An Amazon EC2 interface to create, delete, describe, grand and revoke sercurity permissions.

category Zend
package Zend_Service_Amazon
subpackage Ec2
copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
license New BSD License
inherited_from \Zend_Service_Amazon_Ec2_Abstract

 Methods

Create Amazon client.

__construct($accessKey = null, $secretKey = null) : void
Inherited

Parameters

$accessKey

$secretKey

Adds permissions to a security group

authorizeGroup(string $name, string $groupName, string $ownerId) : boolean

When authorizing a user/group pair permission, GroupName, SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified.

Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.

Parameters

$name

string

Name of the group to modify.

$groupName

string

Name of security group to authorize access to when operating on a user/group pair.

$ownerId

string

Owner of security group to authorize access to when operating on a user/group pair.

Returns

boolean

Adds permissions to a security group

authorizeIp(string $name, string $ipProtocol, integer $fromPort, integer $toPort, string $cidrIp) : boolean

Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code fields.

Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.

Parameters

$name

string

Name of the group to modify.

$ipProtocol

string

IP protocol to authorize access to when operating on a CIDR IP.

$fromPort

integer

Bottom of port range to authorize access to when operating on a CIDR IP. This contains the ICMP type if ICMP is being authorized.

$toPort

integer

Top of port range to authorize access to when operating on a CIDR IP. This contains the ICMP code if ICMP is being authorized.

$cidrIp

string

CIDR IP range to authorize access to when operating on a CIDR IP.

Returns

boolean

Creates a new security group.

create(string $name, string $description) : boolean

Every instance is launched in a security group. If no security group is specified during launch, the instances are launched in the default security group. Instances within the same security group have unrestricted network access to each other. Instances will reject network access attempts from other instances in a different security group. As the owner of instances you can grant or revoke specific permissions using the \authorizeIp, \authorizeGroup, \revokeGroup and {$link revokeIp} operations.

Parameters

$name

string

Name of the new security group.

$description

string

Description of the new security group.

Returns

boolean

Deletes a security group.

delete(string $name) : boolean

If you attempt to delete a security group that contains instances, a fault is returned. If you attempt to delete a security group that is referenced by another security group, a fault is returned. For example, if security group B has a rule that allows access from security group A, security group A cannot be deleted until the allow rule is removed.

Parameters

$name

string

Name of the security group to delete.

Returns

boolean

Returns information about security groups that you own.

describe(string|array $name = null) : array

If you specify security group names, information about those security group is returned. Otherwise, information for all security group is returned. If you specify a group that does not exist, a fault is returned.

Parameters

$name

stringarray

List of security groups to describe

Returns

array

Gets the HTTP client object.

getHttpClient() : \Zend_Http_Client
InheritedStatic

Returns

\Zend_Http_Client

Revokes permissions from a security group. The permissions used to revoke must be specified using the same values used to grant the permissions.

revokeGroup(string $name, string $groupName, string $ownerId) : boolean

Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.

When revoking a user/group pair permission, GroupName, SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified.

Parameters

$name

string

Name of the group to modify.

$groupName

string

Name of security group to revoke access to when operating on a user/group pair.

$ownerId

string

Owner of security group to revoke access to when operating on a user/group pair.

Returns

boolean

Revokes permissions from a security group. The permissions used to revoke must be specified using the same values used to grant the permissions.

revokeIp(string $name, string $ipProtocol, integer $fromPort, integer $toPort, string $cidrIp) : boolean

Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code fields.

Permission changes are propagated to instances within the security group as quickly as possible. However, depending on the number of instances, a small delay might occur.

Parameters

$name

string

Name of the group to modify.

$ipProtocol

string

IP protocol to revoke access to when operating on a CIDR IP.

$fromPort

integer

Bottom of port range to revoke access to when operating on a CIDR IP. This contains the ICMP type if ICMP is being revoked.

$toPort

integer

Top of port range to revoked access to when operating on a CIDR IP. This contains the ICMP code if ICMP is being revoked.

$cidrIp

string

CIDR IP range to revoke access to when operating on a CIDR IP.

Returns

boolean

Sets the HTTP client object to use for retrieving the feeds. If none is set, the default Zend_Http_Client will be used.

setHttpClient(\Zend_Http_Client $httpClient) 
InheritedStatic

Parameters

$httpClient

\Zend_Http_Client

Set the keys to use when accessing SQS.

setKeys($accessKey, $secretKey) : void
InheritedStatic

Parameters

$accessKey

$secretKey

Set which region you are working in. It will append the end point automaticly

setRegion(string $region) 
InheritedStatic

Parameters

$region

string

Method to fetch the Access Key

_getAccessKey() : string
Inherited

Returns

string

Method to fetch the AWS Region

_getRegion() : string
Inherited

Returns

string

Method to fetch the Secret AWS Key

_getSecretKey() : string
Inherited

Returns

string

Adds required authentication and version parameters to an array of parameters

addRequiredParameters(array $parameters) : array
Inherited

The required parameters are:

  • AWSAccessKey
  • SignatureVersion
  • Timestamp
  • Version and
  • Signature

If a required parameter is already set in the $parameters array, it is overwritten.

Parameters

$parameters

array

the array to which to add the required parameters.

Returns

array

Sends a HTTP request to the queue service using Zend_Http_Client

sendRequest(array $params = array()) : \Zend_Service_Amazon_Ec2_Response
Inherited

Parameters

$params

array

List of parameters to send with the request

Exceptions

\Zend_Service_Amazon_Ec2_Exception

Returns

\Zend_Service_Amazon_Ec2_Response

Computes the RFC 2104-compliant HMAC signature for request parameters

signParameters(array $paramaters) : string
Inherited

This implements the Amazon Web Services signature, as per the following specification:

  1. Sort all request parameters (including SignatureVersion and excluding Signature, the value of which is being created), ignoring case.

  2. Iterate over the sorted list and append the parameter name (in its original case) and then its value. Do not URL-encode the parameter values before constructing this string. Do not use any separator characters when appending strings.

Parameters

$paramaters

Returns

stringthe signed data.

Checks for errors responses from Amazon

checkForErrors(\Zend_Service_Amazon_Ec2_Response $response) : void
Inherited

Parameters

$response

\Zend_Service_Amazon_Ec2_Response

the response object to check.

Exceptions

\Zend_Service_Amazon_Ec2_Exception if one or more errors are returned from Amazon.

 Properties

 

Amazon Access Key

$_accessKey : string

Default

 

Amazon Access Key

$_defaultAccessKey : string

Default

null
Static
 

Amazon Region

$_defaultRegion : string

Default

null
Static
 

Amazon Secret Key

$_defaultSecretKey : string

Default

null
Static
 

The API version to use

$_ec2ApiVersion 

Default

'2009-04-04'
 

The HTTP query server

$_ec2Endpoint 

Default

'ec2.amazonaws.com'
 

Signature Encoding Method

$_ec2SignatureMethod 

Default

'HmacSHA256'
 

Signature Version

$_ec2SignatureVersion 

Default

'2'
 

HTTP Client used to query all web services

$_httpClient : \Zend_Http_Client

Default

null
Static
 

Period after which HTTP request will timeout in seconds

$_httpTimeout 

Default

10
 

Amazon Region

$_region : string

Default

 

Amazon Secret Key

$_secretKey : string

Default

 

An array that contains all the valid Amazon Ec2 Regions.

$_validEc2Regions : array

Default

array('eu-west-1', 'us-east-1')
Static