 | Feedback |  |
ec2-revoke
group
[-P protocol]
(-p port_range | -t icmp_type_code)
[-u source_group_user ...]
[-o source_group ...]
[-s source_subnet ...]
Revokes a rule from the security group named GROUP. To identify the rule to be removed you must provide exactly the same set of options used to create that rule (see ec2-add-group).
| Option | Description | Required |
|---|---|---|
| The group to which this rule will apply. Example: | Yes |
| The protocol to revoke. Condition: Applies when specifying a CIDR subnet as the source. Valid Values: Example: | Yes |
| For the TCP or UDP protocols, this specifies the range of ports to revoke. You specify a single integer or a range (min-max). Condition: Applies when specifying a CIDR subnet as the source. Example: | Yes |
| For the ICMP protocol, you must specify the ICMP type
and code. Use the type:code format, where both are
integers. To specify a wildcard for either or both, enter Condition: Applies when specifying a CIDR subnet as the source. Example: | Yes |
| The owner of a group specified using Example: | No |
| The network source from which traffic will be revoked
specified as a security Group. See the description of the
Example: | No |
| The network source from which traffic is to be revoked specified as a CIDR subnet range. Example: | No |
A table containing the following information is returned:
Output type identifier ("GROUP", "PERMISSION")
Group name. Currently, this will report an empty string
Type of rule. Currently, only ALLOW rules are supported
Protocol to allow
Start of port range
End of port range
FROM
Source
Amazon EC2 displays errors on stderr.
This example revokes TCP port 80 access from the
205.192.0.0/16 address range for the websrv
security group.
$ec2-revoke websrv -P tcp -p 80 -s 205.192.0.0/16GROUP websrv "" PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16
