ec2-revoke
ec2-revoke GROUP [-P PROTOCOL] (-p PORT_RANGE | -t ICMP_TYPE_CODE) [-u SOURCE_GROUP_USER ...] [-o SOURCE_GROUP ...] [-s SOURCE_SUBNET ...]
Revokes a rule from the security group named GROUP. To identify the rule to be removed you must provide exactly the same set of options used to create that rule.
A table containing the following information is returned:
-
Output type identifier ("GROUP", "PERMISSION").
-
Group name. Currently, this will report an empty string.
-
Type of rule. Currently, only ALLOW rules are supported.
-
Protocol to allow.
-
Start of port range.
-
End of port range.
-
FROM -
Source.
Errors are displayed on stderr.
| Option | Definition | Required? | Example |
|---|---|---|---|
-P PROTOCOL
|
The protocol to allow. This can betcp,
udp or icmp.
This option only applies when specifying a CIDR subnet as the source.
|
Yes | -P tcp |
-p PORT_RANGE
|
The range of ports to revoke. This may be specified as a single integer or as a range (min-max). This option only applies when specifying a CIDR subnet as the source. | Yes | -p 80 |
-t ICMP_TYPE_CODE
|
If the protocol is ICMP, the ICMP type and code must be specified. This must be specified as type:code where both are integers. Type or code (or both) may be specified as -1 which acts as a wildcard. This option only applies when specifying a CIDR subnet as the source. | Yes | -t 2:5 |
-u SOURCE_GROUP_USER
|
The owner of a group specified using -o.
If this is not specified, all groups will refer to the current
user. If specified more than once, there must be exactly
one -u per -o and
each user will be mapped to the corresponding group.
|
No | -u 495219933132 |
-o SOURCE_GROUP
|
The network source from which traffic is to be revoked
specified as a security Group. See the description of the
-u parameter for group owner information.
|
No | -o outsideworld |
-s SOURCE_SUBNET
|
The network source from which traffic is to be revoked specified as a CIDR Subnet range. | No | -s 205.192.8.45/24 |
$ec2-revoke websrv -P tcp -p 80 -s 205.192.0.0/16GROUP websrv "" PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16