RevokeSecurityGroupIngress

Amazon EC2: API Version 2007-01-03

previous page next page

RevokeSecurityGroupIngress

The RevokeSecurityGroupIngress operation revokes existing permissions that were previously granted to a security group. The permissions to revoke must be specified using the same values originally used to grant the permission.

Permissions are specified in terms of the IP protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), source and destination port ranges (for TCP and UDP), and ICMP codes and types (for ICMP). When authorizing ICMP, -1 may be used as a wildcard in the type and code fields.

Permission changes are propagated to instances within the security group being modified as quickly as possible. However, a small delay is likely, depending on the number of instances that are members of the indicated group.

When revoking a user/group pair permission, GroupName, SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and CidrIp must be specified. Mixing these two types of parameters is not allowed.

Request Parameters

The following table describes the request parameters for RevokeSecurityGroupIngress. Parameter names are case sensitive.

Element Name	Definition	Required?	Type
`GroupName`	Name of the group to modify.	Yes	`string`
`SourceSecurityGroupName`	Name of security group to revoke access to when operating on a user/group pair.	When revoking user/group pair permission.	`string`
`SourceSecurityGroupOwnerId`	Owner of security group to revoke access to when operating on a user/group pair.	When revoking user/group pair permisison.	`string`
`IpProtocol`	IP protocol to revoke access to when operating on a CIDR IP. Valid values are `tcp`, `udp` and `icmp`.	When revoking CIDR IP permission.	`string`
`FromPort`	Bottom of port range to revoke access to when operating on a CIDR IP. This contains the ICMP type if ICMP is being authorized.	When revoking CIDR IP permission.	`int`
`ToPort`	Top of port range to revoke access to when operating on a CIDR IP. This contains the ICMP code if ICMP is being authorized.	When revoking CIDR IP permission.	`int`
`CidrIp`	CIDR IP range to revoke access to when operating on a CIDR IP.	When revoking CIDR IP permission.	`string`

Response Tags

The following table describes the default response tags included in RevokeSecurityGroupIngress responses.

Element Name	Definition	Type
`return`	`true` if permissions successfully revoked.	`xsd:boolean`

Sample Request

https://ec2.amazonaws.com/
?Action=AuthorizeSecurityGroupIngress
&IpProtocol=tcp
&FromPort=80
&ToPort=80
&CidrIp=0.0.0.0/0
&...auth parameters...

Sample Response

<RevokeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2007-01-03">
  <return>true</return>
</RevokeSecurityGroupIngressResponse>

Related Operations

previous page start next page