RevokeSecurityGroupIngress

The RevokeSecurityGroupIngress operation revokes permissions from a security group. The permissions used to revoke must be specified using the same values used to grant the permissions.

Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and UDP), and the ICMP codes and types (for ICMP).

Permission changes are quickly propagated to instances within the security group. However, depending on the number of instances in the group, a small delay is might occur, .

When revoking a user/group pair permission, GroupName, SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and CidrIp must be specified. Mixing these two types of parameters is not allowed.

Request Parameters

The following table describes the request parameters for RevokeSecurityGroupIngress. Parameter names are case sensitive.

Name	Description	Required
`GroupName`	Name of the group to modify. Type: String	Yes
`SourceSecurityGroupName`	Name of security group to revoke access to when operating on a user/group pair. Type: String Condition: Required when revoking user/group pair permission.	Conditional
`SourceSecurityGroupOwnerId`	Owner of security group to revoke access to when operating on a user/group pair. Type: String Condition: Required when revoking user/group pair permission.	Conditional
`IpProtocol`	IP protocol to revoke access to when operating on a CIDR IP. Type: String Valid Values: `tcp` \| `udp` \| `icmp` Condition: Required when revoking CIDR IP permission.	Conditional
`FromPort`	Bottom of port range to revoke access to when operating on a CIDR IP. This contains the ICMP type if ICMP is being authorized. Type: Int Condition: Required when revoking CIDR IP permission.	Conditional
`ToPort`	Top of port range to revoke access to when operating on a CIDR IP. This contains the ICMP code if ICMP is being authorized. Type: Int Condition: Required when revoking CIDR IP permission.	Conditional
`CidrIp`	CIDR IP range to revoke access to when operating on a CIDR IP. Type: String Condition: Required when revoking CIDR IP permission.	Conditional

Response Elements

The following table describes the default response tags included in RevokeSecurityGroupIngress responses.

Name Description

Name	Description
`return`	`true` if permissions successfully revoked. Type: xsd:boolean

return

true if permissions successfully revoked.

Type: xsd:boolean

Sample Request

https://ec2.amazonaws.com/
?Action=AuthorizeSecurityGroupIngress
&IpProtocol=tcp
&FromPort=80
&ToPort=80
&CidrIp=0.0.0.0/0
&...auth parameters...

Sample Response

<RevokeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2007-08-29">
  <return>true</return>
</RevokeSecurityGroupIngressResponse>

RevokeSecurityGroupIngress

Request Parameters

Response Elements

Sample Request

Sample Response

Related Operations