authorizeSecurityGroupIngress
Adds the specified inbound (ingress) rules to a security group.
An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see Security group rules.
You must specify exactly one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code.
Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide.
For more information about security group quotas, see Amazon VPC quotas in the Amazon VPC User Guide.
Samples
import aws.sdk.kotlin.services.ec2.model.IpPermission
import aws.sdk.kotlin.services.ec2.model.IpRange
import aws.sdk.kotlin.services.ec2.model.Ipv6Range
import aws.sdk.kotlin.services.ec2.model.UserIdGroupPair
fun main() {
//sampleStart
// This example enables inbound traffic on TCP port 80 from the specified security group. The group
// must be in the same VPC or a peer VPC. Incoming traffic is allowed based on the private IP addresses of
// instances that are associated with the specified security group.
val resp = ec2Client.authorizeSecurityGroupIngress {
groupId = "sg-111aaa22"
ipPermissions = listOf<IpPermission>(
IpPermission {
ipProtocol = "tcp"
fromPort = 80
toPort = 80
userIdGroupPairs = listOf<UserIdGroupPair>(
UserIdGroupPair {
groupId = "sg-1a2b3c4d"
description = "HTTP access from other instances"
}
)
}
)
}
//sampleEnd
}import aws.sdk.kotlin.services.ec2.model.IpPermission
import aws.sdk.kotlin.services.ec2.model.IpRange
import aws.sdk.kotlin.services.ec2.model.Ipv6Range
import aws.sdk.kotlin.services.ec2.model.UserIdGroupPair
fun main() {
//sampleStart
// This example enables inbound traffic on TCP port 22 (SSH). The rule includes a description to help
// you identify it later.
val resp = ec2Client.authorizeSecurityGroupIngress {
groupId = "sg-903004f8"
ipPermissions = listOf<IpPermission>(
IpPermission {
ipProtocol = "tcp"
fromPort = 22
toPort = 22
ipRanges = listOf<IpRange>(
IpRange {
cidrIp = "203.0.113.0/24"
description = "SSH access from the LA office"
}
)
}
)
}
//sampleEnd
}import aws.sdk.kotlin.services.ec2.model.IpPermission
import aws.sdk.kotlin.services.ec2.model.IpRange
import aws.sdk.kotlin.services.ec2.model.Ipv6Range
import aws.sdk.kotlin.services.ec2.model.UserIdGroupPair
fun main() {
//sampleStart
// This example adds an inbound rule that allows RDP traffic from the specified IPv6 address range. The
// rule includes a description to help you identify it later.
val resp = ec2Client.authorizeSecurityGroupIngress {
groupId = "sg-123abc12 "
ipPermissions = listOf<IpPermission>(
IpPermission {
ipProtocol = "tcp"
fromPort = 3389
toPort = 3389
ipv6Ranges = listOf<Ipv6Range>(
Ipv6Range {
cidrIpv6 = "2001:db8:1234:1a00::/64"
description = "RDP access from the NY office"
}
)
}
)
}
//sampleEnd
}