Menu
Amazon Relational Database Service
Command Line Interface Reference (API Version 2014-10-31)

rds-revoke-db-security-group-ingress

The Amazon RDS Command Line Interface (RDS CLI) has been deprecated. Instead, use the AWS CLI for RDS. To learn how to download and use the AWS CLI, see AWS Command Line Interface User Guide. For RDS commands available in the AWS CLI, see AWS CLI Reference for Amazon RDS.

The AWS CLI does not currently support the DownloadCompleteDBLogFile REST API action. To download an entire log file at once, rather than in parts using the download-db-log-file-portion command, use the last published RDS CLI and the rds-download-db-logfile command.

Description

Revokes ingress to a DB security group for previously authorized IP ranges or Amazon EC2 security groups.

Syntax

rds-revoke-db-security-group-ingress DBSecurityGroupName

[-s (--ec2-security-group-id) ] value

[-g (--ec2-security-group-name) ] value

[-i (--cidr-ip) value ]

[-o (--ec2-security-group-owner-id) value ]

[General Options]

Options

Name Description Required

--db-security-group-name value

The name of the DB security group.

This parameter is the default parameter and can be passed as the first value in the command and without a parameter name, for example: rds-revoke-db-security-group-ingress my-db-security-group-name.

Type: String

Default: None

Example: --db-security-group-name mydbsecuritygroup

Yes

-s

--ec2-security-group-id value

Identifier of the Amazon EC2 security group to authorize.

Type: String

Default: None

Constraints: This parameter must be specified if the DB security group is for a VPC.

Example: -g myec2securitygroup

No

-g

--ec2-security-group-name value

The name of the Amazon EC2 security group.

Type: String

Default: None

Example: -g myec2securitygroup

No

-i

--cidr-ip-value value

The IP range to allow access.

Type: String

Constraints: Must be a valid Classless Inter-Domain Routing (CIDR) range, in the format ddd.ddd.ddd.ddd/dd. For more information, see CIDR Notation.

Default: None

Example: -i 192.168.100.100/0

No

-o

--ec2-security-group-owner-id value

AWS Account Number for the owner of the EC2 security group. Note that this is the account number, not the AWS Access ID.

Type: String

Default: None

Example: -o 3454903478548345

No

Output

The command returns a table with the following information:

Note

Output values list the possible values returned by CLI commands. Not all values are returned for every call to a command. If a value is null or empty, it will not be included in the command output. For example, CLI commands to create or restore a DB instance will not return the Endpoint Address value because that value is null until the DB instance has finished being created or restored.

  • Name—the security group name

  • Description—the security group description

  • EC2 Group Name—the name of the Amazon EC2 security group

  • EC2 Group Id—Identifier of the Amazon EC2 security group

  • EC2 Owner ID—the owner of the Amazon EC2 security group

  • IP Range—the CIDR range for the authorized Amazon RDS DB security group

  • Status—the status of the authorization

Examples

Authorizing Access to an Amazon EC2 Security Group

This example revokes authorization for an IP range

Copy
PROMPT> rds-revoke-db-security-group-ingress Default --cidr-ip 192.168.100.100/0

Authorizing Access to a CIDR range

This example revokes authorization for an Amazon EC2 security group.

Copy
PROMPT> rds-revoke-db-security-group-ingress Default --ec2-security-group-name secgrp --owner-id 666666666666