RevokeSecurityGroupIngress
The RevokeSecurityGroupIngress
operation
revokes permissions from a security group. The permissions used
to revoke must be specified using the same values used
to grant the permissions.
Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP).
Permission changes are quickly propagated to instances within the security group. However, depending on the number of instances in the group, a small delay is might occur, .
When revoking a user/group pair permission, GroupName
,
SourceSecurityGroupName
and
SourceSecurityGroupOwnerId
must be specified. When
authorizing a CIDR IP permission, GroupName
, IpProtocol
,
FromPort
, ToPort
and CidrIp
must be
specified. Mixing these two types of parameters is not allowed.
Request Parameters
The following table describes the request parameters for
RevokeSecurityGroupIngress
. Parameter names
are case sensitive.
Name | Description | Required |
---|---|---|
|
Name of the group to modify. Type: String |
Yes |
|
Name of security group to revoke access to when operating on a user/group pair. Type: String Condition: Required when revoking user/group pair permission. |
Conditional |
|
Owner of security group to revoke access to when operating on a user/group pair. Type: String Condition: Required when revoking user/group pair permission. |
Conditional |
|
IP protocol to revoke access to when operating on a CIDR IP. Type: String Valid Values: Condition: Required when revoking CIDR IP permission. |
Conditional |
|
Bottom of port range to revoke access to when operating on a CIDR IP. This contains the ICMP type if ICMP is being authorized. Type: Int Condition: Required when revoking CIDR IP permission. |
Conditional |
|
Top of port range to revoke access to when operating on a CIDR IP. This contains the ICMP code if ICMP is being authorized. Type: Int Condition: Required when revoking CIDR IP permission. |
Conditional |
|
CIDR IP range to revoke access to when operating on a CIDR IP. Type: String Condition: Required when revoking CIDR IP permission. |
Conditional |
Response Elements
The following table describes the default response tags included
in RevokeSecurityGroupIngress
responses.
Name | Description |
---|---|
|
Type: xsd:boolean |
Sample Request
https://ec2.amazonaws.com/ ?Action=AuthorizeSecurityGroupIngress &IpProtocol=tcp &FromPort=80 &ToPort=80 &CidrIp=0.0.0.0/0 &...auth parameters...
Sample Response
<RevokeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2008-12-01"> <return>true</return> </RevokeSecurityGroupIngressResponse>