User Guide / Using VM Networking and Security |
By default, a security group prevents incoming network traffic from all sources. You can modify network rules and allow incoming traffic to security groups from specified sources using the euca-authorize command.
To authorize security group rules:
The following example allows all incoming SSH traffic on port 22 to access to the security group mygroup. The CIDR source network, 0.0.0.0/0, refers to any source.
euca-authorize -P tcp -p 22 -s 0.0.0.0/0 mygroup GROUP mygroup ↵ PERMISSION mygroup ALLOWS tcp 22 22 FROM CIDR
Instead of specifying a CIDR source, you can specify another security group. The following example allows access to the security group mygroup from the someothergroup security group using SSH on port 22.
euca-authorize --source-group someothergroup \ --source-group-user someotheruser -P tcp -p 22 mygroup