The RevokeSecurityGroupIngress operation revokes permissions from a security group. The
permissions used to revoke must be specified using the same values used to grant the
permissions.
Permissions are specified by IP protocol (TCP, UDP, or ICMP), the source of the request (by IP
range or an Amazon EC2 user-group pair), the source and destination port ranges (for TCP and
UDP), and the ICMP codes and types (for ICMP).
Permission changes are quickly propagated to instances within the security group. However,
depending on the number of instances in the group, a small delay might occur.
Access
Parameters
Parameter |
Type |
Required |
Description |
$opt
|
array
|
Optional
|
An associative array of parameters that can have the following keys:
GroupName - string - Optional - Name of the standard (EC2) security group to modify. The group must belong to your account. Can be used instead of GroupID for standard (EC2) security groups.GroupId - string - Optional - ID of the standard (EC2) or VPC security group to modify. The group must belong to your account. Required for VPC security groups; can be used instead of GroupName for standard (EC2) security groups.IpPermissions - array - Optional - List of IP permissions to revoke on the specified security group. For an IP permission to be removed, it must exactly match one of the IP permissions you specify in this list. Specifying permissions through IP permissions is the preferred way of revoking permissions since it offers more flexibility and control. x - array - Optional - This represents a simple array index. IpProtocol - string - Optional - The IP protocol of this permission. Valid protocol values: tcp , udp , icmp FromPort - integer - Optional - Start of port range for the TCP and UDP protocols, or an ICMP type number. An ICMP type number of -1 indicates a wildcard (i.e., any ICMP type number).ToPort - integer - Optional - End of port range for the TCP and UDP protocols, or an ICMP code. An ICMP code of -1 indicates a wildcard (i.e., any ICMP code).Groups - array - Optional - The list of AWS user IDs and groups included in this permission. x - array - Optional - This represents a simple array index. UserId - string - Optional - The AWS user ID of an account.GroupName - string - Optional - Name of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.GroupId - string - Optional - ID of the security group in the specified AWS account. Cannot be used when specifying a CIDR IP address range.
IpRanges - string|array - Optional - The list of CIDR IP ranges included in this permission. Pass a string for a single value, or an indexed array for multiple values.
curlopts - array - Optional - A set of values to pass directly into curl_setopt() , where the key is a pre-defined CURLOPT_* constant.returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests. |
Returns
Examples
Revoke security group ingress.
// Instantiate the class
$ec2 = new AmazonEC2();
$response = $ec2->revoke_security_group_ingress(array(
'GroupName' => 'default',
'IpPermissions' => array(
array( // Set 0
'IpProtocol' => 'tcp',
'FromPort' => '80',
'ToPort' => '80',
'IpRanges' => array(
array('CidrIp' => '205.192.0.0/16'), // Range 0
)
)
)
));
// Success?
var_dump($response->isOK());
Result:
bool(true)
Changelog
Version |
Description |
1.3
|
The RevokeSecurityGroupIngress operation introduced backwards-incompatible changes in the 2011-01-01 API release. The GroupName parameter is no longer required. Instead GroupName or GroupId are conditionally required. |
Related Methods
Source
Method defined in services/ec2.class.php | Toggle source view (15 lines) | View on GitHub
public function revoke_security_group_ingress($opt = null)
{
if (!$opt) $opt = array();
// Optional list + map
if (isset($opt['IpPermissions']))
{
$opt = array_merge($opt, CFComplexType::map(array(
'IpPermissions' => $opt['IpPermissions']
)));
unset($opt['IpPermissions']);
}
return $this->authenticate('RevokeSecurityGroupIngress', $opt);
}