RevokeSecurityGroupIngress

Amazon Elastic Compute Cloud: 2008-02-01

previous page next page

RevokeSecurityGroupIngress

The RevokeSecurityGroupIngress operation revokes permissions from a security group. The permissions used to revoke must be specified using the same values used to grant the permissions.

Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP).

Permission changes are quickly propagated to instances within the security group. However, depending on the number of instances in the group, a small delay is might occur, .

When revoking a user/group pair permission, GroupName, SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and CidrIp must be specified. Mixing these two types of parameters is not allowed.

Request Parameters

The following table describes the request parameters for RevokeSecurityGroupIngress. Parameter names are case sensitive.

Name Description Required

GroupName

Name of the group to modify.

Type: String

Yes

SourceSecurityGroupName

Name of security group to revoke access to when operating on a user/group pair.

Type: String

Condition: Required when revoking user/group pair permission.

Conditional

SourceSecurityGroupOwnerId

Owner of security group to revoke access to when operating on a user/group pair.

Type: String

Condition: Required when revoking user/group pair permission.

Conditional

IpProtocol

IP protocol to revoke access to when operating on a CIDR IP.

Type: String

Valid Values: tcp | udp | icmp

Condition: Required when revoking CIDR IP permission.

Conditional

FromPort

Bottom of port range to revoke access to when operating on a CIDR IP. This contains the ICMP type if ICMP is being authorized.

Type: Int

Condition: Required when revoking CIDR IP permission.

Conditional

ToPort

Top of port range to revoke access to when operating on a CIDR IP. This contains the ICMP code if ICMP is being authorized.

Type: Int

Condition: Required when revoking CIDR IP permission.

Conditional

CidrIp

CIDR IP range to revoke access to when operating on a CIDR IP.

Type: String

Condition: Required when revoking CIDR IP permission.

Conditional

Response Elements

The following table describes the default response tags included in RevokeSecurityGroupIngress responses.

Name Description

return

true if permissions successfully revoked.

Type: xsd:boolean

Sample Request 

https://ec2.amazonaws.com/
?Action=AuthorizeSecurityGroupIngress
&IpProtocol=tcp
&FromPort=80
&ToPort=80
&CidrIp=0.0.0.0/0
&...auth parameters...

Sample Response 

<RevokeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2008-02-01">
  <return>true</return>
</RevokeSecurityGroupIngressResponse>

Related Operations

previous page start next page