RevokeDBSecurityGroupIngress - Amazon Relational Database Service

Description

Revokes ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC Security Groups. Required parameters for this API are one of CIDRIP, EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId).

Request Parameters

For information about the common parameters that all actions use, see Common Query Parameters.

Name	Description	Required
`CIDRIP`	The IP range to revoke access from. Must be a valid CIDR range. If `CIDRIP` is specified, `EC2SecurityGroupName`, `EC2SecurityGroupId` and `EC2SecurityGroupOwnerId` cannot be provided. Type: String	No
`DBSecurityGroupName`	The name of the DB Security Group to revoke ingress from. Type: String	Yes
`EC2SecurityGroupId`	The id of the EC2 Security Group to revoke access from. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided. Type: String	No
`EC2SecurityGroupName`	The name of the EC2 Security Group to revoke access from. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided. Type: String	No
`EC2SecurityGroupOwnerId`	The AWS Account Number of the owner of the EC2 security group specified in the `EC2SecurityGroupName` parameter. The AWS Access Key ID is not an acceptable value. For VPC DB Security Groups, `EC2SecurityGroupId` must be provided. Otherwise, EC2SecurityGroupOwnerId and either `EC2SecurityGroupName` or `EC2SecurityGroupId` must be provided. Type: String	No

Response Elements

The following elements come wrapped in a DBSecurityGroup structure.

Name	Description
`DBSecurityGroupDescription`	Provides the description of the DB Security Group. Type: String
`DBSecurityGroupName`	Specifies the name of the DB Security Group. Type: String
`EC2SecurityGroups`	Contains a list of EC2SecurityGroup elements. Type: EC2SecurityGroup list
`IPRanges`	Contains a list of IPRange elements. Type: IPRange list
`OwnerId`	Provides the AWS ID of the owner of a specific DB Security Group. Type: String
`VpcId`	Provides the VpcId of the DB Security Group. Type: String

Errors

For information about the common errors that all actions use, see Common Errors.

Error	Description	HTTP Status Code
`AuthorizationNotFound`	Specified CIDRIP or EC2 security group is not authorized for the specified DB Security Group.	404
`DBSecurityGroupNotFound`	DBSecurityGroupName does not refer to an existing DB Security Group.	404
`InvalidDBSecurityGroupState`	The state of the DB Security Group does not allow deletion.	400

Examples

Sample Request

https://rds.amazonaws.com/
    ?Action=RevokeDBSecurityGroupIngress
    &DBSecurityGroupName=mydbsecuritygroup
    &CIDRIP=192.168.1.1%2F24
    &Version=2012-04-23
    &SignatureVersion=2&SignatureMethod=HmacSHA256
    &Timestamp=2011-02-15T22%3A32%3A12.515Z
    &AWSAccessKeyId=<AWS Access Key ID>
    &Signature=<Signature>

Sample Response

<RevokeDBSecurityGroupIngressResponse xmlns="http://rds.amazonaws.com/doc/2012-04-23/">
  <RevokeDBSecurityGroupIngressResult>
    <DBSecurityGroup>
      <EC2SecurityGroups/>
      <DBSecurityGroupDescription>My new DBSecurityGroup</DBSecurityGroupDescription>
      <IPRanges>
        <IPRange>
          <CIDRIP>192.168.1.1/24</CIDRIP>
          <Status>revoking</Status>
        </IPRange>
      </IPRanges>
      <OwnerId>621567473609</OwnerId>
      <DBSecurityGroupName>mydbsecuritygroup</DBSecurityGroupName>
      <VpcId>vpc-1ab2c3d4</VpcId>
    </DBSecurityGroup>
  </RevokeDBSecurityGroupIngressResult>
  <ResponseMetadata>
    <RequestId>beecb8ac-bf5a-11de-9f9f-53d6aee22de9</RequestId>
  </ResponseMetadata>
</RevokeDBSecurityGroupIngressResponse>