RevokeSecurityGroupIngress
Description
Revokes permissions from a security group. The permissions used to revoke must be specified using the same values used to grant the permissions.
Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP).
Permission changes are quickly propagated to instances within the security group. However, depending on the number of instances in the group, a small delay is might occur.
Request Parameters
Name | Description | Required |
---|---|---|
|
Type: |
Ancestor: None
Children: userId
, groupName
, and ipPermissions
userId
AWS Access Key ID.
Type: xsd:string
Default: None
Ancestor: RevokeSecurityGroupIngressType
Children: None
Yes
groupName
Name of the group to modify.
Type: xsd:string
Default: None
Ancestor: RevokeSecurityGroupIngressType
Children: None
Yes
ipPermissions
Set of permissions to add to the group.
Type: IpPermissionSetType
Ancestor: RevokeSecurityGroupIngressType
Children: item
Yes
item
Set of IP permissions.
Type: IpPermissionType
Ancestor: ipPermissions
Children: ipProtocol
, fromPort
, toPort
, groups
, and ipRanges
Yes
ipProtocol
IP protocol.
Type: xsd:string
Valid Values: tcp
| udp
| icmp
Default: None
Ancestor: item
Children: None
Yes
fromPort
Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).
Type: xsd:int
Default: None
Ancestor: item
Children: None
Yes
toPort
End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).
Type: xsd:int
Default: None
Ancestor: item
Children: None
Yes
groups
List of security group and user ID pairs.
Type: UserIdGroupPairSetType
Ancestor: item
Children: item
Yes
item
Information for one security group.
Type: UserIdGroupPairType
Ancestor: groups
Children: userId
, groupName
Yes
userId
AWS User ID of an account. Cannot be used when specifying a CIDR IP address.
Type: xsd:string
Default: None
Ancestor: item
Children: None
Yes
groupName
Name of the security group. Cannot be used when specifying a CIDR IP address.
Type: xsd:string
Default: None
Ancestor: item
Children: None
Yes
ipRanges
IP ranges.
Type: IpRangeSetType
Ancestor: item
Children: item
Yes
item
Information for one IP range.
Type: IpRangeItemType
Ancestor: ipRanges
Children: cidrIp
Yes
cidrIp
CIDR range.
Type: xsd:string
Default: None
Constraints: Valid CIDR IP address range.
Ancestor: item
Children: None
Yes
Response Elements
Name | Description |
---|---|
|
Type: RevokeSecurityGroupIngressResponseType Ancestor: None Children: |
|
The ID of the request. Type: xsd:string Ancestor: Children: None |
|
Returns Type: xsd:boolean Ancestor: Children: None |
Examples
Example Request
This example revokes TCP port 80 access from the 205.192.0.0/16 address range for the websrv
security group.
<RevokeSecurityGroupIngress xmlns="http://ec2.amazonaws.com/doc/2009-08-15/"> <userId/> <groupName>websrv</groupName> <ipPermissions> <item> <ipProtocol>tcp</ipProtocol> <fromPort>80</fromPort> <toPort>80</toPort> <groups/> <ipRanges> <item> <cidrIp>205.192.0.0/16</cidrIp> </item> <ipRanges> </item> </ipPermissions> </RevokeSecurityGroupIngress>
Example Response
<RevokeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2009-08-15/"> <return>true</return> </RevokeSecurityGroupIngressResponse>