Menu
Amazon Relational Database Service
Command Line Interface Reference (API Version 2014-10-31)

rds-authorize-db-security-group-ingress

The Amazon RDS Command Line Interface (RDS CLI) has been deprecated. Instead, use the AWS CLI for RDS. To learn how to download and use the AWS CLI, see AWS Command Line Interface User Guide. For RDS commands available in the AWS CLI, see AWS CLI Reference for Amazon RDS.

The AWS CLI does not currently support the DownloadCompleteDBLogFile REST API action. To download an entire log file at once, rather than in parts using the download-db-log-file-portion command, use the last published RDS CLI and the rds-download-db-logfile command.

Description

Authorizes network ingress for an Amazon EC2 security group or an IP address range.

Note

You cannot authorize ingress from an Amazon EC2 security group in one AWS region to an Amazon RDS DB instance in another.

Syntax

rds-authorize-db-security-group-ingress db-security-group-name

[-s (--ec2-security-group-id) ] value

[-g (--ec2-security-group-name) value ]

[-i (--cidr-ip) value ]

[-o (--ec2-security-group-owner-id) value ]

[General Options]

Options

Name Description Required

--db-security-group-name value

The name of the Amazon RDS DB security group.

This parameter is the default parameter and can be passed as the first value in the command and without a parameter name, for example: rds-authorize-db-security-group-ingress my-db-security-group-name.

Type: String

Default: None

Example: --db-security-group-name mydbsecuritygroup

Yes

-s

--ec2-security-group-id value

Identifier of the Amazon EC2 security group to authorize.

Type: String

Default: None

Constraints: This parameter must be specified if the DB security group is for a VPC.

Example: -g myec2securitygroup

No

-g

--ec2-security-group-name value

The name of the Amazon EC2 security group.

Type: String

Default: None

Constraints: This parameter must be specified if the ec2-security-group-owner parameter is specified. Must be an existing Amazon EC2 security group.

Example: -g myec2securitygroup

Important

Authorizing an Amazon EC2 security group only grants access to your DB instances from the Amazon EC2 instances belonging to the Amazon EC2 security group.

No

-o

--ec2-security-group-owner-id value

The AWS account number of the owner of the Amazon EC2 security group.

Type: String

Default: None

Constraints: This parameter must be specified if the ec2-security-group-name parameter is specified.

Example: -o 123456789012

No

-i

--cidr-ip value

The IP range to allow access.

Type: String

Constraints: Must be a valid Classless Inter-Domain Routing (CIDR) range, in the format ddd.ddd.ddd.ddd/dd. For more information, see CIDR Notation.

Default: None

Constraints: This parameter must not be specified if the ec2-security-group-name and ec2-security-group-owner parameters are specified.

Example: -i 192.168.100.100/32

Caution

To avoid inadvertently granting access to your DB instances, be sure to understand how CIDR ranges work. For more information about CIDR ranges, go to the Wikipedia Tutorial .

No

Output

The command returns a table with the following information:

Note

Output values list the possible values returned by CLI commands. Not all values are returned for every call to a command. If a value is null or empty, it will not be included in the command output. For example, CLI commands to create or restore a DB instance will not return the Endpoint Address value because that value is null until the DB instance has finished being created or restored.

  • Name—Security group name.

  • Description—Security group description.

  • EC2 Group Name—Name of the EC2 security group./

  • EC2 Group Id—Identifier of the EC2 security group./

  • EC2 Owner ID—Owner of the EC2 security group.

  • IP Range—CIDR range for the authorized Amazon RDS security group.

  • Status—Status of the authorization.

Examples

Authorizing Access to an EC2 Security Group

This example authorizes access to a named Amazon EC2 security group.

Copy
PROMPT> rds-authorize-db-security-group-ingress Default --ec2-security-group-name mainServerGrp --ec2-security-group-owner-id 123445677890

Authorizing Access to a CIDR range

This example authorizes access to a CIDR range.

Copy
PROMPT> rds-authorize-db-security-group-ingress Default --cidr-ip 192.168.100.100/32