Authorize Security Group Ingress

By default, a new security group does not allow any inbound traffic to your Amazon EC2 instance. To allow inbound traffic, you must explicitly authorize security group ingress. You can authorize ingress for individual IP addresses, for a range of IP addresses, for a specific protocol, and for TCP/UDP ports.

To authorize security group ingress, use the authorize_security_group_ingress method. Specify the security group name, the IP protocol, the port range (optional), and IP addresses to authorize ingress for in CIDR notation. The method returns a CFResponse object, as follows:

$response = $ec2 -> authorize_security_group_ingress(
    array('GroupName' => 'my-php-security-group', 
        'IpPermissions' => array( 
            array('IpProtocol' => 'tcp', 
            'FromPort' => '80', 
            'ToPort' => '80', 
            'IpRanges' => array( 
                array('CidrIp' => '111.111.111.111/32'),
                )
            )
        )
    )
);

If you specify the protocol as TCP/UDP, you must provide a source port and destination port. You can authorize ports only if you specify TCP or UDP.

If you call authorize_security_group_ingress with IP addresses that have already been authorized, an error will occur.

Whenever you use the authorize_security_group_ingress or authorize_security_group_egress methods, a rule is added to your security group. You can add up to 100 rules per security group. For more information about security groups, go to Security Group Concepts.

Before starting an Amazon EC2 instance, you need to create a key pair to allow you to log into your instance. For information about creating a key pair, see Create a Key Pair.