AWS code-library high security documentation change
Summary
Added Swift SDK example for AuthorizeSecurityGroupIngress API demonstrating ingress rules for ports 80 and 22
Security assessment
The example configures security group rules with a CIDR of 'ipAddress/0', which creates an overly broad 0.0.0.0/0 rule if ipAddress contains an actual IP. This demonstrates insecure default configuration that could lead to unintended public exposure of services.
Diff
diff --git a/code-library/latest/ug/ec2_example_ec2_AuthorizeSecurityGroupIngress_section.md b/code-library/latest/ug/ec2_example_ec2_AuthorizeSecurityGroupIngress_section.md index 9a52b7f16..6ef095658 100644 --- a//code-library/latest/ug/ec2_example_ec2_AuthorizeSecurityGroupIngress_section.md +++ b//code-library/latest/ug/ec2_example_ec2_AuthorizeSecurityGroupIngress_section.md @@ -1104,0 +1105,58 @@ There's more on GitHub. Find the complete example and learn how to set up and ru +Swift + + +**SDK for Swift** + + +###### Note + +There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/ec2#code-examples). + + + import AWSEC2 + + /// Authorize ingress of connections for the security group. + /// + /// - Parameters: + /// - groupId: The group ID of the security group to authorize access for. + /// - ipAddress: The IP address of the device to grant access to. + /// + /// - Returns: `true` if access is successfully granted; otherwise `false`. + func authorizeSecurityGroupIngress(groupId: String, ipAddress: String) async -> Bool { + let ipRange = EC2ClientTypes.IpRange(cidrIp: "\(ipAddress)/0") + let httpPermission = EC2ClientTypes.IpPermission( + fromPort: 80, + ipProtocol: "tcp", + ipRanges: [ipRange], + toPort: 80 + ) + + let sshPermission = EC2ClientTypes.IpPermission( + fromPort: 22, + ipProtocol: "tcp", + ipRanges: [ipRange], + toPort: 22 + ) + + do { + _ = try await ec2Client.authorizeSecurityGroupIngress( + input: AuthorizeSecurityGroupIngressInput( + groupId: groupId, + ipPermissions: [httpPermission, sshPermission] + ) + ) + + return true + } catch { + print("*** Error authorizing ingress for the security group: \(error.localizedDescription)") + return false + } + } + + + + * For API details, see [AuthorizeSecurityGroupIngress](https://sdk.amazonaws.com/swift/api/awsec2/latest/documentation/awsec2/ec2client/authorizesecuritygroupingress\(input:\)) in _AWS SDK for Swift API reference_. + + + +