Class AWS::EC2::SecurityGroup
In: lib/aws/ec2/security_group.rb
lib/aws/ec2/security_group/ip_permission_collection.rb
lib/aws/ec2/security_group/ip_permission.rb
Parent: Resource

Represents a security group in EC2.

@attr_reader [String] description The short informal description

  given when the group was created.

@attr_reader [String] name The name of the security group.

@attr_reader [String] owner_id The security group owner‘s id.

Methods

Included Modules

TaggedItem

Classes and Modules

Class AWS::EC2::SecurityGroup::IpPermission
Class AWS::EC2::SecurityGroup::IpPermissionCollection

External Aliases

id -> group_id

Attributes

id  [R]  @return [String] The id of the security group.

Public Class methods

Public Instance methods

Adds ingress rules for ICMP pings. Defaults to 0.0.0.0/0 for the list of allowed IP ranges the ping can come from.

  security_group.allow_ping # anyone can ping servers in this group

  # only allow ping from a particular address
  security_group.allow_ping('123.123.123.123/0')

@param [String] ip_ranges One or more IP ranges to allow ping from.

  Defaults to 0.0.0.0/0

Adds an ingress rules to a security group.

Each ingress exception is comprised of a protocol a port range and a list of sources.

This example grants the whole internet (0.0.0.0/0) access to port 80 over TCP (HTTP web traffic).

  security_groups['websrv'].authorize_ingress(:tcp, 80)

In the following example we grant SSH access from a list of IP address.

  security_groups['appsrv'].authorize_ingress(:tcp, 22,
    '111.111.111.111/0', '222.222.222.222/0')

You can also grant privileges to other security groups. This is a convenient shortcut for granting permissions to all EC2 servers in a particular security group access.

  web = security_groups['httpservers']
  db = security_groups['dbservers']

  db.authorize_ingress(:tcp, 3306, web)

You can specify port ranges as well:

  security_groups['ftpsvr'].authorize_ingress(:tcp, 20..21)

You can even mix and match IP address and security groups.

@param [String, Symbol] protocol Should be :tcp, :udp or :icmp

  or the string equivalent.

@param [Integer, Range] ports The port (or port range) to allow

  ingress traffic over.  You can pass a single integer (like 80)
  or a range (like 20..21).

@param [Mixed] sources One or more CIDR IP addresses,

  security groups, or hashes.  Hash values should
  have :group_id and :user_id keys/values.  This is useful
  for when the security group belongs to another account.  The
  user id should be the owner_id (account id) of the security
  group.

@return [nil]

Deletes this security group.

If you attempt to delete a security group that contains instances, or attempt to delete a security group that is referenced by another security group, an error is raised. For example, if security group B has a rule that allows access from security group A, security group A cannot be deleted until the rule is removed. @return [nil]

Removes ingress rules for ICMP pings. Defaults to 0.0.0.0/0 for the list of IP ranges to revoke.

@param [String] ip_ranges One or more IP ranges to allow ping from.

  Defaults to 0.0.0.0/0

@return [Boolean] True if the security group exists.

@return [SecurityGroup::IpPermissionCollection] Returns a

  collection of {IpPermission} objects that represents all of
  the permissions this security group has authorizations for.

Protected Instance methods

[Validate]