AWS Security ChangesHomeSearch

AWS managedservices documentation change

Service: managedservices · 2025-09-28 · Documentation low

File: managedservices/latest/ctref/management-advanced-security-group-authorize-ingress-rule.md

Summary

Updated documentation to support authorizing multiple ingress rules in a single request, changed version from 3.0 to 4.0, updated example parameters structure to handle multiple rules array, and modified public IP handling instructions

Security assessment

The changes primarily expand functionality to handle multiple rules in one operation and update parameter structures. While security group management is inherently security-related, there's no evidence this addresses a specific vulnerability. The public IP handling instruction change appears procedural rather than vulnerability-related.

Diff

diff --git a/managedservices/latest/ctref/management-advanced-security-group-authorize-ingress-rule.md b/managedservices/latest/ctref/management-advanced-security-group-authorize-ingress-rule.md
index d02563c77..1ddd615a5 100644
--- a//managedservices/latest/ctref/management-advanced-security-group-authorize-ingress-rule.md
+++ b//managedservices/latest/ctref/management-advanced-security-group-authorize-ingress-rule.md
@@ -9 +9 @@ Change Type DetailsAdditional InformationExecution Input ParametersExample: Requ
-Authorize the ingress rule for the specified security group (SG). You must specify the configurations of the ingress rule that you are authorizing. Note that this adds an ingress rule to the specified SG but does not modify any existing ingress rules.
+Authorize multiple ingress rules for the specified security group (SG). You must specify the configurations of the ingress rule that you are authorizing. Note that adding an ingress rule to the specified SG does not modify any existing ingress rules.
@@ -17 +17 @@ Change type ID | ct-3j2zstluz6dxq
-Current version | 3.0  
+Current version | 4.0  
@@ -79 +79,2 @@ Issue the create RFC command with execution parameters provided inline (escape q
-    aws amscm create-rfc --change-type-id "ct-3j2zstluz6dxq" --change-type-version "3.0" --title "Authorize security group ingress rule" --execution-parameters '{"DocumentName":"AWSManagedServices-AuthorizeSecurityGroupIngressRuleV3","Region":"us-east-1","Parameters":{"SecurityGroupId":["SG_ID"],"IpProtocol":["tcp"],"FromPort":[80],"ToPort":[80],"Source":["10.0.0.1/24"],"Description":["HTTP Port for 10.0.0.1/24"]}}'
+    aws amscm create-rfc --change-type-id "ct-3j2zstluz6dxq" --change-type-version "4.0" --title "AWSManagedServices-AuthorizeSecurityGroupIngressRulesV4" --execution-parameters "{\"DocumentName\": \"AWSManagedServices-AuthorizeSecurityGroupIngressRulesV4\",\"Region\": \"us-east-1\",\"Parameters\": {\"SecurityGroupId\": [
+    \"sg-03b5e3a1ad874bdd7\"],\"InboundRules\": [{\"IpProtocol\": \"tcp\",\"FromPort\": \"80\",\"ToPort\": \"80\",\"Source\": \"192.168.1.0/24\"},{\"IpProtocol\": \"tcp\",\"FromPort\": \"99\",\"ToPort\": \"99\",\"Source\": \"172.16.0.0/24\", \"Description\": \"On-prem IP\"}]}}"
@@ -90 +91 @@ _TEMPLATE CREATE_ :
-      "DocumentName" : "AWSManagedServices-AuthorizeSecurityGroupIngressRuleV3",
+    "DocumentName": "AWSManagedServices-AuthorizeSecurityGroupIngressRulesV4",
@@ -92,0 +94 @@ _TEMPLATE CREATE_ :
+    {
@@ -94,10 +96 @@ _TEMPLATE CREATE_ :
-          "SG_ID"
-        ],
-        "IpProtocol" : [
-          "tcp"
-        ],
-        "FromPort" : [
-          80
-        ],
-        "ToPort" : [
-          80
+    "sg-03b5e3a1ad874bdd7"
@@ -105,5 +98,14 @@ _TEMPLATE CREATE_ :
-        "Source" : [
-          "10.0.0.1/24"
-        ],
-        "Description" : [
-          "HTTP Port for 10.0.0.1/24"
+    "InboundRules": [
+    {
+    "IpProtocol": "tcp",
+    "FromPort": "80",
+    "ToPort": "80",
+    "Source": "192.168.1.0/24",
+    },
+    {
+    "IpProtocol": "tcp",
+    "FromPort": "99",
+    "ToPort": "99",
+    "Source": "172.16.0.0/24",
+    "Description": "On-prem IP"
+    }
@@ -112,0 +115 @@ _TEMPLATE CREATE_ :
+    }
@@ -120,0 +124 @@ _TEMPLATE CREATE_ :
+    "ChangeTypeVersion": "4.0",
@@ -122,2 +126 @@ _TEMPLATE CREATE_ :
-      "ChangeTypeVersion": "3.0",
-      "Title": "Authorize security group ingress rule"
+    "Title": "Authorize Multiple Ingress Rules"
@@ -148 +151 @@ There are two ways to authorize a new ingress rule:
-If the **Source** is **public IP** , then the RFC fails. To add a new ingress rule with a public IP, use the Management | Other | Other | [Create (review required) ct-1e1xtak34nx76](https://docs.aws.amazon.com/managedservices/latest/ctref/management-other-other-create-review-required.html) change type.
+If the **Source** is **public IP** , then the RFC fails. To add a new ingress rule with a public IP, use the Security group | Update change type (ct-3memthlcmvc1b).
@@ -161,21 +164 @@ For detailed information about the execution input parameters, see [Schema for C
-    {
-      "DocumentName" : "AWSManagedServices-AuthorizeSecurityGroupIngressRuleV3",
-      "Region" : "us-east-1",
-      "Parameters" : {
-        "SecurityGroupId" : [
-          "sg-abcd1234"
-        ],
-        "IpProtocol" : [
-          "tcp"
-        ],
-        "FromPort" : [
-          "80"
-        ],
-        "ToPort" : [
-          "80"
-        ],
-        "Source" : [
-          "10.0.0.1/32"
-        ]
-      }
-    }
+    Example not available.
@@ -186,24 +169 @@ For detailed information about the execution input parameters, see [Schema for C
-    {
-      "DocumentName" : "AWSManagedServices-AuthorizeSecurityGroupIngressRuleV3",
-      "Region" : "us-east-1",
-      "Parameters" : {
-        "SecurityGroupId" : [
-          "sg-abcd1234"
-        ],
-        "IpProtocol" : [
-          "tcp"
-        ],
-        "FromPort" : [
-          "80"
-        ],
-        "ToPort" : [
-          "80"
-        ],
-        "Source" : [
-          "10.0.0.0"
-        ],
-        "Description" : [
-          "New rule"
-        ]
-      }
-    }
+    Example not available.