The RevokeSecurityGroupIngress operation
revokes existing permissions that were previously granted to a
security group. The permissions to revoke must be specified using
the same values originally used to grant the permission.
Permissions are specified in terms of the IP protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), source and destination port ranges (for TCP and UDP), and ICMP codes and types (for ICMP).
Note: | Changes are anticipated in this API that may restrict further what is allowable. Please consult the section called “Anticipated API changes” for more details. |
Permission changes are propagated to instances within the security group being modified as quickly as possible. However, a small delay is likely, depending on the number of instances that are members of the indicated group.
The following table describes the request parameters for
RevokeSecurityGroupIngress. Parameter names
are case sensitive.
| Element Name | Definition | Required? | Type |
|---|---|---|---|
userId
| AWS Access Key ID. | Yes | xsd:string |
groupName
| Name of the group to modify. | Yes | xsd:string |
ipPermissions
| Set of permissions to remove from the group. | Yes |
ec2:IpPermissionType[]
|
The following table describes the default response tags included
in RevokeSecurityGroupIngress responses.
| Element Name | Definition | Type |
|---|---|---|
return
|
true if permissions successfully
revoked.
| xsd:boolean |
<RevokeSecurityGroupIngress xmlns="http://ec2.amazonaws.com/doc/2007-01-19">
<userId/>
<groupName>RangedPortsBySource</groupName>
<ipPermissions>
<item>
<ipProtocol>tcp</ipProtocol>
<fromPort>6000</fromPort>
<toPort>7000</toPort>
<groups/>
<ipRanges/>
</item>
</ipPermissions>
</RevokeSecurityGroupIngress><RevokeSecurityGroupIngressResponse xmlns="http://ec2.amazonaws.com/doc/2007-01-19"> <return>true</return> </RevokeSecurityGroupIngressResponse>