repo_zf1/documentation/manual/en/module_specs/Zend_Service_Amazon_Ec2-Securitygroups.xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- Reviewed: no -->
<sect1 id="zend.service.amazon.ec2.securitygroups">
    <title>Zend_Service_Amazon_Ec2: Security Groups</title>

    <para>
         A security group is a named collection of access rules. These access
         rules specify which ingress (i.e., incoming) network traffic should
         be delivered to your instance. All other ingress traffic will be
         discarded.
    </para>

    <para>
        You can modify rules for a group at any time. The new rules are
        automatically enforced for all running instances and instances
        launched in the future.
    </para>

    <note>
        <title>Maximum Security Groups</title>

        <para>You can create up to 100 security groups.</para>
    </note>

    <sect2 id="zend.service.amazon.ec2.securitygroups.maintenance">
        <title>Security Group Maintenance</title>

        <example id="zend.service.amazon.ec2.securitygroups.maintenance.create">
            <title>Create a new Security Group</title>

            <para>
                <code>create</code> a new security group. Every instance is
                launched in a security group. If no security group is specified
                during launch, the instances are launched in the default security
                group. Instances within the same security group have unrestricted
                network access to each other. Instances will reject network access
                attempts from other instances in a different security group.
            </para>

            <para>
                <code>create</code> returns boolean <constant>TRUE</constant> or
                <constant>FALSE</constant>
            </para>

            <programlisting language="php"><![CDATA[
$ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
                                                     'aws_secret_key');
$return = $ec2_sg->create('mygroup', 'my group description');
]]></programlisting>
        </example>

        <example id="zend.service.amazon.ec2.securitygroups.maintenance.describe">
            <title>Describe a Security Group</title>

            <para>
                <code>describe</code> returns information about security groups that
                you own.
            </para>

            <para>
                If you specify security group names, information about those security
                groups is returned. Otherwise, information for all security groups is
                returned. If you specify a group that does not exist, a fault is returned.
            </para>

            <para>
                <code>describe</code> will return an array containing information
                about security groups which includes the ownerId, groupName,
                groupDescription and an array containing all the rules for that security
                group.
            </para>

            <programlisting language="php"><![CDATA[
$ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
                                                     'aws_secret_key');
$return = $ec2_sg->describe('mygroup');
]]></programlisting>
        </example>

        <example id="zend.service.amazon.ec2.securitygroups.maintenance.delete">
            <title>Delete a Security Group</title>

            <para>
                <code>delete</code> will remove the security group. If you attempt to
                delete a security group that contains instances, a fault is returned.
                If you attempt to delete a security group that is referenced by another
                security group, a fault is returned. For example, if security group B
                has a rule that allows access from security group A, security group A
                cannot be deleted until the allow rule is removed.
            </para>

            <para>
                <code>delete</code> returns boolean <constant>TRUE</constant> or
                <constant>FALSE</constant>.
            </para>

            <programlisting language="php"><![CDATA[
$ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
                                                     'aws_secret_key');
$return = $ec2_sg->delete('mygroup');
]]></programlisting>
        </example>
    </sect2>

    <sect2 id="zend.service.amazon.ec2.securitygroups.authorize">
        <title>Authorizing Access</title>

        <example id="zend.service.amazon.ec2.securitygroups.authorize.ip">
            <title>Authorizing by IP</title>

            <para>
                <code>authorizeIp</code> Adds permissions to a security group based on
                an IP address, protocol type and port range.
            </para>

            <para>
                Permissions are specified by the IP protocol (TCP, UDP or ICMP), the
                source of the request (by IP range or an Amazon EC2 user-group pair),
                the source and destination port ranges (for <acronym>TCP</acronym> and UDP), and the
                ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used
                as a wildcard in the type and code fields.
            </para>

            <para>
                Permission changes are propagated to instances within the security group
                as quickly as possible. However, depending on the number of instances, a
                small delay might occur.
            </para>

            <para>
                <code>authorizeIp</code> returns boolean <constant>TRUE</constant> or
                <constant>FALSE</constant>
            </para>

            <programlisting language="php"><![CDATA[
$ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
                                                     'aws_secret_key');
$return = $ec2_sg->authorizeIp('mygroup',
                                'protocol',
                                'fromPort',
                                'toPort',
                                'ipRange');
]]></programlisting>
        </example>

        <example id="zend.service.amazon.ec2.securitygroups.authorize.group">
            <title>Authorize By Group</title>

            <para>
                <code>authorizeGroup</code> Adds permissions to a security group.
            </para>

            <para>
                Permission changes are propagated to instances within the security group
                as quickly as possible. However, depending on the number of instances, a
                small delay might occur.
            </para>

            <para>
                <code>authorizeGroup</code> returns boolean <constant>TRUE</constant> or
                <constant>FALSE</constant>.
            </para>

            <programlisting language="php"><![CDATA[
$ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
                                                     'aws_secret_key');
$return = $ec2_sg->authorizeGroup('mygroup', 'securityGroupName', 'ownerId');
]]></programlisting>
        </example>
    </sect2>

    <sect2 id="zend.service.amazon.ec2.securitygroups.revoke">
        <title>Revoking Access</title>

        <example id="zend.service.amazon.ec2.securitygroups.revoke.ip">
            <title>Revoke by IP</title>

            <para>
                <code>revokeIp</code> Revokes permissions to a security group based on
                an IP address, protocol type and port range. The permissions used to revoke
                must be specified using the same values used to grant the permissions.
            </para>

            <para>
                Permissions are specified by the IP protocol (TCP, UDP or ICMP), the
                source of the request (by IP range or an Amazon EC2 user-group pair),
                the source and destination port ranges (for <acronym>TCP</acronym> and UDP), and the
                ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used
                as a wildcard in the type and code fields.
            </para>

            <para>
                Permission changes are propagated to instances within the security group
                as quickly as possible. However, depending on the number of instances, a
                small delay might occur.
            </para>

            <para>
                <code>revokeIp</code> returns boolean <constant>TRUE</constant> or
                <constant>FALSE</constant>
            </para>

            <programlisting language="php"><![CDATA[
$ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
                                                     'aws_secret_key');
$return = $ec2_sg->revokeIp('mygroup',
                             'protocol',
                             'fromPort',
                             'toPort',
                             'ipRange');
]]></programlisting>
        </example>

        <example id="zend.service.amazon.ec2.securitygroups.revoke.group">
            <title>Revoke By Group</title>

            <para>
                <code>revokeGroup</code> Adds permissions to a security group. The permissions
                to revoke must be specified using the same values used to grant the
                permissions.
            </para>

            <para>
                Permission changes are propagated to instances within the security group
                as quickly as possible. However, depending on the number of instances, a
                small delay might occur.
            </para>

            <para>
                <code>revokeGroup</code> returns boolean <constant>TRUE</constant> or
                <constant>FALSE</constant>.
            </para>

            <programlisting language="php"><![CDATA[
$ec2_sg = new Zend_Service_Amazon_Ec2_Securitygroups('aws_key',
                                                     'aws_secret_key');
$return = $ec2_sg->revokeGroup('mygroup', 'securityGroupName', 'ownerId');
]]></programlisting>
        </example>
    </sect2>
</sect1>