1 <?xml version="1.0" encoding="UTF-8"?>
3 <sect1 id="zend.service.amazon.ec2.securitygroups">
4 <title>Zend_Service_Amazon_Ec2: Security Groups</title>
7 A security group is a named collection of access rules. These access
8 rules specify which ingress (i.e., incoming) network traffic should
9 be delivered to your instance. All other ingress traffic will be
14 You can modify rules for a group at any time. The new rules are
15 automatically enforced for all running instances and instances
16 launched in the future.
20 <title>Maximum Security Groups</title>
22 <para>You can create up to 100 security groups.</para>
25 <sect2 id="zend.service.amazon.ec2.securitygroups.maintenance">
26 <title>Security Group Maintenance</title>
28 <example id="zend.service.amazon.ec2.securitygroups.maintenance.create">
29 <title>Create a new Security Group</title>
32 <code>create</code> a new security group. Every instance is
33 launched in a security group. If no security group is specified
34 during launch, the instances are launched in the default security
35 group. Instances within the same security group have unrestricted
36 network access to each other. Instances will reject network access
37 attempts from other instances in a different security group.
41 <code>create</code> returns boolean <constant>TRUE</constant> or
42 <constant>FALSE</constant>
45 <programlisting language="php"><![CDATA[
46 $ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
48 $return = $ec2_sg->create('mygroup', 'my group description');
52 <example id="zend.service.amazon.ec2.securitygroups.maintenance.describe">
53 <title>Describe a Security Group</title>
56 <code>describe</code> returns information about security groups that
61 If you specify security group names, information about those security
62 groups is returned. Otherwise, information for all security groups is
63 returned. If you specify a group that does not exist, a fault is returned.
67 <code>describe</code> will return an array containing information
68 about security groups which includes the ownerId, groupName,
69 groupDescription and an array containing all the rules for that security
73 <programlisting language="php"><![CDATA[
74 $ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
76 $return = $ec2_sg->describe('mygroup');
80 <example id="zend.service.amazon.ec2.securitygroups.maintenance.delete">
81 <title>Delete a Security Group</title>
84 <code>delete</code> will remove the security group. If you attempt to
85 delete a security group that contains instances, a fault is returned.
86 If you attempt to delete a security group that is referenced by another
87 security group, a fault is returned. For example, if security group B
88 has a rule that allows access from security group A, security group A
89 cannot be deleted until the allow rule is removed.
93 <code>delete</code> returns boolean <constant>TRUE</constant> or
94 <constant>FALSE</constant>.
97 <programlisting language="php"><![CDATA[
98 $ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
100 $return = $ec2_sg->delete('mygroup');
105 <sect2 id="zend.service.amazon.ec2.securitygroups.authorize">
106 <title>Authorizing Access</title>
108 <example id="zend.service.amazon.ec2.securitygroups.authorize.ip">
109 <title>Authorizing by IP</title>
112 <code>authorizeIp</code> Adds permissions to a security group based on
113 an IP address, protocol type and port range.
117 Permissions are specified by the IP protocol (TCP, UDP or ICMP), the
118 source of the request (by IP range or an Amazon EC2 user-group pair),
119 the source and destination port ranges (for <acronym>TCP</acronym> and UDP), and the
120 ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used
121 as a wildcard in the type and code fields.
125 Permission changes are propagated to instances within the security group
126 as quickly as possible. However, depending on the number of instances, a
127 small delay might occur.
131 <code>authorizeIp</code> returns boolean <constant>TRUE</constant> or
132 <constant>FALSE</constant>
135 <programlisting language="php"><![CDATA[
136 $ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
138 $return = $ec2_sg->authorizeIp('mygroup',
146 <example id="zend.service.amazon.ec2.securitygroups.authorize.group">
147 <title>Authorize By Group</title>
150 <code>authorizeGroup</code> Adds permissions to a security group.
154 Permission changes are propagated to instances within the security group
155 as quickly as possible. However, depending on the number of instances, a
156 small delay might occur.
160 <code>authorizeGroup</code> returns boolean <constant>TRUE</constant> or
161 <constant>FALSE</constant>.
164 <programlisting language="php"><![CDATA[
165 $ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
167 $return = $ec2_sg->authorizeGroup('mygroup', 'securityGroupName', 'ownerId');
172 <sect2 id="zend.service.amazon.ec2.securitygroups.revoke">
173 <title>Revoking Access</title>
175 <example id="zend.service.amazon.ec2.securitygroups.revoke.ip">
176 <title>Revoke by IP</title>
179 <code>revokeIp</code> Revokes permissions to a security group based on
180 an IP address, protocol type and port range. The permissions used to revoke
181 must be specified using the same values used to grant the permissions.
185 Permissions are specified by the IP protocol (TCP, UDP or ICMP), the
186 source of the request (by IP range or an Amazon EC2 user-group pair),
187 the source and destination port ranges (for <acronym>TCP</acronym> and UDP), and the
188 ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used
189 as a wildcard in the type and code fields.
193 Permission changes are propagated to instances within the security group
194 as quickly as possible. However, depending on the number of instances, a
195 small delay might occur.
199 <code>revokeIp</code> returns boolean <constant>TRUE</constant> or
200 <constant>FALSE</constant>
203 <programlisting language="php"><![CDATA[
204 $ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
206 $return = $ec2_sg->revokeIp('mygroup',
214 <example id="zend.service.amazon.ec2.securitygroups.revoke.group">
215 <title>Revoke By Group</title>
218 <code>revokeGroup</code> Adds permissions to a security group. The permissions
219 to revoke must be specified using the same values used to grant the
224 Permission changes are propagated to instances within the security group
225 as quickly as possible. However, depending on the number of instances, a
226 small delay might occur.
230 <code>revokeGroup</code> returns boolean <constant>TRUE</constant> or
231 <constant>FALSE</constant>.
234 <programlisting language="php"><![CDATA[
235 $ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
237 $return = $ec2_sg->revokeGroup('mygroup', 'securityGroupName', 'ownerId');