ec2/aws.sdk.kotlin.services.ec2/authorizeSecurityGroupIngress

authorizeSecurityGroupIngress

inline suspend fun Ec2Client.authorizeSecurityGroupIngress(crossinline block: AuthorizeSecurityGroupIngressRequest.Builder.() -> Unit): AuthorizeSecurityGroupIngressResponse

Adds the specified inbound (ingress) rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups. When specifying an inbound rule for your security group in a VPC, the IpPermissions must include a source for the traffic.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group quotas, see Amazon VPC quotas.

Samples

import aws.sdk.kotlin.services.ec2.model.IpPermission
import aws.sdk.kotlin.services.ec2.model.IpRange
import aws.sdk.kotlin.services.ec2.model.Ipv6Range
import aws.sdk.kotlin.services.ec2.model.UserIdGroupPair
fun main() { 
   //sampleStart 
   // This example enables inbound traffic on TCP port 22 (SSH). The rule includes a description to help
// you identify it later.
val resp = ec2Client.authorizeSecurityGroupIngress {
    groupId = "sg-903004f8"
    ipPermissions = listOf<IpPermission>(
        IpPermission {
            ipProtocol = "tcp"
            fromPort = 22
            toPort = 22
            ipRanges = listOf<IpRange>(
                IpRange {
                    cidrIp = "203.0.113.0/24"
                    description = "SSH access from the LA office"
                }                    
            )
        }            
    )
} 
   //sampleEnd
}

import aws.sdk.kotlin.services.ec2.model.IpPermission
import aws.sdk.kotlin.services.ec2.model.IpRange
import aws.sdk.kotlin.services.ec2.model.Ipv6Range
import aws.sdk.kotlin.services.ec2.model.UserIdGroupPair
fun main() { 
   //sampleStart 
   // This example enables inbound traffic on TCP port 80 from the specified security group. The group
// must be in the same VPC or a peer VPC. Incoming traffic is allowed based on the private IP addresses of
// instances that are associated with the specified security group.
val resp = ec2Client.authorizeSecurityGroupIngress {
    groupId = "sg-111aaa22"
    ipPermissions = listOf<IpPermission>(
        IpPermission {
            ipProtocol = "tcp"
            fromPort = 80
            toPort = 80
            userIdGroupPairs = listOf<UserIdGroupPair>(
                UserIdGroupPair {
                    groupId = "sg-1a2b3c4d"
                    description = "HTTP access from other instances"
                }                    
            )
        }            
    )
} 
   //sampleEnd
}

import aws.sdk.kotlin.services.ec2.model.IpPermission
import aws.sdk.kotlin.services.ec2.model.IpRange
import aws.sdk.kotlin.services.ec2.model.Ipv6Range
import aws.sdk.kotlin.services.ec2.model.UserIdGroupPair
fun main() { 
   //sampleStart 
   // This example adds an inbound rule that allows RDP traffic from the specified IPv6 address range. The
// rule includes a description to help you identify it later.
val resp = ec2Client.authorizeSecurityGroupIngress {
    groupId = "sg-123abc12 "
    ipPermissions = listOf<IpPermission>(
        IpPermission {
            ipProtocol = "tcp"
            fromPort = 3389
            toPort = 3389
            ipv6Ranges = listOf<Ipv6Range>(
                Ipv6Range {
                    cidrIpv6 = "2001:db8:1234:1a00::/64"
                    description = "RDP access from the NY office"
                }                    
            )
        }            
    )
} 
   //sampleEnd
}