Skip to content

Authorize Security Group Egress

ec2_authorize_security_group_egress R Documentation

Adds the specified outbound (egress) rules to a security group

Description

Adds the specified outbound (egress) rules to a security group.

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address ranges, the IP address ranges specified by a prefix list, or the instances that are associated with a source security group. For more information, see Security group rules.

You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP type and code.

Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur.

For examples of rules that you can add to security groups for specific access scenarios, see Security group rules for different use cases in the Amazon EC2 User Guide.

For information about security group quotas, see Amazon VPC quotas in the Amazon VPC User Guide.

Usage

ec2_authorize_security_group_egress(DryRun, GroupId, IpPermissions,
  TagSpecifications, CidrIp, FromPort, IpProtocol, ToPort,
  SourceSecurityGroupName, SourceSecurityGroupOwnerId)

Arguments

DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

GroupId

[required] The ID of the security group.

IpPermissions

The permissions for the security group rules.

TagSpecifications

The tags applied to the security group rule.

CidrIp

Not supported. Use IP permissions instead.

FromPort

Not supported. Use IP permissions instead.

IpProtocol

Not supported. Use IP permissions instead.

ToPort

Not supported. Use IP permissions instead.

SourceSecurityGroupName

Not supported. Use IP permissions instead.

SourceSecurityGroupOwnerId

Not supported. Use IP permissions instead.

Value

A list with the following syntax: 

list(
  Return = TRUE|FALSE,
  SecurityGroupRules = list(
    list(
      SecurityGroupRuleId = "string",
      GroupId = "string",
      GroupOwnerId = "string",
      IsEgress = TRUE|FALSE,
      IpProtocol = "string",
      FromPort = 123,
      ToPort = 123,
      CidrIpv4 = "string",
      CidrIpv6 = "string",
      PrefixListId = "string",
      ReferencedGroupInfo = list(
        GroupId = "string",
        PeeringStatus = "string",
        UserId = "string",
        VpcId = "string",
        VpcPeeringConnectionId = "string"
      ),
      Description = "string",
      Tags = list(
        list(
          Key = "string",
          Value = "string"
        )
      )
    )
  )
)

Request syntax

svc$authorize_security_group_egress(
  DryRun = TRUE|FALSE,
  GroupId = "string",
  IpPermissions = list(
    list(
      FromPort = 123,
      IpProtocol = "string",
      IpRanges = list(
        list(
          CidrIp = "string",
          Description = "string"
        )
      ),
      Ipv6Ranges = list(
        list(
          CidrIpv6 = "string",
          Description = "string"
        )
      ),
      PrefixListIds = list(
        list(
          Description = "string",
          PrefixListId = "string"
        )
      ),
      ToPort = 123,
      UserIdGroupPairs = list(
        list(
          Description = "string",
          GroupId = "string",
          GroupName = "string",
          PeeringStatus = "string",
          UserId = "string",
          VpcId = "string",
          VpcPeeringConnectionId = "string"
        )
      )
    )
  ),
  TagSpecifications = list(
    list(
      ResourceType = "capacity-reservation"|"client-vpn-endpoint"|"customer-gateway"|"carrier-gateway"|"coip-pool"|"dedicated-host"|"dhcp-options"|"egress-only-internet-gateway"|"elastic-ip"|"elastic-gpu"|"export-image-task"|"export-instance-task"|"fleet"|"fpga-image"|"host-reservation"|"image"|"import-image-task"|"import-snapshot-task"|"instance"|"instance-event-window"|"internet-gateway"|"ipam"|"ipam-pool"|"ipam-scope"|"ipv4pool-ec2"|"ipv6pool-ec2"|"key-pair"|"launch-template"|"local-gateway"|"local-gateway-route-table"|"local-gateway-virtual-interface"|"local-gateway-virtual-interface-group"|"local-gateway-route-table-vpc-association"|"local-gateway-route-table-virtual-interface-group-association"|"natgateway"|"network-acl"|"network-interface"|"network-insights-analysis"|"network-insights-path"|"network-insights-access-scope"|"network-insights-access-scope-analysis"|"placement-group"|"prefix-list"|"replace-root-volume-task"|"reserved-instances"|"route-table"|"security-group"|"security-group-rule"|"snapshot"|"spot-fleet-request"|"spot-instances-request"|"subnet"|"subnet-cidr-reservation"|"traffic-mirror-filter"|"traffic-mirror-session"|"traffic-mirror-target"|"transit-gateway"|"transit-gateway-attachment"|"transit-gateway-connect-peer"|"transit-gateway-multicast-domain"|"transit-gateway-policy-table"|"transit-gateway-route-table"|"transit-gateway-route-table-announcement"|"volume"|"vpc"|"vpc-endpoint"|"vpc-endpoint-connection"|"vpc-endpoint-service"|"vpc-endpoint-service-permission"|"vpc-peering-connection"|"vpn-connection"|"vpn-gateway"|"vpc-flow-log"|"capacity-reservation-fleet"|"traffic-mirror-filter-rule"|"vpc-endpoint-connection-device-type"|"verified-access-instance"|"verified-access-group"|"verified-access-endpoint"|"verified-access-policy"|"verified-access-trust-provider"|"vpn-connection-device-type"|"vpc-block-public-access-exclusion"|"ipam-resource-discovery"|"ipam-resource-discovery-association"|"instance-connect-endpoint"|"ipam-external-resource-verification-token",
      Tags = list(
        list(
          Key = "string",
          Value = "string"
        )
      )
    )
  ),
  CidrIp = "string",
  FromPort = 123,
  IpProtocol = "string",
  ToPort = 123,
  SourceSecurityGroupName = "string",
  SourceSecurityGroupOwnerId = "string"
)

Examples

## Not run: 
# This example adds a rule that grants access to the specified address
# ranges on TCP port 80.
svc$authorize_security_group_egress(
  GroupId = "sg-1a2b3c4d",
  IpPermissions = list(
    list(
      FromPort = 80L,
      IpProtocol = "tcp",
      IpRanges = list(
        list(
          CidrIp = "10.0.0.0/16"
        )
      ),
      ToPort = 80L
    )
  )
)

# This example adds a rule that grants access to the specified security
# group on TCP port 80.
svc$authorize_security_group_egress(
  GroupId = "sg-1a2b3c4d",
  IpPermissions = list(
    list(
      FromPort = 80L,
      IpProtocol = "tcp",
      ToPort = 80L,
      UserIdGroupPairs = list(
        list(
          GroupId = "sg-4b51a32f"
        )
      )
    )
  )
)

## End(Not run)