Amazon Redshift
API Reference (API Version 2012-12-01)


Revokes an ingress rule in an Amazon Redshift security group for a previously authorized IP range or Amazon EC2 security group. To add an ingress rule, see AuthorizeClusterSecurityGroupIngress. For information about managing security groups, go to Amazon Redshift Cluster Security Groups in the Amazon Redshift Cluster Management Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.


The name of the security Group from which to revoke the ingress rule.

Type: String

Required: Yes


The IP range for which to revoke access. This range must be a valid Classless Inter-Domain Routing (CIDR) block of IP addresses. If CIDRIP is specified, EC2SecurityGroupName and EC2SecurityGroupOwnerId cannot be provided.

Type: String

Required: No


The name of the EC2 Security Group whose access is to be revoked. If EC2SecurityGroupName is specified, EC2SecurityGroupOwnerId must also be provided and CIDRIP cannot be provided.

Type: String

Required: No


The AWS account number of the owner of the security group specified in the EC2SecurityGroupName parameter. The AWS access key ID is not an acceptable value. If EC2SecurityGroupOwnerId is specified, EC2SecurityGroupName must also be provided. and CIDRIP cannot be provided.

Example: 111122223333

Type: String

Required: No

Response Elements

The following element is returned by the service.


Describes a security group.

Type: ClusterSecurityGroup object


For information about the errors that are common to all actions, see Common Errors.


The specified CIDR IP range or EC2 security group is not authorized for the specified cluster security group.

HTTP Status Code: 404


The cluster security group name does not refer to an existing cluster security group.

HTTP Status Code: 404


The state of the cluster security group is not available.

HTTP Status Code: 400


Sample Request ?Action=RevokeClusterSecurityGroupIngress &ClusterSecurityGroupName=securitygroup1 &CIDRIP= &Version=2012-12-01 &x-amz-algorithm=AWS4-HMAC-SHA256 &x-amz-credential=AKIAIOSFODNN7EXAMPLE/20130123/us-east-1/redshift/aws4_request &x-amz-date=20130123T021606Z &x-amz-signedheaders=content-type;host;x-amz-date

Sample Response

<RevokeClusterSecurityGroupIngressResponse xmlns=""> <RevokeClusterSecurityGroupIngressResult> <ClusterSecurityGroup> <EC2SecurityGroups/> <IPRanges/> <Description>my security group</Description> <ClusterSecurityGroupName>securitygroup1</ClusterSecurityGroupName> </ClusterSecurityGroup> </RevokeClusterSecurityGroupIngressResult> <ResponseMetadata> <RequestId>d8eff363-6502-11e2-a8da-655adc216806</RequestId> </ResponseMetadata> </RevokeClusterSecurityGroupIngressResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: