{-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE TypeFamilies #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-binds #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Network.AWS.EC2.AuthorizeSecurityGroupEgress -- Copyright : (c) 2013-2015 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) -- -- Adds one or more egress rules to a security group for use with a VPC. -- Specifically, this action permits instances to send traffic to one or -- more destination CIDR IP address ranges, or to one or more destination -- security groups for the same VPC. -- -- You can have up to 50 rules per security group (covering both ingress -- and egress rules). -- -- A security group is for use with instances either in the EC2-Classic -- platform or in a specific VPC. This action doesn\'t apply to security -- groups for use in EC2-Classic. For more information, see -- -- in the /Amazon Virtual Private Cloud User Guide/. -- -- Each rule consists of the protocol (for example, TCP), plus either a -- CIDR range or a source group. For the TCP and UDP protocols, you must -- also specify the destination port or port range. For the ICMP protocol, -- you must also specify the ICMP type and code. You can use -1 for the -- type or code to mean all types or all codes. -- -- Rule changes are propagated to affected instances as quickly as -- possible. However, a small delay might occur. -- -- /See:/ for AuthorizeSecurityGroupEgress. module Network.AWS.EC2.AuthorizeSecurityGroupEgress ( -- * Creating a Request authorizeSecurityGroupEgress , AuthorizeSecurityGroupEgress -- * Request Lenses , asgeFromPort , asgeIPPermissions , asgeIPProtocol , asgeToPort , asgeCIdRIP , asgeSourceSecurityGroupOwnerId , asgeSourceSecurityGroupName , asgeDryRun , asgeGroupId -- * Destructuring the Response , authorizeSecurityGroupEgressResponse , AuthorizeSecurityGroupEgressResponse ) where import Network.AWS.EC2.Types import Network.AWS.EC2.Types.Product import Network.AWS.Prelude import Network.AWS.Request import Network.AWS.Response -- | /See:/ 'authorizeSecurityGroupEgress' smart constructor. data AuthorizeSecurityGroupEgress = AuthorizeSecurityGroupEgress' { _asgeFromPort :: !(Maybe Int) , _asgeIPPermissions :: !(Maybe [IPPermission]) , _asgeIPProtocol :: !(Maybe Text) , _asgeToPort :: !(Maybe Int) , _asgeCIdRIP :: !(Maybe Text) , _asgeSourceSecurityGroupOwnerId :: !(Maybe Text) , _asgeSourceSecurityGroupName :: !(Maybe Text) , _asgeDryRun :: !(Maybe Bool) , _asgeGroupId :: !Text } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'AuthorizeSecurityGroupEgress' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'asgeFromPort' -- -- * 'asgeIPPermissions' -- -- * 'asgeIPProtocol' -- -- * 'asgeToPort' -- -- * 'asgeCIdRIP' -- -- * 'asgeSourceSecurityGroupOwnerId' -- -- * 'asgeSourceSecurityGroupName' -- -- * 'asgeDryRun' -- -- * 'asgeGroupId' authorizeSecurityGroupEgress :: Text -- ^ 'asgeGroupId' -> AuthorizeSecurityGroupEgress authorizeSecurityGroupEgress pGroupId_ = AuthorizeSecurityGroupEgress' { _asgeFromPort = Nothing , _asgeIPPermissions = Nothing , _asgeIPProtocol = Nothing , _asgeToPort = Nothing , _asgeCIdRIP = Nothing , _asgeSourceSecurityGroupOwnerId = Nothing , _asgeSourceSecurityGroupName = Nothing , _asgeDryRun = Nothing , _asgeGroupId = pGroupId_ } -- | The start of port range for the TCP and UDP protocols, or an ICMP type -- number. For the ICMP type number, use '-1' to specify all ICMP types. asgeFromPort :: Lens' AuthorizeSecurityGroupEgress (Maybe Int) asgeFromPort = lens _asgeFromPort (\ s a -> s{_asgeFromPort = a}); -- | A set of IP permissions. You can\'t specify a destination security group -- and a