Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.EC2.AuthorizeSecurityGroupIngress

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Adds the specified inbound (ingress) rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups. When specifying an inbound rule for your security group in a VPC, the IpPermissions must include a source for the traffic.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group quotas, see Amazon VPC quotas.

We are retiring EC2-Classic. We recommend that you migrate from EC2-Classic to a VPC. For more information, see Migrate from EC2-Classic to a VPC in the Amazon Elastic Compute Cloud User Guide.

Synopsis

Creating a Request

data AuthorizeSecurityGroupIngress Source #

See: newAuthorizeSecurityGroupIngress smart constructor.

Constructors

AuthorizeSecurityGroupIngress'

Fields

cidrIp :: Maybe Text
The IPv4 address range, in CIDR format. You can't specify this parameter when specifying a source security group. To specify an IPv6 address range, use a set of IP permissions.
Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.
dryRun :: Maybe Bool
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
fromPort :: Maybe Int
The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all types. If you specify all ICMP types, you must specify all codes.
Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.
groupId :: Maybe Text
The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
groupName :: Maybe Text
EC2-Classic, default VPC
The name of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
ipPermissions :: Maybe [IpPermission]
The sets of IP permissions.
ipProtocol :: Maybe Text
The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). To specify icmpv6, use a set of IP permissions.
VPC only
Use -1 to specify all protocols. If you specify -1 or a protocol other than tcp, udp, or icmp, traffic on all ports is allowed, regardless of any ports you specify.
Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.
sourceSecurityGroupName :: Maybe Text
EC2-Classic, default VPC
The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.
sourceSecurityGroupOwnerId :: Maybe Text
nondefault VPC
The Amazon Web Services account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.
tagSpecifications :: Maybe [TagSpecification]
VPC Only
The tags applied to the security group rule.
toPort :: Maybe Int
The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all codes. If you specify all ICMP types, you must specify all codes.
Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

Instances

Instances details

ToHeaders AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods toHeaders :: AuthorizeSecurityGroupIngress -> [Header] #
ToPath AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods toPath :: AuthorizeSecurityGroupIngress -> ByteString #
ToQuery AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods toQuery :: AuthorizeSecurityGroupIngress -> QueryString #
AWSRequest AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Associated Types type AWSResponse AuthorizeSecurityGroupIngress # Methods request :: (Service -> Service) -> AuthorizeSecurityGroupIngress -> Request AuthorizeSecurityGroupIngress # response :: MonadResource m => (ByteStringLazy -> IO ByteStringLazy) -> Service -> Proxy AuthorizeSecurityGroupIngress -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse AuthorizeSecurityGroupIngress))) #
Generic AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Associated Types type Rep AuthorizeSecurityGroupIngress :: Type -> Type # Methods from :: AuthorizeSecurityGroupIngress -> Rep AuthorizeSecurityGroupIngress x # to :: Rep AuthorizeSecurityGroupIngress x -> AuthorizeSecurityGroupIngress #
Read AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods readsPrec :: Int -> ReadS AuthorizeSecurityGroupIngress # readList :: ReadS [AuthorizeSecurityGroupIngress] # readPrec :: ReadPrec AuthorizeSecurityGroupIngress # readListPrec :: ReadPrec [AuthorizeSecurityGroupIngress] #
Show AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods showsPrec :: Int -> AuthorizeSecurityGroupIngress -> ShowS # show :: AuthorizeSecurityGroupIngress -> String # showList :: [AuthorizeSecurityGroupIngress] -> ShowS #
NFData AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods rnf :: AuthorizeSecurityGroupIngress -> () #
Eq AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods (==) :: AuthorizeSecurityGroupIngress -> AuthorizeSecurityGroupIngress -> Bool # (/=) :: AuthorizeSecurityGroupIngress -> AuthorizeSecurityGroupIngress -> Bool #
Hashable AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods hashWithSalt :: Int -> AuthorizeSecurityGroupIngress -> Int # hash :: AuthorizeSecurityGroupIngress -> Int #
type AWSResponse AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress type AWSResponse AuthorizeSecurityGroupIngress = AuthorizeSecurityGroupIngressResponse
type Rep AuthorizeSecurityGroupIngress Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress type Rep AuthorizeSecurityGroupIngress = D1 ('MetaData "AuthorizeSecurityGroupIngress" "Amazonka.EC2.AuthorizeSecurityGroupIngress" "amazonka-ec2-2.0-48L9RAJvmvzAdBkRegqWCL" 'False) (C1 ('MetaCons "AuthorizeSecurityGroupIngress'" 'PrefixI 'True) (((S1 ('MetaSel ('Just "cidrIp") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "dryRun") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool))) :: (S1 ('MetaSel ('Just "fromPort") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Int)) :: (S1 ('MetaSel ('Just "groupId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "groupName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))))) :: ((S1 ('MetaSel ('Just "ipPermissions") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [IpPermission])) :: (S1 ('MetaSel ('Just "ipProtocol") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "sourceSecurityGroupName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)))) :: (S1 ('MetaSel ('Just "sourceSecurityGroupOwnerId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: (S1 ('MetaSel ('Just "tagSpecifications") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [TagSpecification])) :: S1 ('MetaSel ('Just "toPort") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Int)))))))

