
authorize-security-group-ingress
********************************


DESCRIPTION
===========

The authorize-security-group-ingress operation adds permissions to a
security group.

Permissions are specified by the IP protocol (TCP, UDP or ICMP), the
source of the request (by IP range or an Amazon EC2 user-group pair),
the source and destination port ranges (for TCP and UDP), and the ICMP
codes and types (for ICMP). When authorizing ICMP, "-1" can be used as
a wildcard in the type and code fields.

Permission changes are propagated to instances within the security
group as quickly as possible. However, depending on the number of
instances, a small delay might occur.


SYNOPSIS
========

   aws ec2 authorize-security-group-ingress
     [--from-port <value>]
     [--cidr-ip <value>]
     [--ip-permissions <value>]
     [--group-name <value>]
     [--source-security-group-owner-id <value>]
     [--source-security-group-name <value>]
     [--to-port <value>]
     [--ip-protocol <value>]
     [--group-id <value>]


REQUIRED PARAMETERS
===================

None


OPTIONAL PARAMETERS
===================

"--from-port"  (integer)
   Deprecated

"--cidr-ip"  (string)
   Deprecated

"--ip-permissions"  (list)
   List of IP permissions to authorize on the specified security
   group. Specifying permissions through IP permissions is the
   preferred way of authorizing permissions since it offers more
   flexibility and control.

      (structure)
         An IP permission describing allowed incoming IP traffic to an
         Amazon EC2 security group.

         "to_port"  (integer)
            End of port range for the TCP and UDP protocols, or an
            ICMP code. An ICMP code of "-1" indicates a wildcard
            (i.e., any ICMP code).

         "ip_protocol"  (string)
            The IP protocol of this permission.

            Valid protocol values: "tcp" , "udp" , "icmp"

         "ip_ranges"  (list)
            The list of CIDR IP ranges included in this permission.

               (structure)
                  Contains a list of CIRD IP ranges.

                  "cidr_ip"  (string)
                     The list of CIDR IP ranges.

         "user_id_group_pairs"  (list)
            The list of AWS user IDs and groups included in this
            permission.

               (structure)
                  An AWS user ID identifiying an AWS account, and the
                  name of a security group within that account.

                  "group_name"  (string)
                     Name of the security group in the specified AWS
                     account. Cannot be used when specifying a CIDR IP
                     address range.

                  "user_id"  (string)
                     The AWS user ID of an account.

                  "group_id"  (string)
                     ID of the security group in the specified AWS
                     account. Cannot be used when specifying a CIDR IP
                     address range.

         "from_port"  (integer)
            Start of port range for the TCP and UDP protocols, or an
            ICMP type number. An ICMP type number of "-1" indicates a
            wildcard (i.e., any ICMP type number).

   *Parameter Syntax*

      [
        {
          "to_port": integer,
          "ip_protocol": "string",
          "ip_ranges":
            [
              {
                "cidr_ip": "string"
              }
              ...
            ],
          "user_id_group_pairs":
            [
              {
                "group_name": "string",
                "user_id": "string",
                "group_id": "string"
              }
              ...
            ],
          "from_port": integer
        }
        ...
      ]

"--group-name"  (string)
   Name of the standard (EC2) security group to modify. The group must
   belong to your account. Can be used instead of GroupID for standard
   (EC2) security groups.

"--source-security-group-owner-id"  (string)
   Deprecated

"--source-security-group-name"  (string)
   Deprecated

"--to-port"  (integer)
   Deprecated

"--ip-protocol"  (string)
   Deprecated

"--group-id"  (string)
   ID of the standard (EC2) or VPC security group to modify. The group
   must belong to your account. Required for VPC security groups; can
   be used instead of --group-name for standard (EC2) security groups.