CIDR IP address range. asgeIPPermissions :: Lens' AuthorizeSecurityGroupEgress [IPPermission] asgeIPPermissions = lens _asgeIPPermissions (\ s a -> s{_asgeIPPermissions = a}) . _Default . _Coerce; -- | The IP protocol name ('tcp', 'udp', 'icmp') or number (see -- ). -- Use '-1' to specify all. asgeIPProtocol :: Lens' AuthorizeSecurityGroupEgress (Maybe Text) asgeIPProtocol = lens _asgeIPProtocol (\ s a -> s{_asgeIPProtocol = a}); -- | The end of port range for the TCP and UDP protocols, or an ICMP code -- number. For the ICMP code number, use '-1' to specify all ICMP codes for -- the ICMP type. asgeToPort :: Lens' AuthorizeSecurityGroupEgress (Maybe Int) asgeToPort = lens _asgeToPort (\ s a -> s{_asgeToPort = a}); -- | The CIDR IP address range. You can\'t specify this parameter when -- specifying a source security group. asgeCIdRIP :: Lens' AuthorizeSecurityGroupEgress (Maybe Text) asgeCIdRIP = lens _asgeCIdRIP (\ s a -> s{_asgeCIdRIP = a}); -- | The AWS account number for a destination security group. To authorize -- outbound access to a destination security group, we recommend that you -- use a set of IP permissions instead. asgeSourceSecurityGroupOwnerId :: Lens' AuthorizeSecurityGroupEgress (Maybe Text) asgeSourceSecurityGroupOwnerId = lens _asgeSourceSecurityGroupOwnerId (\ s a -> s{_asgeSourceSecurityGroupOwnerId = a}); -- | The name of a destination security group. To authorize outbound access -- to a destination security group, we recommend that you use a set of IP -- permissions instead. asgeSourceSecurityGroupName :: Lens' AuthorizeSecurityGroupEgress (Maybe Text) asgeSourceSecurityGroupName = lens _asgeSourceSecurityGroupName (\ s a -> s{_asgeSourceSecurityGroupName = a}); -- | Checks whether you have the required permissions for the action, without -- actually making the request, and provides an error response. If you have -- the required permissions, the error response is 'DryRunOperation'. -- Otherwise, it is 'UnauthorizedOperation'. asgeDryRun :: Lens' AuthorizeSecurityGroupEgress (Maybe Bool) asgeDryRun = lens _asgeDryRun (\ s a -> s{_asgeDryRun = a}); -- | The ID of the security group. asgeGroupId :: Lens' AuthorizeSecurityGroupEgress Text asgeGroupId = lens _asgeGroupId (\ s a -> s{_asgeGroupId = a}); instance AWSRequest AuthorizeSecurityGroupEgress where type Sv AuthorizeSecurityGroupEgress = EC2 type Rs AuthorizeSecurityGroupEgress = AuthorizeSecurityGroupEgressResponse request = post response = receiveNull AuthorizeSecurityGroupEgressResponse' instance ToHeaders AuthorizeSecurityGroupEgress where toHeaders = const mempty instance ToPath AuthorizeSecurityGroupEgress where toPath = const "/" instance ToQuery AuthorizeSecurityGroupEgress where toQuery AuthorizeSecurityGroupEgress'{..} = mconcat ["Action" =: ("AuthorizeSecurityGroupEgress" :: ByteString), "Version" =: ("2015-04-15" :: ByteString), "FromPort" =: _asgeFromPort, toQuery (toQueryList "item" <$> _asgeIPPermissions), "IpProtocol" =: _asgeIPProtocol, "ToPort" =: _asgeToPort, "CidrIp" =: _asgeCIdRIP, "SourceSecurityGroupOwnerId" =: _asgeSourceSecurityGroupOwnerId, "SourceSecurityGroupName" =: _asgeSourceSecurityGroupName, "DryRun" =: _asgeDryRun, "GroupId" =: _asgeGroupId] -- | /See:/ 'authorizeSecurityGroupEgressResponse' smart constructor. data AuthorizeSecurityGroupEgressResponse = AuthorizeSecurityGroupEgressResponse' deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'AuthorizeSecurityGroupEgressResponse' with the minimum fields required to make a request. -- authorizeSecurityGroupEgressResponse :: AuthorizeSecurityGroupEgressResponse authorizeSecurityGroupEgressResponse = AuthorizeSecurityGroupEgressResponse'