IpPermission

Describes a set of permissions for a security group rule.

Contents

FromPort (request), fromPort (response)

If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.

Type: Integer

Required: No

UserIdGroupPairs (request), groups (response)

The security group and AWS account ID pairs.

Type: Array of UserIdGroupPair objects

Required: No

IpProtocol (request), ipProtocol (response)

The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).

Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

Type: String

Required: No

IpRanges (request), ipRanges (response)

The IPv4 ranges.

Type: Array of IpRange objects

Required: No

Ipv6Ranges (request), ipv6Ranges (response)

The IPv6 ranges.

Type: Array of Ipv6Range objects

Required: No

PrefixListIds (request), prefixListIds (response)

The prefix list IDs.

Type: Array of PrefixListId objects

Required: No

ToPort (request), toPort (response)

If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.

Type: Integer

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for Ruby V3