This action applies only to security groups in a VPC. It doesn’t work with EC2 security groups.
For information about Amazon Virtual Private Cloud and VPC security groups, go to the Amazon
Virtual Private Cloud User Guide.
The action removes one or more egress rules from a VPC security group. The values that you
specify in the revoke request (e.g., ports, etc.) must match the existing rule’s values in
order for the rule to be revoked.
Each rule consists of the protocol, and the CIDR range or destination security group. For the
TCP and UDP protocols, you must also specify the destination port or range of ports. For the
ICMP protocol, you must also specify the ICMP type and code.
Rule changes are propagated to instances within the security group as quickly as possible.
However, a small delay might occur.
Access
Parameters
Parameter |
Type |
Required |
Description |
$group_id
|
string
|
Required
|
ID of the VPC security group to modify. |
$opt
|
array
|
Optional
|
An associative array of parameters that can have the following keys:
IpPermissions - array - Optional - List of IP permissions to authorize on the specified security group. Specifying permissions through IP permissions is the preferred way of authorizing permissions since it offers more flexibility and control. x - array - Optional - This represents a simple array index. IpProtocol - string - Optional - The IP protocol of this permission. Valid protocol values: tcp , udp , icmp FromPort - integer - Optional - Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).ToPort - integer - Optional - End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).Groups - array - Optional - The list of AWS user IDs and groups included in this permission. x - array - Optional - This represents a simple array index. UserId - string - Optional - The AWS user ID of an account.GroupName - string - Optional - Name of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.GroupId - string - Optional - ID of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.
IpRanges - string|array - Optional - The list of CIDR IP ranges included in this permission. Pass a string for a single value, or an indexed array for multiple values.
curlopts - array - Optional - A set of values to pass directly into curl_setopt() , where the key is a pre-defined CURLOPT_* constant.returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests. |
Returns
Examples
Revoke Security Group Egress
// Instantiate the class
$ec2 = new AmazonEC2();
$response = $ec2->revoke_security_group_egress('sg-830d1eef', array(
'IpPermissions' => array(
array( // Set 0
'IpProtocol' => 'tcp',
'FromPort' => '80',
'ToPort' => '80',
'IpRanges' => array(
array('CidrIp' => '205.192.0.0/16'), // Range 0
)
)
)
));
// Success?
var_dump($response->isOK());
Result:
bool(true)
Related Methods
Source
Method defined in services/ec2.class.php | Toggle source view (16 lines) | View on GitHub
public function revoke_security_group_egress($group_id, $opt = null)
{
if (!$opt) $opt = array();
$opt['GroupId'] = $group_id;
// Optional list + map
if (isset($opt['IpPermissions']))
{
$opt = array_merge($opt, CFComplexType::map(array(
'IpPermissions' => $opt['IpPermissions']
)));
unset($opt['IpPermissions']);
}
return $this->authenticate('RevokeSecurityGroupEgress', $opt);
}