Use RevokeSecurityGroupEgress with a CLI - AWS SDK Code Examples

There are more AWS SDK examples available in the AWS Doc SDK Examples GitHub repo.

Use RevokeSecurityGroupEgress with a CLI

The following code examples show how to use RevokeSecurityGroupEgress.

CLI
AWS CLI

Example 1: To remove the rule that allows outbound traffic to a specific address range

The following revoke-security-group-egress example command removes the rule that grants access to the specified address ranges on TCP port 80.

aws ec2 revoke-security-group-egress \ --group-id sg-026c12253ce15eff7 \ --ip-permissions [{IpProtocol=tcp,FromPort=80,ToPort=80,IpRanges=[{CidrIp=10.0.0.0/16}]

This command produces no output.

For more information, see Security groups in the Amazon EC2 User Guide.

Example 2: To remove the rule that allows outbound traffic to a specific security group

The following revoke-security-group-egress example command removes the rule that grants access to the specified security group on TCP port 80.

aws ec2 revoke-security-group-egress \ --group-id sg-026c12253ce15eff7 \ --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 443, "ToPort": 443,"UserIdGroupPairs": [{"GroupId": "sg-06df23a01ff2df86d"}]}]'

This command produces no output.

For more information, see Security groups in the Amazon EC2 User Guide.

PowerShell
Tools for PowerShell

Example 1: This example removes the rule for the specified security group for EC2-VPC. This revokes access to the specified IP address range on TCP port 80. The syntax used by this example requires PowerShell version 3 or higher.

$ip = @{ IpProtocol="tcp"; FromPort="80"; ToPort="80"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupEgress -GroupId sg-12345678 -IpPermission $ip

Example 2: With PowerShell version 2, you must use New-Object to create the IpPermission object.

$ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 80 $ip.ToPort = 80 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupEgress -GroupId sg-12345678 -IpPermission $ip

Example 3: This example revokes access to the specified source security group on TCP port 80.

$ug = New-Object Amazon.EC2.Model.UserIdGroupPair $ug.GroupId = "sg-1a2b3c4d" $ug.UserId = "123456789012" Revoke-EC2SecurityGroupEgress -GroupId sg-12345678 -IpPermission @( @{ IpProtocol="tcp"; FromPort="80"; ToPort="80"; UserIdGroupPairs=$ug } )