Amazon Elastic Compute Cloud
API Reference (API Version 2016-11-15)

IpPermission

Describes a set of permissions for a security group rule.

Contents

FromPort (request), fromPort (response)

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Type: Integer

Required: No

UserIdGroupPairs (request), groups (response)

One or more security group and AWS account ID pairs.

Type: Array of UserIdGroupPair objects

Required: No

IpProtocol (request), ipProtocol (response)

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers).

[EC2-VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or 58 (ICMPv6) allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For 58 (ICMPv6), you can optionally specify a port range; if you don't, traffic for all types and codes is allowed when authorizing rules.

Type: String

Required: No

IpRanges (request), ipRanges (response)

One or more IPv4 ranges.

Type: Array of IpRange objects

Required: No

Ipv6Ranges (request), ipv6Ranges (response)

[EC2-VPC only] One or more IPv6 ranges.

Type: Array of Ipv6Range objects

Required: No

PrefixListIds (request), prefixListIds (response)

[EC2-VPC only] One or more prefix list IDs for an AWS service. With AuthorizeSecurityGroupEgress, this is the AWS service that you want to access through a VPC endpoint from instances associated with the security group.

Type: Array of PrefixListId objects

Required: No

ToPort (request), toPort (response)

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes for the specified ICMP type. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Type: Integer

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

On this page: