NAMEec2-authorize - Grant permissions to a specified group
SYNOPSISec2auth ([ec2-authorize]) ec2auth [GENERAL OPTIONS] GROUP [SPECIFIC OPTIONS]
GENERAL NOTESAny command option/parameter may be passed a value of '-' to indicate that values for that option should be read from stdin.
DESCRIPTIONGrant selected permissions to a specified group. The GROUP parameter is name or ID of the group to grant this permission to. Note that VPC security groups must be specified by ID.
GENERAL OPTIONS-K, --private-key KEY Specify KEY as the private key to use. Defaults to the value of the EC2_PRIVATE_KEY environment variable (if set). Overrides the default. -C, --cert CERT Specify CERT as the X509 certificate to use. Defaults to the value of the EC2_CERT environment variable (if set). Overrides the default. -U, --url URL Specify URL as the web service URL to use. Defaults to the value of 'https://ec2.amazonaws.com' or to that of the EC2_URL environment variable (if set). Overrides the default. --region REGION Specify REGION as the web service region to use. This option will override the URL specified by the "-U URL" option and EC2_URL environment variable. -v, --verbose Verbose output. -?, --help Display this help. -H, --headers Display column headers. --debug Display additional debugging information. --show-empty-fields Indicate empty fields. --hide-tags Do not display tags for tagged resources. --connection-timeout TIMEOUT Specify a connection timeout TIMEOUT (in seconds). --request-timeout TIMEOUT Specify a request timeout TIMEOUT (in seconds).
SPECIFIC OPTIONS-P, --protocol PROTOCOL May be either a protocol name or a protocol number. Note that non-VPC security groups only allow tcp, udp and icmp rules. For non-VPC groups the protocol may be left blank, in which case it will default to tcp if a source subnet is specified, to tcp and udp if a source group and port range are specified, and to tcp, udp and icmp if only a source group is specified. For VPC groups the protocol 'all' must be explicitly specified. -p, --port-range PORT-RANGE Range of ports to open. If the tcp or udp protocol are specified (or implied by default), then the range of ports to grant access to may optionally be specified as a single integer, or as a range (min-max). Specifying -1 defaults to all ports. -t, --icmp-type-code TYPE:CODE icmp type and code. If the icmp protocol is specified, then icmp type and code may optionally be specified as type:code, where both type and code are integers and compliant with RFC792. Type or code (or both) may be specified as -1 which is a wildcard covering all types or codes. -o, --source-group SOURCE-GROUP [--source-group...] Network source from which traffic is to be authorized, specified as an EC2 security group name, e.g. default. This may be specified more than once to allow network traffic from multiple security groups. -u, --source-group-user SOURCE-GROUP-USER [--source-group-user...] The owner of the security group specified using -o. If specified only once, the same user will be used for all specified groups. However, if specified once per -o, each user is mapped to a group in order. Anything else is invalid. This option is invalid for VPC security groups. VPC source groups must be owned by the authorizing user. -s, --cidr CIDR The network source from which traffic is to be authorized in the case of an ingress request, or to which traffic is to be authorized in the case of an egress request. Specified as a CIDR subnet range, e.g. 220.127.116.11/24. This may be specified more than once to allow traffic from multiple subnets. If no subnet and no group are specified, this will default to the wildcard CIDR 0.0.0.0/0. --source-subnet Like --cidr, but for ingress requests only. For backward compatibility. --dest-subnet Like --cidr, but for egress requests only. For backward compatibility.
SEE ALSO//docs.amazonwebservices.com/AWSEC2/2011-05-15/CommandLineReference //docs.amazonwebservices.com/AWSEC2/latest/CommandLineReference EC2-AUTHORIZE(1)