revoke_security_group_egress ( $group_id, $opt )

This action applies only to security groups in a VPC. It doesn’t work with EC2 security groups. For information about Amazon Virtual Private Cloud and VPC security groups, go to the Amazon Virtual Private Cloud User Guide.

The action removes one or more egress rules from a VPC security group. The values that you specify in the revoke request (e.g., ports, etc.) must match the existing rule’s values in order for the rule to be revoked.

Each rule consists of the protocol, and the CIDR range or destination security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

Access

public

Parameters

Parameter

Type

Required

Description

$group_id

string

Required

ID of the VPC security group to modify.

$opt

array

Optional

An associative array of parameters that can have the following keys:

  • IpPermissions - array - Optional - List of IP permissions to authorize on the specified security group. Specifying permissions through IP permissions is the preferred way of authorizing permissions since it offers more flexibility and control.
    • x - array - Optional - This represents a simple array index.
      • IpProtocol - string - Optional - The IP protocol of this permission. Valid protocol values: tcp, udp, icmp
      • FromPort - integer - Optional - Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).
      • ToPort - integer - Optional - End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).
      • Groups - array - Optional - The list of AWS user IDs and groups included in this permission.
        • x - array - Optional - This represents a simple array index.
          • UserId - string - Optional - The AWS user ID of an account.
          • GroupName - string - Optional - Name of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.
          • GroupId - string - Optional - ID of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.
      • IpRanges - string|array - Optional - The list of CIDR IP ranges included in this permission. Pass a string for a single value, or an indexed array for multiple values.
  • curlopts - array - Optional - A set of values to pass directly into curl_setopt(), where the key is a pre-defined CURLOPT_* constant.
  • returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.

Returns

Type

Description

CFResponse

A CFResponse object containing a parsed HTTP response.

Examples

Revoke Security Group Egress

// Instantiate the class
$ec2 = new AmazonEC2();

$response = $ec2->revoke_security_group_egress('sg-830d1eef', array(
	'IpPermissions' => array(
		array( // Set 0
			'IpProtocol' => 'tcp',
			'FromPort' => '80',
			'ToPort' => '80',
			'IpRanges' => array(
				array('CidrIp' => '205.192.0.0/16'), // Range 0
			)
		)
	)
));

// Success?
var_dump($response->isOK());
Result:
bool(true)

Related Methods

Source

Method defined in services/ec2.class.php | Toggle source view (16 lines) | View on GitHub

public function revoke_security_group_egress($group_id, $opt = null)
{
    if (!$opt) $opt = array();
    $opt['GroupId'] = $group_id;
    
    // Optional list + map
    if (isset($opt['IpPermissions']))
    {
        $opt = array_merge($opt, CFComplexType::map(array(
            'IpPermissions' => $opt['IpPermissions']
        )));
        unset($opt['IpPermissions']);
    }

    return $this->authenticate('RevokeSecurityGroupEgress', $opt);
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback