Menu
AWS SDK for C++
Developer Guide

Working with Security Groups in Amazon EC2

Note

These code snippets assume that you understand the material in Getting Started Using the AWS SDK for C++ and have configured default AWS credentials using the information in Providing AWS Credentials.

Creating a Security Group

To create a security group, call the EC2Client's CreateSecurityGroup function with a CreateSecurityGroupRequest that contains the key's name.

Includes

Copy
#include <aws/core/Aws.h> #include <aws/ec2/EC2Client.h> #include <aws/ec2/model/CreateSecurityGroupRequest.h> #include <aws/ec2/model/CreateSecurityGroupResponse.h> #include <iostream>

Code

Copy
Aws::EC2::EC2Client ec2; Aws::EC2::Model::CreateSecurityGroupRequest request; request.SetGroupName(group_name); request.SetDescription(description); request.SetVpcId(vpc_id); auto outcome = ec2.CreateSecurityGroup(request); if (!outcome.IsSuccess()) { std::cout << "Failed to create security group:" << outcome.GetError().GetMessage() << std::endl; return; } std::cout << "Successfully created security group named " << group_name << std::endl;

See the complete example.

Configuring a Security Group

A security group can control both inbound (ingress) and outbound (egress) traffic to your Amazon EC2 instances.

To add ingress rules to your security group, use the EC2Client's AuthorizeSecurityGroupIngress function, providing the name of the security group and the access rules (IpPermission) you want to assign to it within an AuthorizeSecurityGroupIngressRequest object. The following example shows how to add IP permissions to a security group.

Includes

Copy
#include <aws/core/Aws.h> #include <aws/ec2/EC2Client.h> #include <aws/ec2/model/CreateSecurityGroupRequest.h> #include <aws/ec2/model/CreateSecurityGroupResponse.h> #include <aws/ec2/model/AuthorizeSecurityGroupIngressRequest.h> #include <iostream>

Code

Copy
Aws::EC2::EC2Client ec2; authorize_request.SetGroupName(group_name); BuildSampleIngressRule(authorize_request); Aws::EC2::Model::IpRange ip_range; ip_range.SetCidrIp("0.0.0.0/0"); Aws::EC2::Model::IpPermission permission1; permission1.SetIpProtocol("tcp"); permission1.SetToPort(80); permission1.SetFromPort(80); permission1.AddIpRanges(ip_range); authorize_request.AddIpPermissions(permission1); Aws::EC2::Model::IpPermission permission2; permission2.SetIpProtocol("tcp"); permission2.SetToPort(22); permission2.SetFromPort(22); permission2.AddIpRanges(ip_range); authorize_request.AddIpPermissions(permission2); auto ingress_request = ec2.AuthorizeSecurityGroupIngress( authorize_request); if (!ingress_request.IsSuccess()) { std::cout << "Failed to set ingress policy for security group " << group_name << ":" << ingress_request.GetError().GetMessage() << std::endl; return; } std::cout << "Successfully added ingress policy to security group " << group_name << std::endl;

To add an egress rule to the security group, provide similar data in an AuthorizeSecurityGroupEgressRequest to the EC2Client's AuthorizeSecurityGroupEgress function.

See the complete example.

Describing Security Groups

To describe your security groups or get information about them, call the EC2Client's DescribeSecurityGroups function with a DescribeSecurityGroupsRequest.

You will receive a DescribeSecurityGroupsResponse in the outcome object that you can use to access the list of security groups by calling its GetSecurityGroups function, which returns a list of SecurityGroup objects.

Includes

Copy
#include <aws/core/Aws.h> #include <aws/ec2/EC2Client.h> #include <aws/ec2/model/DescribeSecurityGroupsRequest.h> #include <aws/ec2/model/DescribeSecurityGroupsResponse.h> #include <iostream> #include <iomanip>

Code

Copy
Aws::EC2::EC2Client ec2; Aws::EC2::Model::DescribeSecurityGroupsRequest request; if (argc == 2) { request.AddGroupIds(argv[1]); } auto outcome = ec2.DescribeSecurityGroups(request); if (outcome.IsSuccess()) { std::cout << std::left << std::setw(32) << "Name" << std::setw(20) << "GroupId" << std::setw(20) << "VpcId" << std::setw(64) << "Description" << std::endl; const auto &securityGroups = outcome.GetResult().GetSecurityGroups(); for (const auto &securityGroup : securityGroups) { std::cout << std::left << std::setw(32) << securityGroup.GetGroupName() << std::setw(20) << securityGroup.GetGroupId() << std::setw(20) << securityGroup.GetVpcId() << std::setw(64) << securityGroup.GetDescription() << std::endl; } } else { std::cout << "Failed to describe security groups:" << outcome.GetError().GetMessage() << std::endl; }

See the complete example.

Deleting a Security Group

To delete a security group, call the EC2Client's DeleteSecurityGroup function, passing it a DeleteSecurityGroupRequest that contains the ID of the security group to delete.

Includes

Copy
#include <aws/core/Aws.h> #include <aws/ec2/EC2Client.h> #include <aws/ec2/model/DeleteSecurityGroupRequest.h> #include <iostream>

Code

Copy
Aws::EC2::EC2Client ec2; Aws::EC2::Model::DeleteSecurityGroupRequest request; request.SetGroupId(groupId); auto outcome = ec2.DeleteSecurityGroup(request); if (!outcome.IsSuccess()) { std::cout << "Failed to delete security group " << groupId << ":" << outcome.GetError().GetMessage() << std::endl; } else { std::cout << "Successfully deleted security group " << groupId << std::endl; }

See the complete example.

More Information