Anticipated API changes
At present, the API calls for authorizing and revoking permissions are still under development. The
remainder of this section outlines what you can depend on from this part of our API. The command line
API tools expose only the subset of the functionality that is expected to remain unchanged.
Callers may depend on, now and in future, being able to grant permissions to
source address ranges (specified with CIDRs, specific protocol and ports (or ICMP type/code)).
source {user,group} tuples. No additional granularity, such as protocol and port (or ICMP type/code),
should be expected.
Amazon EC2
Developer Guide
Security Groups
A security group is a named collection of access rules. These access rules specify which ingress, i.e.
incoming, network traffic should be delivered to your instance. All other ingress traffic will be
A group's rules may be modified at any time. The new rules are automatically enforced for all running,
as well as for subsequently launched, instances affected by the change in rules.
Note: Currently there is a limit of one hundred rules per group.
Group Membership
When an AMI instance is launched it may be assigned membership to any number of groups.
If no groups are specified, the instance is assigned to the "default" group. This group can be modified,
by you, like any other group you have created. Be default, this group allows all network traffic from
other members of the "default" group and discards traffic from other IP addresses and groups.
Group Access Rights
The access rules define source based access either for named security groups or for IP addresses, i.e.
CIDRs. For CIDRs you may also specify the protocol and port range (or ICMP type/code).
Amazon EC2
Developer Guide
Previous Page Next Page