euca-authorize

Adds a rule to a security group that allows traffic to pass.

Syntax

euca-authorize  group_name [-P {tcp,udp} -p port_range] [-s cidr_range]
euca-authorize  group_name [-P icmp -t type:code] [-s cidr_range]

Options

Option Description Required
group_name Name of the security group to add the rule to. Yes
--egress (VPC only) Manage an egress rule, which controls traffic leaving the group.

Default: If this option is not specified, the rule is an ingress rule (applies to traffic entering the group).

No
-P, --protocol protocol | protocol_number IP protocol name or number.

Valid values: tcp | udp | icmp -1/all

Note: You can specify arbitrary IANA-assigned protocol numbers as well as the special values "all" and "-1", which refer to all network traffic, in VPC security groups. As a convenience, if a protocol is specified by name euca-authorize and euca-revoke will consult /etc/protocols to discover its number.
No
-p port_range Specifies the range of ports to allow for TCP and UDP. Not valid for ICMP.

Valid values: Single integer or range (min-max). Use -1 to specify all ports.

Conditional
-t, --icmp-type-code ICMP type and code specified as "type:code". Only works if you specify ICMP as the protocol. Conditional
-o, --source-group source_group (Non-VPC only) Group from which traffic is authorized by the rule. Every instance in the security group is allowed to pass traffic. No
-u, --source-group-user source_group_user ID of the security group user you name in the -o parameter No
-s, --source-subnet source_subnet Addresses to apply the rule to

Default: 0.0.0.0/0

No

Common Options

Option Description
--show-empty-fields Show empty fields as "(nil)".
--region user@region Region and/or user name to search when looking up config file data. Only valid for EC2 endpoints.
-U,--url url URL of the cloud service to connect to. For administrative commands, this should be <ip_address>:8773/services/Empyrean.
-I,--access-key-id key_id User's access key ID.
-S,--secret-key secret_key User's secret key.
--security-token token User's security token.
--debug Prints what the command sends to the server and what it receives from the server. Use when you're trying to debug Euca2ools.
--debugger Enable interactive debugger on error.
-h,--help Display the manual page for the command.
--version Display the version of this tool.

Output

Example

euca-authorize default -P tcp -p 80 -s 0.0.0.0/0 
GROUP   default
PERMISSION  default ALLOWS  tcp 80  80  FROM    CIDR    0.0.0.0/0
euca-authorize -P tcp -p 6697-7000 -s 1.2.3.0/24 mygroup
GROUP   mygroup
PERMISSION  mygroup ALLOWS tcp 6697 7000 FROM CIDR 1.2.3.0/24
euca-authorize -P icmp -t 0:0 -o othergroup -u 1234567890 mygroup
GROUP   mygroup
PERMISSION  mygroup ALLOWS  icmp    USER    1234567890      GRPNAME othergroup      FROM    CIDR    0.0.0.0/0
x