RevokeSecurityGroupIngress

Amazon Elastic Compute Cloud: 2009-08-15

previous page next page

RevokeSecurityGroupIngress

Description

Revokes permissions from a security group. The permissions used to revoke must be specified using the same values used to grant the permissions.

Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP).

Permission changes are quickly propagated to instances within the security group. However, depending on the number of instances in the group, a small delay is might occur.

Request Parameters

NameDescriptionRequired

UserId

AWS Access Key ID.

Type: String

Default: None

Yes

GroupName

Name of the group to modify.

Type: String

Default: None

Yes

IpProtocol

IP protocol.

Type: String

Valid Values: tcp | udp | icmp

Default: None

Yes

FromPort

Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).

Type: Integer

Default: None

Yes

ToPort

End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).

Type: Integer

Default: None

Yes

SourceSecurityGroupOwnerId

AWS User ID of an account. Cannot be used when specifying a CIDR IP address.

Type: String

Default: None

Yes

SourceSecurityGroupName

Name of the security group. Cannot be used when specifying a CIDR IP address.

Type: String

Default: None

Yes

CidrIp

CIDR range.

Type: String

Default: None

Constraints: Valid CIDR IP address range.

Yes

Response Elements

NameDescription

RevokeSecurityGroupIngressResponseType

RevokeSecurityGroupIngressResponseType element.

Type:

RevokeSecurityGroupIngressResponseType

Ancestor: None

Children: requestId, return

requestId

The ID of the request.

Type: xsd:string

Ancestor: RevokeSecurityGroupIngressResponseType

Children: None

return

Returns

Type: xsd:boolean

Ancestor: RevokeSecurityGroupIngressResponseType

Children: None

Examples

Example Request

This example revokes TCP port 80 access from the 205.192.0.0/16 address range for the websrv security group.

https://ec2.amazonaws.com/?Action=RevokeSecurityGroupIngress&IpProtocol=tcp&FromPort=80&ToPort=80&CidrIp=205.192.0.0/16
&AuthParams

Example Response

<RevokeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2009-08-15/">
  <return>true</return>
</RevokeSecurityGroupIngressResponse>
previous page start next page