ec2-authorize
SYNOPSIS
ec2-authorize GROUP [-P PROTOCOL] (-p PORT_RANGE | -t ICMP_TYPE_CODE) [-u
SOURCE_GROUP_USER ...] [-o SOURCE_GROUP ...] [-s SOURCE_SUBNET ...]
DESCRIPTION
Adds a rule to the security group named GROUP. If no source host, group or subnet is provided,
requests from any source address will be honored.
OUTPUT
A table containing the following information is returned:
Output type identifier ("GROUP", "PERMISSION").
Group name. Currently, this will report an empty string.
Type of rule. Currently, only ALLOW rules are supported.
Protocol to allow.
Start of port range.
End of port range.
FROM
Source.
Errors are displayed on stderr.
OPTIONS
Option Definition Required? Example
-P PROTOCOL The protocol to allow. This can be
tcp, udp or icmp. This option
only applies when specifying a
CIDR subnet as the source.
Yes -P tcp
-p PORT_RANGE For the TCP or UDP protocols, this
specifies the range of ports to al-
low. This may be specified as a
single integer or as a range
(min-max). This option only ap-
plies when specifying a CIDR sub-
net as the source.
Yes -p 80
-t ICMP_TYPE_CODE For the ICMP protocol, the ICMP
type and code must be specified.
This must be specified as
type:code where both are integers.
Type or code (or both) may be spe-
cified as -1 which is a wildcard.
This option only applies when spe-
cifying a CIDR subnet as the
Yes -t 2:5
Amazon EC2
Developer Guide
40
Option Definition Required? Example
source.
-u
SOURCE_GROUP_USER
The owner of a group specified us-
ing -o. If this is not specified, all
groups will refer to the current
user. If specified more than once,
there must be exactly one -u per -
o and each user will be mapped to
the corresponding group.
No -u 495219933132
-o SOURCE_GROUP The network source from which
traffic is to be authorized specified
as a security Group. See the de-
scription of the -u parameter for
group owner information.
No -o headoffice
-s SOURCE_SUBNET The network source from which
traffic is to be authorized specified
as a CIDR Subnet range.
No -s 205.192.8.45/24
EXAMPLE
$ ec2-authorize websrv -P tcp -p 80 -s 205.192.0.0/16
GROUP websrv ""
PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16
SEE ALSO
AuthorizeSecurityGroupIngress
ec2-add-group
ec2-describe-groups
ec2-delete-group
ec2-revoke
Amazon EC2
Developer Guide
41
Previous Page Next Page