5

I am using the AWS PHP SDK version 3. I am able to create security groups using the API, as well as creating IP Permission rules. What I can't figure out is how give the IP Permissions rule a name.

Here's what I have:

$params = 
[
    'Description' => 'My Security Group',
    'GroupName' => 'my_security_group',
    'VpcId' => 'vpc-a9d2h3d7',
    'TagSpecifications' => [
        [
            'ResourceType' => 'security-group',
            'Tags' =>
            [
                ['Key' => 'Name', 'Value' => 'My Security Group']
            ]                
        ]
    ],
];

$Ec2Client->createSecurityGroup($params);

At this point the group is created

Then I create an IP Permissions rule:

$ip_permissions = [
    'GroupName' => 'my_security_group',
    'FromPort' => 0, 
    'ToPort' => 65535, 
    'IpProtocol' => 'tcp', 
    'IpRanges' => [['CidrIp' => 'xx.xxx.xx.xxxx/32', 'Description' => 'Main Office']],
];

$Ec2Client->authorizeSecurityGroupIngress($ip_permissions);

Through the AWS Console, I can see that the rule is created, but the Name column is empty. How do I create the Name through the API?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
EastsideDev
  • 6,257
  • 9
  • 59
  • 116

1 Answers1

4

It would be same, by using TagSpecifications. But instead of security-group you need to have security-group-rule:

    'TagSpecifications' => [
        [
            'ResourceType' => 'security-group-rule',
            'Tags' =>
            [
                ['Key' => 'Name', 'Value' => 'My Security Group Rule']
            ]                
        ]
    ]

Full example in AWS CLI (don't have php):

aws ec2 authorize-security-group-ingress  --group-id sg-00102bde0b55e29fe --ip-permissions FromPort=0,IpProtocol=tcp,IpRanges='[{CidrIp=10.10.10.10/32,Description="Main Office"}]',ToPort=65535 --tag-specifications ResourceType=security-group-rule,Tags='[{Key=Name,Value=MyName}]'
Marcin
  • 215,873
  • 14
  • 235
  • 294
  • It did not work through PHP. The examples Amazon provides don't use these parameters. – EastsideDev Sep 01 '21 at 04:05
  • @EastsideDev There is also a separate call [createTags](https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-ec2-2016-11-15.html#createtags) which allows for setting up tags. So if `TagSpecifications` does now work in PHP, you can use the separate call `createTags`. – Marcin Sep 01 '21 at 04:31
  • Using the createTags call works. It seems weird that things that work for the CLI do not work for the PHP SDK, or are not properly documented. – EastsideDev Sep 01 '21 at 08:59
  • 1
    @EastsideDev boto3 also works. But on php docs they write `Version: 2016-11-15`. This is very old. Guess PHP does not get too many updates. – Marcin Sep 01 '21 at 09:37