amazonka-ec2-1.5.0: Amazon Elastic Compute Cloud SDK.

Copyright(c) 2013-2017 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone
LanguageHaskell2010

Network.AWS.EC2.AuthorizeSecurityGroupIngress

Contents

Description

Adds one or more ingress rules to a security group.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

EC2-Classic
This action gives one or more IPv4 CIDR address ranges permission to access a security group in your account, or gives one or more security groups (called the source groups ) permission to access a security group for your account. A source group can be for your own AWS account, or another. You can have up to 100 rules per group.
EC2-VPC
This action gives one or more IPv4 or IPv6 CIDR address ranges permission to access a security group in your VPC, or gives one or more other security groups (called the source groups ) permission to access a security group for your VPC. The security groups must all be for the same VPC or a peer VPC in a VPC peering connection. For more information about VPC security group limits, see Amazon VPC Limits .

You can optionally specify a description for the security group rule.

Synopsis

Creating a Request

authorizeSecurityGroupIngress :: AuthorizeSecurityGroupIngress Source #

Creates a value of AuthorizeSecurityGroupIngress with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • asgiFromPort - The start of port range for the TCP and UDP protocols, or an ICMPICMPv6 type number. For the ICMPICMPv6 type number, use -1 to specify all types. If you specify all ICMP/ICMPv6 types, you must specify all codes.
  • asgiIPPermissions - One or more sets of IP permissions. Can be used to specify multiple rules in a single command.
  • asgiIPProtocol - The IP protocol name (tcp , udp , icmp ) or number (see Protocol Numbers ). (VPC only) Use -1 to specify all protocols. If you specify -1 , or a protocol number other than tcp , udp , icmp , or 58 (ICMPv6), traffic on all ports is allowed, regardless of any ports you specify. For tcp , udp , and icmp , you must specify a port range. For protocol 58 (ICMPv6), you can optionally specify a port range; if you don't, traffic for all types and codes is allowed.
  • asgiGroupId - The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
  • asgiToPort - The end of port range for the TCP and UDP protocols, or an ICMPICMPv6 code number. For the ICMPICMPv6 code number, use -1 to specify all codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.
  • asgiCidrIP - The CIDR IPv4 address range. You can't specify this parameter when specifying a source security group.
  • asgiSourceSecurityGroupOwnerId - [EC2-Classic] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.
  • asgiGroupName - [EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.
  • asgiSourceSecurityGroupName - [EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.
  • asgiDryRun - Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

data AuthorizeSecurityGroupIngress Source #

Contains the parameters for AuthorizeSecurityGroupIngress.

See: authorizeSecurityGroupIngress smart constructor.

Instances

Eq AuthorizeSecurityGroupIngress Source # 
Data AuthorizeSecurityGroupIngress Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> AuthorizeSecurityGroupIngress -> c AuthorizeSecurityGroupIngress #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c AuthorizeSecurityGroupIngress #

toConstr :: AuthorizeSecurityGroupIngress -> Constr #

dataTypeOf :: AuthorizeSecurityGroupIngress -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c AuthorizeSecurityGroupIngress) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c AuthorizeSecurityGroupIngress) #

gmapT :: (forall b. Data b => b -> b) -> AuthorizeSecurityGroupIngress -> AuthorizeSecurityGroupIngress #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> AuthorizeSecurityGroupIngress -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> AuthorizeSecurityGroupIngress -> r #

gmapQ :: (forall d. Data d => d -> u) -> AuthorizeSecurityGroupIngress -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> AuthorizeSecurityGroupIngress -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> AuthorizeSecurityGroupIngress -> m AuthorizeSecurityGroupIngress #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> AuthorizeSecurityGroupIngress -> m AuthorizeSecurityGroupIngress #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> AuthorizeSecurityGroupIngress -> m AuthorizeSecurityGroupIngress #

Read AuthorizeSecurityGroupIngress Source # 
Show AuthorizeSecurityGroupIngress Source # 
Generic AuthorizeSecurityGroupIngress Source # 
Hashable AuthorizeSecurityGroupIngress Source # 
NFData AuthorizeSecurityGroupIngress Source # 
AWSRequest AuthorizeSecurityGroupIngress Source # 
ToQuery AuthorizeSecurityGroupIngress Source # 
ToPath AuthorizeSecurityGroupIngress Source # 
ToHeaders AuthorizeSecurityGroupIngress Source # 
type Rep AuthorizeSecurityGroupIngress Source # 
type Rep AuthorizeSecurityGroupIngress = D1 (MetaData "AuthorizeSecurityGroupIngress" "Network.AWS.EC2.AuthorizeSecurityGroupIngress" "amazonka-ec2-1.5.0-8IdXK3SzsETDMW2aFpANS9" False) (C1 (MetaCons "AuthorizeSecurityGroupIngress'" PrefixI True) ((:*:) ((:*:) ((:*:) (S1 (MetaSel (Just Symbol "_asgiFromPort") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Int))) (S1 (MetaSel (Just Symbol "_asgiIPPermissions") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe [IPPermission])))) ((:*:) (S1 (MetaSel (Just Symbol "_asgiIPProtocol") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) ((:*:) (S1 (MetaSel (Just Symbol "_asgiGroupId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) (S1 (MetaSel (Just Symbol "_asgiToPort") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Int)))))) ((:*:) ((:*:) (S1 (MetaSel (Just Symbol "_asgiCidrIP") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) (S1 (MetaSel (Just Symbol "_asgiSourceSecurityGroupOwnerId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)))) ((:*:) (S1 (MetaSel (Just Symbol "_asgiGroupName") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) ((:*:) (S1 (MetaSel (Just Symbol "_asgiSourceSecurityGroupName") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) (S1 (MetaSel (Just Symbol "_asgiDryRun") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Bool))))))))
type Rs AuthorizeSecurityGroupIngress Source # 

Request Lenses

asgiFromPort :: Lens' AuthorizeSecurityGroupIngress (Maybe Int) Source #

The start of port range for the TCP and UDP protocols, or an ICMPICMPv6 type number. For the ICMPICMPv6 type number, use -1 to specify all types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

asgiIPPermissions :: Lens' AuthorizeSecurityGroupIngress [IPPermission] Source #

One or more sets of IP permissions. Can be used to specify multiple rules in a single command.

asgiIPProtocol :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

The IP protocol name (tcp , udp , icmp ) or number (see Protocol Numbers ). (VPC only) Use -1 to specify all protocols. If you specify -1 , or a protocol number other than tcp , udp , icmp , or 58 (ICMPv6), traffic on all ports is allowed, regardless of any ports you specify. For tcp , udp , and icmp , you must specify a port range. For protocol 58 (ICMPv6), you can optionally specify a port range; if you don't, traffic for all types and codes is allowed.

asgiGroupId :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

asgiToPort :: Lens' AuthorizeSecurityGroupIngress (Maybe Int) Source #

The end of port range for the TCP and UDP protocols, or an ICMPICMPv6 code number. For the ICMPICMPv6 code number, use -1 to specify all codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

asgiCidrIP :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

The CIDR IPv4 address range. You can't specify this parameter when specifying a source security group.

asgiSourceSecurityGroupOwnerId :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

EC2-Classic
The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.

asgiGroupName :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

EC2-Classic, default VPC
The name of the security group. You must specify either the security group ID or the security group name in the request.

asgiSourceSecurityGroupName :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

EC2-Classic, default VPC
The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.

asgiDryRun :: Lens' AuthorizeSecurityGroupIngress (Maybe Bool) Source #

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

Destructuring the Response

authorizeSecurityGroupIngressResponse :: AuthorizeSecurityGroupIngressResponse Source #

Creates a value of AuthorizeSecurityGroupIngressResponse with the minimum fields required to make a request.

data AuthorizeSecurityGroupIngressResponse Source #

See: authorizeSecurityGroupIngressResponse smart constructor.

Instances

Eq AuthorizeSecurityGroupIngressResponse Source # 
Data AuthorizeSecurityGroupIngressResponse Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> AuthorizeSecurityGroupIngressResponse -> c AuthorizeSecurityGroupIngressResponse #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c AuthorizeSecurityGroupIngressResponse #

toConstr :: AuthorizeSecurityGroupIngressResponse -> Constr #

dataTypeOf :: AuthorizeSecurityGroupIngressResponse -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c AuthorizeSecurityGroupIngressResponse) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c AuthorizeSecurityGroupIngressResponse) #

gmapT :: (forall b. Data b => b -> b) -> AuthorizeSecurityGroupIngressResponse -> AuthorizeSecurityGroupIngressResponse #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> AuthorizeSecurityGroupIngressResponse -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> AuthorizeSecurityGroupIngressResponse -> r #

gmapQ :: (forall d. Data d => d -> u) -> AuthorizeSecurityGroupIngressResponse -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> AuthorizeSecurityGroupIngressResponse -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> AuthorizeSecurityGroupIngressResponse -> m AuthorizeSecurityGroupIngressResponse #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> AuthorizeSecurityGroupIngressResponse -> m AuthorizeSecurityGroupIngressResponse #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> AuthorizeSecurityGroupIngressResponse -> m AuthorizeSecurityGroupIngressResponse #

Read AuthorizeSecurityGroupIngressResponse Source # 
Show AuthorizeSecurityGroupIngressResponse Source # 
Generic AuthorizeSecurityGroupIngressResponse Source # 
NFData AuthorizeSecurityGroupIngressResponse Source # 
type Rep AuthorizeSecurityGroupIngressResponse Source # 
type Rep AuthorizeSecurityGroupIngressResponse = D1 (MetaData "AuthorizeSecurityGroupIngressResponse" "Network.AWS.EC2.AuthorizeSecurityGroupIngress" "amazonka-ec2-1.5.0-8IdXK3SzsETDMW2aFpANS9" False) (C1 (MetaCons "AuthorizeSecurityGroupIngressResponse'" PrefixI False) U1)