ModifySecurityGroupRules#

Description#

Request to modify one or more security group rules. It can be used to modify parameters of existing rules, such as port ranges, protocols and groups, or IP addresses. Changes can be applied to both inbound and outbound rules.

Request Parameters#

Required parameters#

  • GroupId — The ID of the security group.

    • Type: String

    • Required: Yes

  • SecurityGroupRule.n.SecurityGroupRuleId — The ID of the security group rule.

    • Type: String

    • Required: Yes

Optional parameters#

  • SecurityGroupRule.n.SecurityGroupRule.CidrIpv4 — The IPv4 address in CIDR notation.

    • Type: String

    • Required: No

    • Constraints: Cannot be used with SecurityGroupRule.n.SecurityGroupRule.CidrIpv6 and SecurityGroupRule.n.SecurityGroupRule.ReferencedGroupId

  • SecurityGroupRule.n.SecurityGroupRule.CidrIpv6 — The IPv6-address in CIDR notation.

    • Type: String

    • Required: No

    • Constraints: Cannot be used with SecurityGroupRule.n.SecurityGroupRule.CidrIpv4 and SecurityGroupRule.n.SecurityGroupRule.ReferencedGroupId

  • SecurityGroupRule.n.SecurityGroupRule.Description — The description of the security group rule.

    • Type: String

    • Required: No

  • SecurityGroupRule.n.SecurityGroupRule.FromPort — The start of port range for the TCP and UDP protocols, or an ICMP code. The value of -1 indicates all ICMP types.

    • Type: Integer

    • Required: No

  • SecurityGroupRule.n.SecurityGroupRule.IpProtocol — The protocol type.

    • Type: String

    • Required: No

    • Valid values: IP protocol name or number (see Protocol Numbers)

  • SecurityGroupRule.n.SecurityGroupRule.ReferencedGroupId — The ID of a security group for which access is granted.

    • Type: String

    • Required: No

    • Constraints: Cannot be used with SecurityGroupRule.n.SecurityGroupRule.CidrIpv4 and SecurityGroupRule.n.SecurityGroupRule.CidrIpv6

  • SecurityGroupRule.n.SecurityGroupRule.ToPort — The end of port range for the TCP and UDP protocols, or an ICMP code. The value of -1 indicates all ICMP codes for the specified ICMP type.

    • Type: Integer

    • Required: No

Response Elements#

  • requestId — The request ID.

    • Type: String

  • returnTrue is returned if the request succeeds, and an error otherwise.

    • Type: Boolean

Examples#

c2-ec2 ModifySecurityGroupRules GroupId <group_id> SecurityGroupRule.0.SecurityGroupRuleId <rule_id> SecurityGroupRule.0.SecurityGroupRule.IpProtocol icmp SecurityGroupRule.0.SecurityGroupRule.FromPort -1 SecurityGroupRule.0.SecurityGroupRule.ToPort -1 SecurityGroupRule.0.SecurityGroupRule.CidrIpv4 0.0.0.0/0 SecurityGroupRule.0.SecurityGroupRule.Description "Allow ICMP traffic"

c2-ec2 ModifySecurityGroupRules GroupId <group_id> SecurityGroupRule.0.SecurityGroupRuleId <rule_id> SecurityGroupRule.0.SecurityGroupRule.IpProtocol tcp SecurityGroupRule.0.SecurityGroupRule.FromPort 22 SecurityGroupRule.0.SecurityGroupRule.ToPort 22 SecurityGroupRule.0.SecurityGroupRule.CidrIpv4 0.0.0.0/0 SecurityGroupRule.0.SecurityGroupRule.Description "Allow TCP traffic on port 22"

c2-ec2 ModifySecurityGroupRules GroupId <group_id> SecurityGroupRule.0.SecurityGroupRuleId <rule_id> SecurityGroupRule.0.SecurityGroupRule.IpProtocol 6 SecurityGroupRule.0.SecurityGroupRule.FromPort 650 SecurityGroupRule.0.SecurityGroupRule.ToPort 650 SecurityGroupRule.0.SecurityGroupRule.CidrIpv6 ::/128 SecurityGroupRule.0.SecurityGroupRule.Description "Allow protocol 6 traffic on port 650 for IPv6"

c2-ec2 ModifySecurityGroupRules GroupId <group_id> SecurityGroupRule.0.SecurityGroupRuleId <rule_id> SecurityGroupRule.0.SecurityGroupRule.IpProtocol udp SecurityGroupRule.0.SecurityGroupRule.FromPort 53 SecurityGroupRule.0.SecurityGroupRule.ToPort 53 SecurityGroupRule.0.SecurityGroupRule.ReferencedGroupId <group_id_2> SecurityGroupRule.0.SecurityGroupRule.Description "Allow UDP traffic on port 53 from another security group"