested security groups, each of which is represented by a SecurityGroup object. This example requests a particular group, so the list has only one member.
Important
If the specified group name does not correspond to one of your account's security
groups, DescribeSecurityGroups throws an exception.
A more robust approach is to enumerate your account's security groups, as follows
To enumerate existing security groups
Obtain a list of your account's security groups.
DescribeSecurityGroupsRequest secGroupRequest = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResponse secGroupResponse = ec2Client.DescribeSecurityGroups(secGroupRequest); List<SecurityGroup> secGroups = secGroupResponse.DescribeSecurityGroupsResult.SecurityGroup;
This example but does not specify a group name, which directs DescribeSecurityGroups to return a list containing all of the account's security groups.
Enumerate the requested security groups and select the desired group by name.
SecurityGroup secGroup = null; ... foreach(SecurityGroup item in secGroups) { if (item.GroupName == "GroupName") { secGroup = item; break; } }
If your account does not have a suitable security group, you can create a new one, as follows:
Important
Use this procedure only for new security groups. If you attempt to create a new security
group with the same name as one of your account's existing groups,
CreateSecurityGroup throws an exception.
To create a new Amazon EC2 security group
Create and initialize a CreateSecurityGroupRequest object.
var newGroupRequest = new CreateSecurityGroupRequest() { GroupName = “YourSecurityGroupName”, GroupDescription = “YourSecurityGroupDescription” };Assign the group's name and description to the object's GroupName and GroupDescription properties, respectively. The two strings must contain only US-ASCII characters and the group name must be unique within the AWS region in which you initialized your Amazon EC2 client.
Create the new security group.
CreateSecurityGroupResponse newGroupResponse = ec2Client.CreateSecurityGroup(newGroupRequest);
Pass the request object to the EC2 client's CreateSecurityGroup method, which returns a CreateSecurityGroupResponse object.
Optionally, you can obtain the
SecurityGroupobject for the group that you just created by using the To select an existing security group procedure described earlier.
