RevokeSecurityGroupIngress
The RevokeSecurityGroupIngress
operation
revokes permissions from a security group. The permissions used
to revoke must be specified using the same values used
to grant the permissions.
Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP).
Permission changes are quickly propagated to instances within the security group. However, depending on the number of instances in the group, a small delay is might occur, .
The following table describes the request parameters for
RevokeSecurityGroupIngress
. Parameter names
are case sensitive.
Name | Description | Required |
---|---|---|
|
AWS Access Key ID. Type: xsd:string |
Yes |
|
Name of the group to modify. Type: xsd:string |
Yes |
|
Set of permissions to remove from the group. Type: ec2:IpPermissionType[] |
Yes |
The following table describes the default response tags included
in RevokeSecurityGroupIngress
responses.
Name | Description |
---|---|
|
Type: xsd:boolean |
<RevokeSecurityGroupIngress xmlns="http://ec2.amazonaws.com/doc/2007-08-29"> <userId/> <groupName>RangedPortsBySource</groupName> <ipPermissions> <item> <ipProtocol>tcp</ipProtocol> <fromPort>6000</fromPort> <toPort>7000</toPort> <groups/> <ipRanges/> </item> </ipPermissions> </RevokeSecurityGroupIngress>
<RevokeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2007-08-29"> <return>true</return> </RevokeSecurityGroupIngressResponse>