newAuthorizeSecurityGroupIngress :: AuthorizeSecurityGroupIngress Source #

Create a value of AuthorizeSecurityGroupIngress with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

AuthorizeSecurityGroupIngress, authorizeSecurityGroupIngress_cidrIp - The IPv4 address range, in CIDR format. You can't specify this parameter when specifying a source security group. To specify an IPv6 address range, use a set of IP permissions.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

$sel:dryRun:AuthorizeSecurityGroupIngress', authorizeSecurityGroupIngress_dryRun - Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

AuthorizeSecurityGroupIngress, authorizeSecurityGroupIngress_fromPort - The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all types. If you specify all ICMP types, you must specify all codes.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

AuthorizeSecurityGroupIngress, authorizeSecurityGroupIngress_groupId - The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

AuthorizeSecurityGroupIngress, authorizeSecurityGroupIngress_groupName - [EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

AuthorizeSecurityGroupIngress, authorizeSecurityGroupIngress_ipPermissions - The sets of IP permissions.

AuthorizeSecurityGroupIngress, authorizeSecurityGroupIngress_ipProtocol - The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). To specify icmpv6, use a set of IP permissions.

VPC only: Use -1 to specify all protocols. If you specify -1 or a protocol other than tcp, udp, or icmp, traffic on all ports is allowed, regardless of any ports you specify.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

$sel:sourceSecurityGroupName:AuthorizeSecurityGroupIngress', authorizeSecurityGroupIngress_sourceSecurityGroupName - [EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.

$sel:sourceSecurityGroupOwnerId:AuthorizeSecurityGroupIngress', authorizeSecurityGroupIngress_sourceSecurityGroupOwnerId - [nondefault VPC] The Amazon Web Services account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.

AuthorizeSecurityGroupIngress, authorizeSecurityGroupIngress_tagSpecifications - [VPC Only] The tags applied to the security group rule.

AuthorizeSecurityGroupIngress, authorizeSecurityGroupIngress_toPort - The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all codes. If you specify all ICMP types, you must specify all codes.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

Request Lenses

authorizeSecurityGroupIngress_cidrIp :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

The IPv4 address range, in CIDR format. You can't specify this parameter when specifying a source security group. To specify an IPv6 address range, use a set of IP permissions.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

authorizeSecurityGroupIngress_dryRun :: Lens' AuthorizeSecurityGroupIngress (Maybe Bool) Source #

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

authorizeSecurityGroupIngress_fromPort :: Lens' AuthorizeSecurityGroupIngress (Maybe Int) Source #

The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all types. If you specify all ICMP types, you must specify all codes.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

authorizeSecurityGroupIngress_groupId :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

authorizeSecurityGroupIngress_groupName :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

EC2-Classic, default VPC: The name of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

authorizeSecurityGroupIngress_ipPermissions :: Lens' AuthorizeSecurityGroupIngress (Maybe [IpPermission]) Source #

The sets of IP permissions.

authorizeSecurityGroupIngress_ipProtocol :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). To specify icmpv6, use a set of IP permissions.

VPC only: Use -1 to specify all protocols. If you specify -1 or a protocol other than tcp, udp, or icmp, traffic on all ports is allowed, regardless of any ports you specify.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

authorizeSecurityGroupIngress_sourceSecurityGroupName :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

EC2-Classic, default VPC: The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.

authorizeSecurityGroupIngress_sourceSecurityGroupOwnerId :: Lens' AuthorizeSecurityGroupIngress (Maybe Text) Source #

nondefault VPC: The Amazon Web Services account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.

authorizeSecurityGroupIngress_tagSpecifications :: Lens' AuthorizeSecurityGroupIngress (Maybe [TagSpecification]) Source #

VPC Only: The tags applied to the security group rule.

authorizeSecurityGroupIngress_toPort :: Lens' AuthorizeSecurityGroupIngress (Maybe Int) Source #

The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all codes. If you specify all ICMP types, you must specify all codes.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

Destructuring the Response

data AuthorizeSecurityGroupIngressResponse Source #

See: newAuthorizeSecurityGroupIngressResponse smart constructor.

