EC2 - Authorize Security Group

Declaration

<AMAWSEC2 ACTIVITY="authorize_security_group" SECURITYGROUP="text" USERID="number" CIDRIP="number" IPPROTOCOL="text (options)" FROMPORT="number" TOPORT="number" />

See Also

EC2 - Delete Security Group, EC2 - Delete Snapshot, EC2 - Delete Volume, EC2 - Disassociate Address, EC2 - End Session, EC2 - Launch Instance, EC2 - List Addresses, EC2 - List Images, EC2 - List Key Pairs, EC2 - List Running Instances, EC2 - List Security Groups, EC2 - List Snapshots, EC2 - List Volumes,  EC2 - Reboot Instance, EC2 - Release Address, EC2 - Revoke Security Group, EC2 - Start Instance, EC2 - Stop Instance, EC2 - Terminate Instance

Description

Gives one or more CIDR (Classless Inter-Domain Routing) IP address ranges permission to access a security group in your account or gives one or more security groups (also called source groups) permission to access a security group in your account. A source group can be in your own AWS account, or another.  

The permission is comprised of the IP protocol (TCP, UDP or ICMP) and the CIDR range or source group. For TCP and UDP, you also specify the source and destination port ranges; for ICMP, you also specify the ICMP types. You can use -1 as a wildcard for the ICMP type.

NOTE: The required parameters differ depending on whether authorization is given to a CIDR IP address range or security group.

 

IMPORTANT: The EC2 activities are performed using Amazon's EC2 engine. You must enter a valid Amazon EC2 service account in order for these activities to work properly.

Practical Usage

See Description.

Parameters

Security Group Properties

Property

Type

Required

Default

Markup

Description

Security Group

Text

Yes

(Empty)

SECURITYGROUP="websrv"

Name of the security group to modify. The name must be valid, and the group must belong to your account.

User ID

Number

Yes

(Empty)

USERID="495219933132"

The AWS account ID that owns the source security group. Cannot be used when specifying a CIDR IP address.

CIDR IP Permission

If enabled, gives one or more CIDR (Classless Inter-Domain Routing) IP address ranges permission to access a security group in your account. The parameters below become available if this option is selected.

IP Protocol

Text (Options)

Yes if CIDR IP Permission option is chosen

tcp

IPPROTOCOL="udp"

The IP Protocol. This option is available only if the CIDR IP Permission option is selected. The available options are:

  • tcp

  • udp

  • icmp

CIDR IP

Number

Yes if CIDR IP Permission option is chosen

(Empty)

CIDRIP="209.223.157.0/24"

The CIDR IP address range to allow permission to the security group. This option is available only if the CIDR IP Permission option is selected.

From Port

Number

Yes if CIDR IP Permission option is chosen

(Empty)

FROMPORT="80"

For the TCP or UDP protocols, this specifies the beginning port in a range of ports to allow. This option is available only if the CIDR IP Permission option is selected.

To Port

Number

Yes if CIDR IP Permission option is chosen

(Empty)

TOPORT="84"

For the TCP or UDP protocols, this specifies the end port in a range of ports to allow. This option is available only if the CIDR IP Permission option is selected.

User Group/Pair Permission

If enabled, gives one or more security groups permission to access a security group in your account. The parameters below become available if this option is selected.

Source Security Group Name

Text

Yes if User Group/Pair Permission option is chosen

(Empty)

SOURCEGROUP="headoffice"

The name of the source security group.

NOTE: Cannot be used when specifying a CIDR IP address.

This option is available only if the User Group/Pair Permission option is selected.

Source Security Group OwnerID

Text

Yes if User Group/Pair Permission option is chosen

(Empty)

SOURCEOWNERID="495219933132"

The AWS account ID that owns the source security group. This option is available only if the User Group/Pair Permission option is selected.

 

Credentials Properties

These properties allow you to create a custom session for this activity or link this activity to an existing session.

Property

Type

Required

Default

Markup

Description

Provide Credentials

 

 

 

 

Indicates where this activity's credentials should originate from. Different properties apply depending on the option selected.

The available options are:

  • Custom (Default) - Specifies that a custom set of credentials will be entered for this EC2 activity. Select this option if performing a single EC2 activity.

  • Session Based - Specifies that credentials should derive from a session created in a previous step with the use of the Create Session activity. This allows several EC2 activities to be linked to a specific session.

