ec2-revoke

Amazon Elastic Compute Cloud: 2009-10-31

previous page next page

ec2-revoke

Description

Revokes permissions from a security group. The permissions used to revoke must be specified using the same values used to grant the permissions.

Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP).

Permission changes are quickly propagated to instances within the security group. However, depending on the number of instances in the group, a small delay is might occur.

Syntax

ec2-revoke group [-P protocol] (-p port_range | -t icmp_type_code) [-u source_group_user ...] [-o source_group ...] [-s source_subnet ...]

Options

Name Description Required

group

Name of the group to modify.

Type: String

Default: None

Example: websrv

Yes

Output

The command returns a table that contains the following information:

  • Output type identifier ("GROUP", "PERMISSION")

  • Group name. Currently, this will report an empty string

  • Type of rule. Currently, only ALLOW rules are supported

  • Protocol to allow

  • Start of port range

  • End of port range

  • FROM

  • Source

Amazon EC2 displays errors on stderr.

Examples

Example Request

This example revokes TCP port 80 access from the 205.192.0.0/16 address range for the websrv security group.

PROMPT> ec2-revoke websrv -P tcp -p 80 -s 205.192.0.0/16
GROUP websrv "" PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16

ec2-add-group

  • ec2-describe-group

  • ec2-authorize

  • ec2-delete-group

    • previous page start next page