:doc:`EC2 <../../ec2>` / Client / modify_security_group_rules

***************************
modify_security_group_rules
***************************



.. py:method:: EC2.Client.modify_security_group_rules(**kwargs)

  

  Modifies the rules of a security group.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySecurityGroupRules>`_  


  **Request Syntax**
  ::

    response = client.modify_security_group_rules(
        GroupId='string',
        SecurityGroupRules=[
            {
                'SecurityGroupRuleId': 'string',
                'SecurityGroupRule': {
                    'IpProtocol': 'string',
                    'FromPort': 123,
                    'ToPort': 123,
                    'CidrIpv4': 'string',
                    'CidrIpv6': 'string',
                    'PrefixListId': 'string',
                    'ReferencedGroupId': 'string',
                    'Description': 'string'
                }
            },
        ],
        DryRun=True|False
    )
    
  :type GroupId: string
  :param GroupId: **[REQUIRED]** 

    The ID of the security group.

    

  
  :type SecurityGroupRules: list
  :param SecurityGroupRules: **[REQUIRED]** 

    Information about the security group properties to update.

    

  
    - *(dict) --* 

      Describes an update to a security group rule.

      

    
      - **SecurityGroupRuleId** *(string) --* **[REQUIRED]** 

        The ID of the security group rule.

        

      
      - **SecurityGroupRule** *(dict) --* 

        Information about the security group rule.

        

      
        - **IpProtocol** *(string) --* 

          The IP protocol name ( ``tcp``, ``udp``, ``icmp``, ``icmpv6``) or number (see `Protocol Numbers <http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml>`__).

           

          Use ``-1`` to specify all protocols.

          

        
        - **FromPort** *(integer) --* 

          If the protocol is TCP or UDP, this is the start of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).

          

        
        - **ToPort** *(integer) --* 

          If the protocol is TCP or UDP, this is the end of the port range. If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).

          

        
        - **CidrIpv4** *(string) --* 

          The IPv4 CIDR range. To specify a single IPv4 address, use the /32 prefix length.

          

        
        - **CidrIpv6** *(string) --* 

          The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix length.

          

        
        - **PrefixListId** *(string) --* 

          The ID of the prefix list.

          

        
        - **ReferencedGroupId** *(string) --* 

          The ID of the security group that is referenced in the security group rule.

          

        
        - **Description** *(string) --* 

          The description of the security group rule.

          

        
      
    

  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Return': True|False
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **Return** *(boolean) --* 

        Returns ``true`` if the request succeeds; otherwise, returns an error.

        
  