AuthorizeCacheSecurityGroupIngress - Amazon ElastiCache


Allows network ingress to a cache security group. Applications using ElastiCache must be running on Amazon EC2, and Amazon EC2 security groups are used as the authorization mechanism.


You cannot authorize ingress from an Amazon EC2 security group in one region to an ElastiCache cluster in another region.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.


The cache security group that allows network ingress.

Type: String

Required: Yes


The Amazon EC2 security group to be authorized for ingress to the cache security group.

Type: String

Required: Yes


The Amazon account number of the Amazon EC2 security group owner. Note that this is not the same thing as an Amazon access key ID - you must provide a valid Amazon account number for this parameter.

Type: String

Required: Yes

Response Elements

The following element is returned by the service.


Represents the output of one of the following operations:

  • AuthorizeCacheSecurityGroupIngress

  • CreateCacheSecurityGroup

  • RevokeCacheSecurityGroupIngress

Type: CacheSecurityGroup object


For information about the errors that are common to all actions, see Common Errors.


The specified Amazon EC2 security group is already authorized for the specified cache security group.

HTTP Status Code: 400


The requested cache security group name does not refer to an existing cache security group.

HTTP Status Code: 404


The current state of the cache security group does not allow deletion.

HTTP Status Code: 400


Two or more incompatible parameters were specified.

HTTP Status Code: 400


The value for a parameter is invalid.

HTTP Status Code: 400



This example illustrates one usage of AuthorizeCacheSecurityGroupIngress.

Sample Request ?Action=AuthorizeCacheSecurityGroupIngress &EC2SecurityGroupName=default &CacheSecurityGroupName=mygroup &EC2SecurityGroupOwnerId=1234-5678-1234 &Version=2015-02-02 &SignatureVersion=4 &SignatureMethod=HmacSHA256 &Timestamp=20150202T192317Z &X-Amz-Credential=<credential>


This example illustrates one usage of AuthorizeCacheSecurityGroupIngress.

Sample Response

<AuthorizeCacheSecurityGroupIngressResponse xmlns=""> <AuthorizeCacheSecurityGroupIngressResult> <CacheSecurityGroup> <EC2SecurityGroups> <EC2SecurityGroup> <Status>authorizing</Status> <EC2SecurityGroupName>default</EC2SecurityGroupName> <EC2SecurityGroupOwnerId>565419523791</EC2SecurityGroupOwnerId> </EC2SecurityGroup> </EC2SecurityGroups> <CacheSecurityGroupName>mygroup</CacheSecurityGroupName> <OwnerId>123456781234</OwnerId> <Description>My security group</Description> </CacheSecurityGroup> </AuthorizeCacheSecurityGroupIngress> <ResponseMetadata> <RequestId>817fa999-3647-11e0-ae57-f96cfe56749c</RequestId> </ResponseMetadata> </AuthorizeCacheSecurityGroupIngressResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: