Menu
Amazon Elastic Compute Cloud
API Reference (API Version 2016-11-15)

RevokeSecurityGroupEgress

[EC2-VPC only] Removes one or more egress rules from a security group for EC2-VPC. This action doesn't apply to security groups for use in EC2-Classic. The values that you specify in the revoke request (for example, ports) must match the existing rule's values for the rule to be revoked.

Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

Request Parameters

The following parameters are for this specific action. For more information about required and optional parameters that are common to all actions, see Common Query Parameters.

CidrIp

The CIDR IP address range. We recommend that you specify the CIDR range in a set of IP permissions instead.

Type: String

Required: No

DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Type: Boolean

Required: No

FromPort

The start of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

Type: Integer

Required: No

GroupId

The ID of the security group.

Type: String

Required: Yes

IpPermissions.N

A set of IP permissions. You can't specify a destination security group and a CIDR IP address range.

Type: Array of IpPermission objects

Required: No

IpProtocol

The IP protocol name or number. We recommend that you specify the protocol in a set of IP permissions instead.

Type: String

Required: No

SourceSecurityGroupName

The name of a destination security group. To revoke outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

Type: String

Required: No

SourceSecurityGroupOwnerId

The AWS account number for a destination security group. To revoke outbound access to a destination security group, we recommend that you use a set of IP permissions instead.

Type: String

Required: No

ToPort

The end of port range for the TCP and UDP protocols, or an ICMP type number. We recommend that you specify the port range in a set of IP permissions instead.

Type: Integer

Required: No

Response Elements

The following elements are returned by the service.

requestId

The ID of the request.

Type: String

return

Is true if the request succeeds, and an error otherwise.

Type: Boolean

Errors

For information about the errors that are common to all actions, see Common Errors.

Examples

Example 1

This example revokes the access that the specified security group has to the 205.192.0.0/16 and 205.159.0.0/16 IPv4 address ranges on TCP port 80.

Sample Request

Copy
https://ec2.amazonaws.com/?Action=RevokeSecurityGroupEgress &GroupId=sg-1a2b3c4d &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=80 &IpPermissions.1.ToPort=80 &IpPermissions.1.IpRanges.1.CidrIp=205.192.0.0/16 &IpPermissions.1.IpRanges.2.CidrIp=205.159.0.0/16 &AUTHPARAMS

Example 2

This example revokes the access that the specified security group has to the security group with the ID sg-9a8d7f5c on TCP port 1433.

Sample Request

Copy
https://ec2.amazonaws.com/?Action=RevokeSecurityGroupEgress &GroupId=sg-1a2b3c4d &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=1433 &IpPermissions.1.ToPort=1433 &IpPermissions.1.Groups.1.GroupId=sg-9a8d7f5c &AUTHPARAMS

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: