IpPermission - Amazon Elastic Compute Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

IpPermission

Describes a set of permissions for a security group rule.

Contents

FromPort (request), fromPort (response)

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Type: Integer

Required: No

UserIdGroupPairs (request), groups (response)

The security group and Amazon account ID pairs.

Type: Array of UserIdGroupPair objects

Required: No

IpProtocol (request), ipProtocol (response)

The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).

[VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

Type: String

Required: No

IpRanges (request), ipRanges (response)

The IPv4 ranges.

Type: Array of IpRange objects

Required: No

Ipv6Ranges (request), ipv6Ranges (response)

[VPC only] The IPv6 ranges.

Type: Array of Ipv6Range objects

Required: No

PrefixListIds (request), prefixListIds (response)

[VPC only] The prefix list IDs.

Type: Array of PrefixListId objects

Required: No

ToPort (request), toPort (response)

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Type: Integer

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: