AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Container for the parameters to the AuthorizeSecurityGroupIngress operation. Adds the specified inbound (ingress) rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups. When specifying an inbound rule for your security group in a VPC, the IpPermissions must include a source for the traffic.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group quotas, see Amazon VPC quotas.

We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide.

Inheritance Hierarchy

System.Object
  Amazon.Runtime.AmazonWebServiceRequest
    Amazon.EC2.AmazonEC2Request
      Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest

Namespace: Amazon.EC2.Model
Assembly: AWSSDK.EC2.dll
Version: 3.x.y.z

Syntax

C# 
public class AuthorizeSecurityGroupIngressRequest : AmazonEC2Request
         IAmazonWebServiceRequest

The AuthorizeSecurityGroupIngressRequest type exposes the following members

Constructors

NameDescription
Public Method AuthorizeSecurityGroupIngressRequest()

Empty constructor used to set properties independently even when a simple constructor is available

Public Method AuthorizeSecurityGroupIngressRequest(string, List<IpPermission>)

Instantiates AuthorizeSecurityGroupIngressRequest with the parameterized properties

Properties

NameTypeDescription
Public Property GroupId System.String

Gets and sets the property GroupId.

The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

Public Property GroupName System.String

Gets and sets the property GroupName.

[EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

Public Property IpPermissions System.Collections.Generic.List<Amazon.EC2.Model.IpPermission>

Gets and sets the property IpPermissions.

The sets of IP permissions.

Public Property TagSpecifications System.Collections.Generic.List<Amazon.EC2.Model.TagSpecification>

Gets and sets the property TagSpecifications.

[VPC Only] The tags applied to the security group rule.

Examples

This example enables inbound traffic on TCP port 22 (SSH). The rule includes a description to help you identify it later.

To add a rule that allows inbound SSH traffic from an IPv4 address range


var client = new AmazonEC2Client();
var response = client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest 
{
    GroupId = "sg-903004f8",
    IpPermissions = new List<IpPermission> {
        new IpPermission {
            FromPort = 22,
            IpProtocol = "tcp",
            ToPort = 22
        }
    }
});

This example enables inbound traffic on TCP port 80 from the specified security group. The group must be in the same VPC or a peer VPC. Incoming traffic is allowed based on the private IP addresses of instances that are associated with the specified security group.

To add a rule that allows inbound HTTP traffic from another security group


var client = new AmazonEC2Client();
var response = client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest 
{
    GroupId = "sg-111aaa22",
    IpPermissions = new List<IpPermission> {
        new IpPermission {
            FromPort = 80,
            IpProtocol = "tcp",
            ToPort = 80,
            UserIdGroupPairs = new List<UserIdGroupPair> {
                new UserIdGroupPair {
                    Description = "HTTP access from other instances",
                    GroupId = "sg-1a2b3c4d"
                }
            }
        }
    }
});

This example adds an inbound rule that allows RDP traffic from the specified IPv6 address range. The rule includes a description to help you identify it later.

To add a rule that allows inbound RDP traffic from an IPv6 address range


var client = new AmazonEC2Client();
var response = client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest 
{
    GroupId = "sg-123abc12 ",
    IpPermissions = new List<IpPermission> {
        new IpPermission {
            FromPort = 3389,
            IpProtocol = "tcp",
            Ipv6Ranges = new List<Ipv6Range> {
                new Ipv6Range {
                    CidrIpv6 = "2001:db8:1234:1a00::/64",
                    Description = "RDP access from the NY office"
                }
            },
            ToPort = 3389
        }
    }
});

Version Information

.NET Core App:
Supported in: 3.1

.NET Standard:
Supported in: 2.0

.NET Framework:
Supported in: 4.5, 4.0, 3.5