Working with Security Groups in Amazon EC2
Prerequisites
Before you begin, we recommend you read Getting started using the AWS SDK for C++.
Download the example code and build the solution as described in Get started on code examples.
To run the examples, the user profile your code uses to make the requests must have proper permissions in AWS (for the service and the action). For more information, see Providing AWS credentials.
Create a Security Group
To create a security group, call the EC2Client’s CreateSecurityGroup function with
a CreateSecurityGroupRequest
Includes
#include <aws/ec2/EC2Client.h>
#include <aws/ec2/model/CreateSecurityGroupRequest.h>
Code
Aws::EC2::EC2Client ec2Client(clientConfiguration);
Aws::EC2::Model::CreateSecurityGroupRequest request;
request.SetGroupName(groupName);
request.SetDescription(description);
request.SetVpcId(vpcID);
const Aws::EC2::Model::CreateSecurityGroupOutcome outcome =
ec2Client.CreateSecurityGroup(request);
if (!outcome.IsSuccess()) {
std::cerr << "Failed to create security group:" <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
std::cout << "Successfully created security group named " << groupName <<
std::endl;
See the complete example
Configure a Security Group
A security group can control both inbound (ingress) and outbound (egress) traffic to your Amazon EC2 instances.
To add ingress rules to your security group, use the EC2Client’s
AuthorizeSecurityGroupIngress function, providing the name of the security group and
the access rules (IpPermission
Includes
#include <aws/ec2/model/AuthorizeSecurityGroupIngressRequest.h>
Code
Aws::EC2::Model::AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest;
authorizeSecurityGroupIngressRequest.SetGroupId(groupID);
Aws::String ingressIPRange = "203.0.113.0/24"; // Configure this for your allowed IP range.
Aws::EC2::Model::IpRange ip_range;
ip_range.SetCidrIp(ingressIPRange);
Aws::EC2::Model::IpPermission permission1;
permission1.SetIpProtocol("tcp");
permission1.SetToPort(80);
permission1.SetFromPort(80);
permission1.AddIpRanges(ip_range);
authorize_request.AddIpPermissions(permission1);
Aws::EC2::Model::IpPermission permission2;
permission2.SetIpProtocol("tcp");
permission2.SetToPort(22);
permission2.SetFromPort(22);
permission2.AddIpRanges(ip_range);
authorize_request.AddIpPermissions(permission2);
Aws::EC2::Model::AuthorizeSecurityGroupIngressOutcome authorizeSecurityGroupIngressOutcome =
ec2Client.AuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
if (authorizeSecurityGroupIngressOutcome.IsSuccess()) {
std::cout << "Successfully authorized security group ingress." << std::endl;
} else {
std::cerr << "Error authorizing security group ingress: "
<< authorizeSecurityGroupIngressOutcome.GetError().GetMessage() << std::endl;
}
To add an egress rule to the security group, provide similar data in an
AuthorizeSecurityGroupEgressRequestAuthorizeSecurityGroupEgress function.
See the complete example
Describe Security Groups
To describe your security groups or get information about them, call the EC2Client’s
DescribeSecurityGroups function with a DescribeSecurityGroupsRequest
You will receive a DescribeSecurityGroupsResponseGetSecurityGroups function,
which returns a list of SecurityGroup
Includes
#include <aws/ec2/EC2Client.h>
#include <aws/ec2/model/DescribeSecurityGroupsRequest.h>
#include <aws/ec2/model/DescribeSecurityGroupsResponse.h>
#include <iomanip>
#include <iostream>
Code
Aws::EC2::EC2Client ec2Client(clientConfiguration);
Aws::EC2::Model::DescribeSecurityGroupsRequest request;
if (!groupID.empty()) {
request.AddGroupIds(groupID);
}
Aws::String nextToken;
do {
if (!nextToken.empty()) {
request.SetNextToken(nextToken);
}
Aws::EC2::Model::DescribeSecurityGroupsOutcome outcome = ec2Client.DescribeSecurityGroups(request);
if (outcome.IsSuccess()) {
std::cout << std::left <<
std::setw(32) << "Name" <<
std::setw(30) << "GroupId" <<
std::setw(30) << "VpcId" <<
std::setw(64) << "Description" << std::endl;
const std::vector<Aws::EC2::Model::SecurityGroup> &securityGroups =
outcome.GetResult().GetSecurityGroups();
for (const auto &securityGroup: securityGroups) {
std::cout << std::left <<
std::setw(32) << securityGroup.GetGroupName() <<
std::setw(30) << securityGroup.GetGroupId() <<
std::setw(30) << securityGroup.GetVpcId() <<
std::setw(64) << securityGroup.GetDescription() <<
std::endl;
}
} else {
std::cerr << "Failed to describe security groups:" <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
nextToken = outcome.GetResult().GetNextToken();
} while (!nextToken.empty());
See the complete example
Delete a Security Group
To delete a security group, call the EC2Client’s DeleteSecurityGroup function,
passing it a DeleteSecurityGroupRequest
Includes
#include <aws/ec2/EC2Client.h>
#include <aws/ec2/model/DeleteSecurityGroupRequest.h>
#include <iostream>
Code
Aws::EC2::EC2Client ec2Client(clientConfiguration);
Aws::EC2::Model::DeleteSecurityGroupRequest request;
request.SetGroupId(securityGroupID);
Aws::EC2::Model::DeleteSecurityGroupOutcome outcome = ec2Client.DeleteSecurityGroup(request);
if (!outcome.IsSuccess()) {
std::cerr << "Failed to delete security group " << securityGroupID <<
":" << outcome.GetError().GetMessage() << std::endl;
} else {
std::cout << "Successfully deleted security group " << securityGroupID <<
std::endl;
}
See the complete example
More Information
-
Amazon EC2 Security Groups in the Amazon EC2 User Guide
-
Authorizing Inbound Traffic for Your Linux Instances in the Amazon EC2 User Guide
-
CreateSecurityGroup in the Amazon EC2 API Reference
-
DescribeSecurityGroups in the Amazon EC2 API Reference
-
DeleteSecurityGroup in the Amazon EC2 API Reference
-
AuthorizeSecurityGroupIngress in the Amazon EC2 API Reference