Access Key

Text

Yes

(Empty)

ACCESSKEY="MyAccessKey"

A 20-character, alphanumeric string that uniquely identifies a user who owns a EC2 account (i.e. 022QF06E7MXBSH9DHM02). This along with a Secret Access Key forms a secure information set that EC2 uses to confirm a valid user's identity.

This property is active only if Custom is selected under the Provide Credentials property.

Secret Access Key

Text

Yes

(Empty)

SECRETKEY="SecretKey"

A 40-character string that serves the role as Password to access EC2 (i.e. kWcrlUX5JEDGM/LtmEENI/aVmYvHNif5zB+d9+ct). This along with an associated Access Key forms a secure information set that EC2 uses to confirm a valid user's identity.

This property is active only if Custom is selected under the Provide Credentials property.

User Agent

Text

No

AutoMate

USERAGENT="AutoMate"

The User-Agent header name. The User-Agent request-header field contains information about the user agent originating the request such as timeouts, proxies, name, etc. The default User Agent name is AutoMate.

This property is active only if Custom is selected under the Provide Credentials property.

Service URL

Text

No

(Empty)

SERVICEURL=

"https://sdb.eu-west-1.amazonaws.com"

The Service URL used to make requests to the EC2 service. The Service URL provides the service endpoint. For example, To make the service call to a different region, you can pass the region-specific endpoint, such as 'https://sdb.eu-west-1.amazonaws.com'.

This property is active only if Custom is selected under the Provide Credentials property.

Maximum retry on error

Number

No

(Empty)

MAXERRORRETRY="4"

Signifies how many times the Amazon EC2 engine should retry the request before returning an error.

This property is active only if Custom is selected under the Provide Credentials property.

Proxy Host

Text

No

(Empty)

PROXYHOST="proxy.host.com"

The host name (server.domain.com) or IP address (xxx.xxx.xxx.xxx) of the proxy server.

This property is active only if Custom is selected under the Provide Credentials property.

Proxy Port

Number

No

(Empty)

PROXYPORT="1028"

The port that should be used to connect to the proxy server.

This property is active only if Custom is selected under the Provide Credentials property.

Signature Method

Text

No

(Empty)

SIGNMETHOD="HmacSHA256"

The Signature Method for signing the request.

This property is active only if Custom is selected under the Provide Credentials property.

Signature Version

Number

No

(Empty)

SIGNVERSION="2"

The Signature Version for signing the request. The version refers to the particular algorithm for signing the request.

This property is active only if Custom is selected under the Provide Credentials property.

Session Name

Text

Yes

EC2Session

SESSION="EC2Session1"

The session name to be created. This allows several EC2 activities to be linked to this  session, eliminating redundancy. Numerous sessions can be used within a single task. The default value is EC2Session.

NOTE: Use the End Session activity to end an EC2 session.

This property is active only if Session Based is selected under the Provide Credentials property.

Description Properties

The Description tab allows you to customize the text description of any step as it appears in the Task Builder's Steps Pane.

More on setting custom step description

Error Causes Properties

The Error Causes tab properties allows you to instruct a task step to react only to specific errors or ignore certain errors that should cause it to fail.

More on Error Causes properties

On Error Properties

The On Error tab properties lets you determine what the task should do if a particular step encounters an error as defined in the Error Causes properties.

More about On Error properties

Additional Notes

Expressions, Variables and Functions

All text fields allow the use of expressions such as variables, functions or AutoMate extended functions, which can be entered by surrounding the expression in percentage signs (example: %FileDateTime(myVar)% or %myVar%, %Left('Text',2)%). To help construct these expressions, you can open Expression Builder from these fields by clicking the Insert Expression (%) button or by pressing F2.

More on expressions

More on variables

More on function

More on extended functions
More on the expression builder

Example

NOTE: The code below can be copied and pasted directly into the Steps pane of the Task Builder.

 

Example 1 - Revoke CIRD IP Permission

 

<AMAWSEC2 ACTIVITY="authorize_security_group" SECURITYGROUP="websrv" USERID="495219933132" CIDRIP="209.223.157.0/24" IPPROTOCOL="udp" FROMPORT="80" TOPORT="84" />

 

 

Example 2 - Revoke User Group/Pair Permission

 

<AMAWSEC2 ACTIVITY="authorize_security_group" SECURITYGROUP="Websrvs" USERID="495219933132" SOURCEGROUP="headoffice" SOURCEOWNERID="495219933132" />

 

↑ Top of Page