Manualshelf

User guide

ManualsBrandsAmazon ManualsComputer equipmentAWS SDK
41424344454647484950
CreateSecurityGroupResponse newGroupResponse =
ec2Client.CreateSecurityGroup(newGroupRequest);
Pass the request object to the Amazon EC2 client's CreateSecurityGroup method, which returns a
CreateSecurityGroupResponse object.
3. Optionally, you can obtain the SecurityGroup object for the group that you just created by using
the To select an existing security group (p. 44) procedure described earlier.
Authorize Security Group Ingress
By default, Amazon EC2 instances have no constraints on their outbound traffic but accept no inbound
traffic. To receive inbound traffic, an instance must be associated with a security group that explicitly
authorizes ingress.You can configure the ingress authorization to limit inbound traffic to individual IP
addresses, ranges of IP addresses, specific protocols, and specific TCP/UDP ports.
You authorize ingress for a new security group, as follows.
To authorize security group ingress for a new security group
1. Create and initialize an IpPermission object.
var ipPermission = new IpPermission()
{
IpProtocol = "tcp",
FromPort = 3389,
ToPort = 3389
};
ipPermission.IpRanges.Add("0.0.0.0/0");
To initialize the object:
Specify the IP protocol by assigning it to the IpProtocol property.
For the TCP or UDP protocol, authorize ingress for specified ports by assigning appropriate values
to the FromPort and ToPort properties, which represent the beginning and end of the port range,
respectively. This example specifies a single port, 3389, which is the port that you use to
communicate with Windows in an Amazon EC2 instance by using the remote desktop protocol.
Authorize ingress for particular IP addresses or address ranges by adding them to the IpRanges
collection. Use the CIDR notation to represent addresses or address ranges. For convenience,
this example uses 0.0.0.0/0, which authorizes all addresses. For production use, you typically
specify a more restricted range or even a single address.
Incoming packets must meet all of these specifications.
2. Create and initialize an AuthorizeSecurityGroupIngressRequest object.
var ingressRequest = new AuthorizeSecurityGroupIngressRequest();
ingressRequest.GroupName = secGroupName;
ingressRequest.IpPermissions.Add(ipPermission);
To initialize the object:
Version v2.0.0
46
AWS SDK for .NET Developer Guide
Authorize Security Group Ingress