| « PreviousNext » | |
  | Did this page help you? Yes | No | Tell us about it... |
RevokeSecurityGroupEgress
Description
Removes one or more egress rules from a security group for EC2-VPC. The values that you specify in the revoke request (for example, ports) must match the existing rule's values for the rule to be revoked.
Each rule consists of the protocol and the CIDR range or destination security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code.
Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
For more information, see Security Groups in the Amazon Virtual Private Cloud User Guide.
Request Parameters
GroupIdThe ID of the security group to modify.
Type: String
Default: None
Required: Yes
IpPermissions.n.IpProtocolThe IP protocol name or number (see Protocol Numbers).
When you call
DescribeSecurityGroups, the protocol value returned is the number. Exception: For TCP, UDP, and ICMP, the value returned is the name (for example,tcp,udp, oricmp).Type: String
Valid values:
tcp|udp|icmpor any protocol number (see Protocol Numbers). Use-1to specify all.Required: Yes
IpPermissions.n.FromPortThe start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, you can use -1 to specify all ICMP types.
Type: Integer
Default: None
Required: Conditional
Condition: Required for ICMP and any protocol that uses ports
IpPermissions.n.ToPortThe end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, you can use -1 to specify all ICMP codes for the given ICMP type.
Type: Integer
Default: None
Required: Conditional
Condition: Required for ICMP and any protocol that uses ports
IpPermissions.n.Groups.m.GroupIdThe name of the destination security group. Cannot be used when specifying a CIDR IP address.
Type: String
Default: None
Condition: Required if modifying access for one or more destination security groups.
Required: Conditional
IpPermissions.n.IpRanges.m.CidrIpThe CIDR range. Cannot be used when specifying a destination security group.
Type: String
Default: None
Constraints: Valid CIDR IP address range.
Required: Conditional
Condition: Required if modifying access for one or more IP address ranges.
Response Elements
The following elements are returned in a
RevokeSecurityGroupEgressResponse element.
requestIdThe ID of the request.
Type: xsd:string
returnReturns
trueif the request succeeds. Otherwise, returns an error.Type: xsd:boolean
Examples
Example Request
This example revokes the access that the websrv security group for EC-VPC (with ID
sg-1a2b3c4d) has to the 205.192.0.0/16 and 205.159.0.0/16 address ranges on TCP
port 80.
https://ec2.amazonaws.com/?Action=RevokeSecurityGroupEgress &GroupName=websrv &GroupName=sg-1a2b3c4d &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=80 &IpPermissions.1.ToPort=80 &IpPermissions.1.IpRanges.1.CidrIp=205.192.0.0/16 &IpPermissions.1.IpRanges.2.CidrIp=205.159.0.0/16 &AUTHPARAMS
Example Request
This example revokes the access that the security group for EC2-VPC (with ID sg-1a2b3c4d) has to the security group for EC2-VPC with ID sg-9a8d7f5c on TCP port 1433.
https://ec2.amazonaws.com/?Action=RevokeSecurityGroupEgress &GroupId=sg-1a2b3c4d &IpPermissions.1.IpProtocol=tcp &IpPermissions.1.FromPort=1433 &IpPermissions.1.ToPort=1433 &IpPermissions.1.Groups.1.GroupId=sg-9a8d7f5c &AUTHPARAMS
Example Response
<RevokeSecurityGroupEgressResponse xmlns="http://ec2.amazonaws.com/doc/2013-02-01/"> <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> <return>true</return> </RevokeSecurityGroupEgressResponse>
