Defining firewall rules in terms of groups is flexible enough to allow you to implement functionality
equivalent to a VLAN.
In addition to the distributed firewall, you can maintain your own firewall on any of your instances.
This may be useful if you have specific requirements not catered for by the distributed firewall.
Amazon EC2
Developer Guide
Anticipated API changes
At present, the API calls for authorizing and revoking permissions are still under development. The
remainder of this section outlines what you can depend on from this part of our API. The command line
API tools expose only the subset of the functionality that is expected to remain unchanged.
Callers may depend on, now and in future, being able to grant permissions to
source address ranges (specified with CIDRs, specific protocol and ports (or ICMP type/code)).
source {user,group} tuples. No additional granularity, such as protocol and port (or ICMP type/code),
should be expected.
Amazon EC2
Developer Guide
Previous Page Next Page