Revoke Security Group Ingress operation

The Revoke Security Group Ingress operation enables you to revoke permissions from the specified security group. While revoking permissions, you must use the same values specified for granting the permissions.
 The permissions for a security group are specified by:

  • IP protocol—TCP, UDP, or ICMP
  • Source of the request—IP range or an Amazon EC2 user-group pair
  • Source and destination port ranges for TCP and UDP

  • Codes and types for ICMP

    The following figure shows the sample <items> XML element for the Revoke Security Group Ingress operation. 

    Sample <items> XML element for the Revoke Security Group Ingress operation

    <items>
    <item>
    <parameters>
    <user-id></user-id>
    <group-name></group-name>
    <ip-permissions>
    <!--Zero or more repetition-->
    <item>
    <ip-protocol></ip-protocol>
    <from-port></from-port>
    <to-port></to-port>
    <groups>
    <!--Zero or more repetition-->
    <item>
    <user-id></user-id>
    <group-name></group-name>
    </item>
    </groups>
    <ip-ranges>
    <!--Zero or more repetition-->
    <item>
    <cidr-ip></cidr-ip>
    </item>
    </ip-ranges>
    </item>
    </ip-permissions>
    </parameters>
    </item>
    </items>

    The following table shows the adapter request elements for the Revoke Security Group Ingress operation.

    Adapter request elements for the Revoke Security Group Ingress operation

    The [confluence_table-plus] macro is a standalone macro and it cannot be used inline.
    The following figure shows a sample adapter request for the Revoke Security Group Ingress operation. 

Sample adapter request for the Revoke Security Group Ingress operation

<amazon-ec2-request>
   <wsdl-location>http://ec2.amazonaws.com/doc/2009-11-30/
   </wsdl-location>
   <endpoint-address>http://us-east-1.ec2.amazonaws.com/</endpoint-address>
   <signature-properties mode = "key-files">
   <private-key-file>C:\Security\pk-MJ5GIUNLM2XJ3VRJSYTKOFDWILELDQHB.PEM</private-key-file>
   <certificate-file>C:\Security\cert-MJ5GIUNLM2XJ3VRJSYTKOFDWILELDQHB.PEM</certificate-file>
   </signature-properties>
   <operation-name>revoke-security-group-ingress</operation-name>
   <parameters>
<user-id>AKIAJC5TEHAOKCDCZQ</user-id>
<group-name>test1</group-name>
<ip-permissions>
<item>
<ip-protocol>tcp</ip-protocol>
<from-port>80</from-port>
<to-port>80</to-port>
<groups>
<item>
<user-id>122872856587</user-id>
<group-name>sec1</group-name>
</item>
</groups>
<ip-ranges/>
</item>
<item>
<ip-protocol>tcp</ip-protocol>
<from-port>10</from-port>
<to-port>100</to-port>
<ip-ranges>
<item>
<cidr-ip>205.192.0.0/16</cidr-ip>
</item>
<item>
<cidr-ip>205.10.10.0/8</cidr-ip>
</item>
</ip-ranges>
</item>
</ip-permissions>
</parameters>
</amazon-ec2-request>

The following figure shows the response for the sample adapter request for the Revoke Security Group Ingress operation. 

Sample adapter response for the Revoke Security Group Ingress operation

<amazon-ec2-response>
<metadata>
<status>success</status>
</metadata>
<RevokeSecurityGroupIngressResponse>
<requestId>9f5082d8-a54c-4ca3-833d-e19e5b6e4eae</requestId>
<return>true</return>
</RevokeSecurityGroupIngressResponse>
</amazon-ec2-response>

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*