Constructors

AuthorizeSecurityGroupIngressResponse'
Fields return' :: Maybe Bool Returns `true` if the request succeeds; otherwise, returns an error. securityGroupRules :: Maybe [SecurityGroupRule] Information about the inbound (ingress) security group rules that were added. httpStatus :: Int The response's http status code.

Instances

Instances details

Generic AuthorizeSecurityGroupIngressResponse Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Associated Types type Rep AuthorizeSecurityGroupIngressResponse :: Type -> Type # Methods from :: AuthorizeSecurityGroupIngressResponse -> Rep AuthorizeSecurityGroupIngressResponse x # to :: Rep AuthorizeSecurityGroupIngressResponse x -> AuthorizeSecurityGroupIngressResponse #
Read AuthorizeSecurityGroupIngressResponse Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods readsPrec :: Int -> ReadS AuthorizeSecurityGroupIngressResponse # readList :: ReadS [AuthorizeSecurityGroupIngressResponse] # readPrec :: ReadPrec AuthorizeSecurityGroupIngressResponse # readListPrec :: ReadPrec [AuthorizeSecurityGroupIngressResponse] #
Show AuthorizeSecurityGroupIngressResponse Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods showsPrec :: Int -> AuthorizeSecurityGroupIngressResponse -> ShowS # show :: AuthorizeSecurityGroupIngressResponse -> String # showList :: [AuthorizeSecurityGroupIngressResponse] -> ShowS #
NFData AuthorizeSecurityGroupIngressResponse Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods rnf :: AuthorizeSecurityGroupIngressResponse -> () #
Eq AuthorizeSecurityGroupIngressResponse Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress Methods (==) :: AuthorizeSecurityGroupIngressResponse -> AuthorizeSecurityGroupIngressResponse -> Bool # (/=) :: AuthorizeSecurityGroupIngressResponse -> AuthorizeSecurityGroupIngressResponse -> Bool #
type Rep AuthorizeSecurityGroupIngressResponse Source #
Instance details Defined in Amazonka.EC2.AuthorizeSecurityGroupIngress type Rep AuthorizeSecurityGroupIngressResponse = D1 ('MetaData "AuthorizeSecurityGroupIngressResponse" "Amazonka.EC2.AuthorizeSecurityGroupIngress" "amazonka-ec2-2.0-48L9RAJvmvzAdBkRegqWCL" 'False) (C1 ('MetaCons "AuthorizeSecurityGroupIngressResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "return'") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :: (S1 ('MetaSel ('Just "securityGroupRules") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [SecurityGroupRule])) :: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int))))

newAuthorizeSecurityGroupIngressResponse Source #

Arguments

:: Int	`$sel:httpStatus:AuthorizeSecurityGroupIngressResponse'`
-> AuthorizeSecurityGroupIngressResponse

Create a value of AuthorizeSecurityGroupIngressResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:return':AuthorizeSecurityGroupIngressResponse', authorizeSecurityGroupIngressResponse_return - Returns true if the request succeeds; otherwise, returns an error.

$sel:securityGroupRules:AuthorizeSecurityGroupIngressResponse', authorizeSecurityGroupIngressResponse_securityGroupRules - Information about the inbound (ingress) security group rules that were added.

$sel:httpStatus:AuthorizeSecurityGroupIngressResponse', authorizeSecurityGroupIngressResponse_httpStatus - The response's http status code.

Response Lenses

authorizeSecurityGroupIngressResponse_return :: Lens' AuthorizeSecurityGroupIngressResponse (Maybe Bool) Source #

Returns true if the request succeeds; otherwise, returns an error.

authorizeSecurityGroupIngressResponse_securityGroupRules :: Lens' AuthorizeSecurityGroupIngressResponse (Maybe [SecurityGroupRule]) Source #

Information about the inbound (ingress) security group rules that were added.

authorizeSecurityGroupIngressResponse_httpStatus :: Lens' AuthorizeSecurityGroupIngressResponse Int Source #

The response's http status code.