Prev Next

ec2-revoke

SYNOPSIS

ec2-revoke GROUP [-P PROTOCOL] (-p PORT_RANGE | -t ICMP_TYPE_CODE) [-u SOURCE_GROUP_USER ...] [-o SOURCE_GROUP ...] [-s SOURCE_SUBNET ...]

DESCRIPTION

Revokes a rule from the security group named GROUP. To identify the rule to be removed you must provide exactly the same set of options used to create that rule.

OUTPUT

A table containing the following information is returned:

Errors are displayed on stderr.

OPTIONS

OptionDefinitionRequired?Example
-P PROTOCOLThe protocol to allow. This can betcp, udp or icmp. This option only applies when specifying a CIDR subnet as the source. Yes-P tcp
-p PORT_RANGEThe range of ports to revoke. This may be specified as a single integer or as a range (min-max). This option only applies when specifying a CIDR subnet as the source. Yes-p 80
-t ICMP_TYPE_CODEIf the protocol is ICMP, the ICMP type and code must be specified. This must be specified as type:code where both are integers. Type or code (or both) may be specified as -1 which acts as a wildcard. This option only applies when specifying a CIDR subnet as the source. Yes-t 2:5
-u SOURCE_GROUP_USERThe owner of a group specified using -o. If this is not specified, all groups will refer to the current user. If specified more than once, there must be exactly one -u per -o and each user will be mapped to the corresponding group. No-u 495219933132
-o SOURCE_GROUPThe network source from which traffic is to be revoked specified as a security Group. See the description of the -u parameter for group owner information. No-o outsideworld
-s SOURCE_SUBNETThe network source from which traffic is to be revoked specified as a CIDR Subnet range. No-s 205.192.8.45/24

EXAMPLE

$ ec2-revoke websrv -P tcp -p 80 -s 205.192.0.0/16
GROUP websrv ""
PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16

SEE ALSO

Prev Next