authorize_cluster_security_group_ingress

authorize_cluster_security_group_ingress(**kwargs)

Adds an inbound (ingress) rule to an Amazon Redshift security group. Depending on whether the application accessing your cluster is running on the Internet or an Amazon EC2 instance, you can authorize inbound access to either a Classless Interdomain Routing (CIDR)/Internet Protocol (IP) range or to an Amazon EC2 security group. You can add as many as 20 ingress rules to an Amazon Redshift security group.

If you authorize access to an Amazon EC2 security group, specify EC2SecurityGroupName and EC2SecurityGroupOwnerId . The Amazon EC2 security group and Amazon Redshift cluster must be in the same Amazon Web Services Region.

If you authorize access to a CIDR/IP address range, specify CIDRIP . For an overview of CIDR blocks, see the Wikipedia article on Classless Inter-Domain Routing.

You must also associate the security group with a cluster so that clients running on these IP addresses or the EC2 instance are authorized to connect to the cluster. For information about managing security groups, go to Working with Security Groups in the Amazon Redshift Cluster Management Guide .

See also: AWS API Documentation

Request Syntax

response = client.authorize_cluster_security_group_ingress(
    ClusterSecurityGroupName='string',
    CIDRIP='string',
    EC2SecurityGroupName='string',
    EC2SecurityGroupOwnerId='string'
)
Parameters
  • ClusterSecurityGroupName (string) --

    [REQUIRED]

    The name of the security group to which the ingress rule is added.

  • CIDRIP (string) -- The IP range to be added the Amazon Redshift security group.
  • EC2SecurityGroupName (string) -- The EC2 security group to be added the Amazon Redshift security group.
  • EC2SecurityGroupOwnerId (string) --

    The Amazon Web Services account number of the owner of the security group specified by the EC2SecurityGroupName parameter. The Amazon Web Services Access Key ID is not an acceptable value.

    Example: 111122223333

Return type

dict

Returns

Response Syntax

{
    'ClusterSecurityGroup': {
        'ClusterSecurityGroupName': 'string',
        'Description': 'string',
        'EC2SecurityGroups': [
            {
                'Status': 'string',
                'EC2SecurityGroupName': 'string',
                'EC2SecurityGroupOwnerId': 'string',
                'Tags': [
                    {
                        'Key': 'string',
                        'Value': 'string'
                    },
                ]
            },
        ],
        'IPRanges': [
            {
                'Status': 'string',
                'CIDRIP': 'string',
                'Tags': [
                    {
                        'Key': 'string',
                        'Value': 'string'
                    },
                ]
            },
        ],
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • ClusterSecurityGroup (dict) --

      Describes a security group.

      • ClusterSecurityGroupName (string) --

        The name of the cluster security group to which the operation was applied.

      • Description (string) --

        A description of the security group.

      • EC2SecurityGroups (list) --

        A list of EC2 security groups that are permitted to access clusters associated with this cluster security group.

        • (dict) --

          Describes an Amazon EC2 security group.

          • Status (string) --

            The status of the EC2 security group.

          • EC2SecurityGroupName (string) --

            The name of the EC2 Security Group.

          • EC2SecurityGroupOwnerId (string) --

            The Amazon Web Services account ID of the owner of the EC2 security group specified in the EC2SecurityGroupName field.

          • Tags (list) --

            The list of tags for the EC2 security group.

            • (dict) --

              A tag consisting of a name/value pair for a resource.

              • Key (string) --

                The key, or name, for the resource tag.

              • Value (string) --

                The value for the resource tag.

      • IPRanges (list) --

        A list of IP ranges (CIDR blocks) that are permitted to access clusters associated with this cluster security group.

        • (dict) --

          Describes an IP range used in a security group.

          • Status (string) --

            The status of the IP range, for example, "authorized".

          • CIDRIP (string) --

            The IP range in Classless Inter-Domain Routing (CIDR) notation.

          • Tags (list) --

            The list of tags for the IP range.

            • (dict) --

              A tag consisting of a name/value pair for a resource.

              • Key (string) --

                The key, or name, for the resource tag.

              • Value (string) --

                The value for the resource tag.

      • Tags (list) --

        The list of tags for the cluster security group.

        • (dict) --

          A tag consisting of a name/value pair for a resource.

          • Key (string) --

            The key, or name, for the resource tag.

          • Value (string) --

            The value for the resource tag.

Exceptions

  • Redshift.Client.exceptions.ClusterSecurityGroupNotFoundFault
  • Redshift.Client.exceptions.InvalidClusterSecurityGroupStateFault
  • Redshift.Client.exceptions.AuthorizationAlreadyExistsFault
  • Redshift.Client.exceptions.AuthorizationQuotaExceededFault