Class | AWS::EC2::SecurityGroup |
In: |
lib/aws/ec2/security_group.rb
lib/aws/ec2/security_group/ip_permission_collection.rb lib/aws/ec2/security_group/ip_permission.rb |
Parent: | Resource |
Represents a security group in EC2.
@attr_reader [String] description The short informal description
given when the group was created.
@attr_reader [String] name The name of the security group.
@attr_reader [String] owner_id The security group owner‘s id.
id | -> | group_id |
id | [R] | @return [String] The id of the security group. |
Adds ingress rules for ICMP pings. Defaults to 0.0.0.0/0 for the list of allowed IP ranges the ping can come from.
security_group.allow_ping # anyone can ping servers in this group # only allow ping from a particular address security_group.allow_ping('123.123.123.123/0')
@param [String] ip_ranges One or more IP ranges to allow ping from.
Defaults to 0.0.0.0/0
Adds an ingress rules to a security group.
Each ingress exception is comprised of a protocol a port range and a list of sources.
This example grants the whole internet (0.0.0.0/0) access to port 80 over TCP (HTTP web traffic).
security_groups['websrv'].authorize_ingress(:tcp, 80)
In the following example we grant SSH access from a list of IP address.
security_groups['appsrv'].authorize_ingress(:tcp, 22, '111.111.111.111/0', '222.222.222.222/0')
You can also grant privileges to other security groups. This is a convenient shortcut for granting permissions to all EC2 servers in a particular security group access.
web = security_groups['httpservers'] db = security_groups['dbservers'] db.authorize_ingress(:tcp, 3306, web)
You can specify port ranges as well:
security_groups['ftpsvr'].authorize_ingress(:tcp, 20..21)
You can even mix and match IP address and security groups.
@param [String, Symbol] protocol Should be :tcp, :udp or :icmp
or the string equivalent.
@param [Integer, Range] ports The port (or port range) to allow
ingress traffic over. You can pass a single integer (like 80) or a range (like 20..21).
@param [Mixed] sources One or more CIDR IP addresses,
security groups, or hashes. Hash values should have :group_id and :user_id keys/values. This is useful for when the security group belongs to another account. The user id should be the owner_id (account id) of the security group.
@return [nil]
Deletes this security group.
If you attempt to delete a security group that contains instances, or attempt to delete a security group that is referenced by another security group, an error is raised. For example, if security group B has a rule that allows access from security group A, security group A cannot be deleted until the rule is removed. @return [nil]
Removes ingress rules for ICMP pings. Defaults to 0.0.0.0/0 for the list of IP ranges to revoke.
@param [String] ip_ranges One or more IP ranges to allow ping from.
Defaults to 0.0.0.0/0
@return [SecurityGroup::IpPermissionCollection] Returns a
collection of {IpPermission} objects that represents all of the permissions this security group has authorizations for.