Container for the parameters to the AuthorizeSecurityGroupIngress operation. Adds the specified inbound (ingress) rules to a security group.
An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see Security group rules.
You must specify exactly one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code.
Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.
For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide.
For more information about security group quotas, see Amazon VPC quotas in the Amazon VPC User Guide.
Inheritance Hierarchy
Amazon.Runtime.AmazonWebServiceRequest
Amazon.EC2.AmazonEC2Request
Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest
Namespace: Amazon.EC2.Model
Assembly: AWSSDK.EC2.dll
Version: 3.x.y.z
Syntax
public class AuthorizeSecurityGroupIngressRequest : AmazonEC2Request IAmazonWebServiceRequest
The AuthorizeSecurityGroupIngressRequest type exposes the following members
Constructors
| Name | Description | |
|---|---|---|
|
AuthorizeSecurityGroupIngressRequest() |
Empty constructor used to set properties independently even when a simple constructor is available |
|
|
AuthorizeSecurityGroupIngressRequest(string, List<IpPermission>) |
Instantiates AuthorizeSecurityGroupIngressRequest with the parameterized properties |
Properties
| Name | Type | Description | |
|---|---|---|---|
|
|
DryRun | System.Nullable<System.Boolean> |
Gets and sets the property DryRun.
Checks whether you have the required permissions for the action, without actually
making the request, and provides an error response. If you have the required permissions,
the error response is |
|
|
GroupId | System.String |
Gets and sets the property GroupId. The ID of the security group. |
|
|
GroupName | System.String |
Gets and sets the property GroupName. [Default VPC] The name of the security group. For security groups for a default VPC you can specify either the ID or the name of the security group. For security groups for a nondefault VPC, you must specify the ID of the security group. |
|
|
IpPermissions | System.Collections.Generic.List<Amazon.EC2.Model.IpPermission> |
Gets and sets the property IpPermissions. The permissions for the security group rules. Starting with version 4 of the SDK this property will default to null. If no data for this property is returned from the service the property will also be null. This was changed to improve performance and allow the SDK and caller to distinguish between a property not set or a property being empty to clear out a value. To retain the previous SDK behavior set the AWSConfigs.InitializeCollections static property to true. |
|
|
TagSpecifications | System.Collections.Generic.List<Amazon.EC2.Model.TagSpecification> |
Gets and sets the property TagSpecifications. The tags applied to the security group rule. Starting with version 4 of the SDK this property will default to null. If no data for this property is returned from the service the property will also be null. This was changed to improve performance and allow the SDK and caller to distinguish between a property not set or a property being empty to clear out a value. To retain the previous SDK behavior set the AWSConfigs.InitializeCollections static property to true. |
Examples
This example enables inbound traffic on TCP port 22 (SSH). The rule includes a description to help you identify it later.
To add a rule that allows inbound SSH traffic from an IPv4 address range
var client = new AmazonEC2Client();
var response = client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest
{
GroupId = "sg-903004f8",
IpPermissions = new List<IpPermission> {
new IpPermission {
FromPort = 22,
IpProtocol = "tcp",
ToPort = 22
}
}
});
This example enables inbound traffic on TCP port 80 from the specified security group. The group must be in the same VPC or a peer VPC. Incoming traffic is allowed based on the private IP addresses of instances that are associated with the specified security group.
To add a rule that allows inbound HTTP traffic from another security group
var client = new AmazonEC2Client();
var response = client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest
{
GroupId = "sg-111aaa22",
IpPermissions = new List<IpPermission> {
new IpPermission {
FromPort = 80,
IpProtocol = "tcp",
ToPort = 80,
UserIdGroupPairs = new List<UserIdGroupPair> {
new UserIdGroupPair {
Description = "HTTP access from other instances",
GroupId = "sg-1a2b3c4d"
}
}
}
}
});
This example adds an inbound rule that allows RDP traffic from the specified IPv6 address range. The rule includes a description to help you identify it later.
To add a rule that allows inbound RDP traffic from an IPv6 address range
var client = new AmazonEC2Client();
var response = client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest
{
GroupId = "sg-123abc12 ",
IpPermissions = new List<IpPermission> {
new IpPermission {
FromPort = 3389,
IpProtocol = "tcp",
Ipv6Ranges = new List<Ipv6Range> {
new Ipv6Range {
CidrIpv6 = "2001:db8:1234:1a00::/64",
Description = "RDP access from the NY office"
}
},
ToPort = 3389
}
}
});
Version Information
.NET:
Supported in: 8.0 and newer, Core 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.7.2 and newer