AWS Security ChangesHomeSearch

AWS code-library high security documentation change

Service: code-library · 2025-08-01 · Security-related high

File: code-library/latest/ug/ec2_example_ec2_AuthorizeSecurityGroupIngress_section.md

Summary

Added Swift SDK example for AuthorizeSecurityGroupIngress API demonstrating ingress rules for ports 80 and 22

Security assessment

The example configures security group rules with a CIDR of 'ipAddress/0', which creates an overly broad 0.0.0.0/0 rule if ipAddress contains an actual IP. This demonstrates insecure default configuration that could lead to unintended public exposure of services.

Diff

diff --git a/code-library/latest/ug/ec2_example_ec2_AuthorizeSecurityGroupIngress_section.md b/code-library/latest/ug/ec2_example_ec2_AuthorizeSecurityGroupIngress_section.md
index 9a52b7f16..6ef095658 100644
--- a//code-library/latest/ug/ec2_example_ec2_AuthorizeSecurityGroupIngress_section.md
+++ b//code-library/latest/ug/ec2_example_ec2_AuthorizeSecurityGroupIngress_section.md
@@ -1104,0 +1105,58 @@ There's more on GitHub. Find the complete example and learn how to set up and ru
+Swift
+    
+
+**SDK for Swift**
+    
+
+###### Note
+
+There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/ec2#code-examples). 
+    
+    
+    import AWSEC2
+    
+        /// Authorize ingress of connections for the security group.
+        /// 
+        /// - Parameters:
+        ///   - groupId: The group ID of the security group to authorize access for.
+        ///   - ipAddress: The IP address of the device to grant access to.
+        ///
+        /// - Returns: `true` if access is successfully granted; otherwise `false`.
+        func authorizeSecurityGroupIngress(groupId: String, ipAddress: String) async -> Bool {
+            let ipRange = EC2ClientTypes.IpRange(cidrIp: "\(ipAddress)/0")
+            let httpPermission = EC2ClientTypes.IpPermission(
+                fromPort: 80,
+                ipProtocol: "tcp",
+                ipRanges: [ipRange],
+                toPort: 80
+            )
+    
+            let sshPermission = EC2ClientTypes.IpPermission(
+                fromPort: 22,
+                ipProtocol: "tcp",
+                ipRanges: [ipRange],
+                toPort: 22
+            )
+    
+            do {
+                _ = try await ec2Client.authorizeSecurityGroupIngress(
+                    input: AuthorizeSecurityGroupIngressInput(
+                        groupId: groupId,
+                        ipPermissions: [httpPermission, sshPermission]
+                    )
+                )
+    
+                return true
+            } catch {
+                print("*** Error authorizing ingress for the security group: \(error.localizedDescription)")
+                return false
+            }
+        }
+    
+    
+
+  * For API details, see [AuthorizeSecurityGroupIngress](https://sdk.amazonaws.com/swift/api/awsec2/latest/documentation/awsec2/ec2client/authorizesecuritygroupingress\(input:\)) in _AWS SDK for Swift API reference_. 
+
+
+
+