RevokeClusterSecurityGroupIngress - Amazon Redshift
Request ParametersResponse ElementsErrorsExamplesSee Also

RevokeClusterSecurityGroupIngress

Revokes an ingress rule in an Amazon Redshift security group for a previously authorized IP range or Amazon EC2 security group. To add an ingress rule, see AuthorizeClusterSecurityGroupIngress. For information about managing security groups, go to Amazon Redshift Cluster Security Groups in the Amazon Redshift Cluster Management Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

ClusterSecurityGroupName

The name of the security Group from which to revoke the ingress rule.

Type: String

Length Constraints: Maximum length of 2147483647.

Required: Yes

CIDRIP

The IP range for which to revoke access. This range must be a valid Classless Inter-Domain Routing (CIDR) block of IP addresses. If CIDRIP is specified, EC2SecurityGroupName and EC2SecurityGroupOwnerId cannot be provided.

Type: String

Length Constraints: Maximum length of 2147483647.

Required: No

EC2SecurityGroupName

The name of the EC2 Security Group whose access is to be revoked. If EC2SecurityGroupName is specified, EC2SecurityGroupOwnerId must also be provided and CIDRIP cannot be provided.

Type: String

Length Constraints: Maximum length of 2147483647.

Required: No

EC2SecurityGroupOwnerId

The AWS account number of the owner of the security group specified in the EC2SecurityGroupName parameter. The AWS access key ID is not an acceptable value. If EC2SecurityGroupOwnerId is specified, EC2SecurityGroupName must also be provided. and CIDRIP cannot be provided.

Example: 111122223333

Type: String

Length Constraints: Maximum length of 2147483647.

Required: No

Response Elements

The following element is returned by the service.

ClusterSecurityGroup

Describes a security group.

Type: ClusterSecurityGroup object

Errors

For information about the errors that are common to all actions, see Common Errors.

AuthorizationNotFound

The specified CIDR IP range or EC2 security group is not authorized for the specified cluster security group.

HTTP Status Code: 404

ClusterSecurityGroupNotFound

The cluster security group name does not refer to an existing cluster security group.

HTTP Status Code: 404

InvalidClusterSecurityGroupState

The state of the cluster security group is not available.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of RevokeClusterSecurityGroupIngress.

Sample Request

https://redshift.us-east-2.amazonaws.com/
    ?Action=RevokeClusterSecurityGroupIngress
    &ClusterSecurityGroupName=securitygroup1
    &CIDRIP=192.168.40.3/32
    &Version=2012-12-01
    &x-amz-algorithm=AWS4-HMAC-SHA256
    &x-amz-credential=AKIAIOSFODNN7EXAMPLE/20130123/us-east-2/redshift/aws4_request
    &x-amz-date=20130123T021606Z
    &x-amz-signedheaders=content-type;host;x-amz-date

Sample Response

<RevokeClusterSecurityGroupIngressResponse xmlns="http://redshift.amazonaws.com/doc/2012-12-01/">
  <RevokeClusterSecurityGroupIngressResult>
    <ClusterSecurityGroup>
      <EC2SecurityGroups/>
      <IPRanges/>
      <Description>my security group</Description>
      <ClusterSecurityGroupName>securitygroup1</ClusterSecurityGroupName>
    </ClusterSecurityGroup>
  </RevokeClusterSecurityGroupIngressResult>
  <ResponseMetadata>
    <RequestId>d8eff363-6502-11e2-a8da-655adc216806</RequestId>
  </ResponseMetadata>
</RevokeClusterSecurityGroupIngressResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: