AWS SDK for C++
Developer Guide

Working with Security Groups in Amazon EC2

Note

These code snippets assume that you understand the material in Getting Started Using the AWS SDK for C++ and have configured default AWS credentials using the information in Providing AWS Credentials.

Creating a Security Group

To create a security group, call the EC2Client's CreateSecurityGroup function with a CreateSecurityGroupRequest that contains the key's name.

Includes

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ #include <aws/core/Aws.h> #include <aws/ec2/model/CreateSecurityGroupRequest.h>

Code

const Aws::String& group_name, const Aws::String& description, const Aws::String& vpc_id) Aws::EC2::EC2Client ec2; Aws::EC2::Model::CreateSecurityGroupRequest request; request.SetGroupName(group_name); request.SetDescription(description); request.SetVpcId(vpc_id); auto outcome = ec2.CreateSecurityGroup(request); if (!outcome.IsSuccess()) { std::cout << "Failed to create security group:" << outcome.GetError().GetMessage() << std::endl; return; }

See the complete example.

Configuring a Security Group

A security group can control both inbound (ingress) and outbound (egress) traffic to your Amazon EC2 instances.

To add ingress rules to your security group, use the EC2Client's AuthorizeSecurityGroupIngress function, providing the name of the security group and the access rules (IpPermission) you want to assign to it within an AuthorizeSecurityGroupIngressRequest object. The following example shows how to add IP permissions to a security group.

Includes

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ #include <aws/core/Aws.h> #include <aws/ec2/EC2Client.h> #include <aws/ec2/model/CreateSecurityGroupRequest.h>

Code

const Aws::String& group_name, const Aws::String& description, Aws::EC2::Model::AuthorizeSecurityGroupIngressRequest authorize_request; BuildSampleIngressRule( Aws::EC2::Model::AuthorizeSecurityGroupIngressRequest& authorize_request) Aws::EC2::Model::IpRange ip_range; ip_range.SetCidrIp("0.0.0.0/0"); Aws::EC2::Model::IpPermission permission1; permission1.SetIpProtocol("tcp"); permission1.SetToPort(80); permission1.SetFromPort(80); permission1.AddIpRanges(ip_range); authorize_request.AddIpPermissions(permission1); Aws::EC2::Model::IpPermission permission2; permission2.SetIpProtocol("tcp"); permission2.SetToPort(22); permission2.SetFromPort(22); BuildSampleIngressRule(authorize_request); auto ingress_request = ec2.AuthorizeSecurityGroupIngress( authorize_request); if (!ingress_request.IsSuccess()) { std::cout << "Failed to set ingress policy for security group " << group_name << ":" << ingress_request.GetError().GetMessage() << std::endl; return; }

To add an egress rule to the security group, provide similar data in an AuthorizeSecurityGroupEgressRequest to the EC2Client's AuthorizeSecurityGroupEgress function.

See the complete example.

Describing Security Groups

To describe your security groups or get information about them, call the EC2Client's DescribeSecurityGroups function with a DescribeSecurityGroupsRequest.

You will receive a DescribeSecurityGroupsResponse in the outcome object that you can use to access the list of security groups by calling its GetSecurityGroups function, which returns a list of SecurityGroup objects.

Includes

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ #include <aws/core/Aws.h> #include <aws/ec2/EC2Client.h> #include <aws/ec2/model/DescribeSecurityGroupsRequest.h>

Code

:SDKOptions options; :InitAPI(options); Aws::EC2::EC2Client ec2; Aws::EC2::Model::DescribeSecurityGroupsRequest request; if (argc == 2) { request.AddGroupIds(argv[1]); } auto outcome = ec2.DescribeSecurityGroups(request); if (outcome.IsSuccess()) { std::cout << std::left << std::setw(32) << "Name" << std::setw(20) << "GroupId" << std::setw(20) << "VpcId" << std::setw(64) << "Description" << std::endl; const auto &securityGroups = outcome.GetResult().GetSecurityGroups(); for (const auto &securityGroup : securityGroups) { std::cout << std::left << std::setw(32) << securityGroup.GetGroupName() << std::setw(20) << securityGroup.GetGroupId() << std::setw(20) << securityGroup.GetVpcId() << std::setw(64) << securityGroup.GetDescription() << std::endl; } } else

See the complete example.

Deleting a Security Group

To delete a security group, call the EC2Client's DeleteSecurityGroup function, passing it a DeleteSecurityGroupRequest that contains the ID of the security group to delete.

Includes

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ #include <aws/core/Aws.h>

Code

:InitAPI(options); Aws::String groupId = argv[1]; Aws::EC2::EC2Client ec2; Aws::EC2::Model::DeleteSecurityGroupRequest request; request.SetGroupId(groupId); auto outcome = ec2.DeleteSecurityGroup(request); if (!outcome.IsSuccess()) { std::cout << "Failed to delete security group " << groupId << ":" << outcome.GetError().GetMessage() << std::endl; } else

See the complete example.

More Information