There are more AWS SDK examples available in the AWS Doc SDK Examples
Use RevokeSecurityGroupIngress with a CLI
The following code examples show how to use RevokeSecurityGroupIngress.
- CLI
-
- AWS CLI
-
Example 1: To remove a rule from a security group
The following
revoke-security-group-ingressexample removes TCP port 22 access for the203.0.113.0/24address range from the specified security group for a default VPC.aws ec2 revoke-security-group-ingress \ --group-namemySecurityGroup--protocoltcp\ --port22\ --cidr203.0.113.0/24This command produces no output if it succeeds.
For more information, see Security groups in the Amazon EC2 User Guide.
Example 2: To remove a rule using the IP permissions set
The following
revoke-security-group-ingressexample uses theip-permissionsparameter to remove an inbound rule that allows the ICMP messageDestination Unreachable: Fragmentation Needed and Don't Fragment was Set(Type 3, Code 4).aws ec2 revoke-security-group-ingress \ --group-idsg-026c12253ce15eff7\ --ip-permissionsIpProtocol=icmp,FromPort=3,ToPort=4,IpRanges=[{CidrIp=0.0.0.0/0}]This command produces no output if it succeeds.
For more information, see Security groups in the Amazon EC2 User Guide.
-
For API details, see RevokeSecurityGroupIngress
in AWS CLI Command Reference.
-
- PowerShell
-
- Tools for PowerShell
-
Example 1: This example revokes access to TCP port 22 from the specified address range for the specified security group for EC2-VPC. Note that you must identify security groups for EC2-VPC using the security group ID not the security group name. The syntax used by this example requires PowerShell version 3 or higher.
$ip = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission $ipExample 2: With PowerShell version 2, you must use New-Object to create the IpPermission object.
$ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 22 $ip.ToPort = 22 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission $ipExample 3: This example revokes access to TCP port 22 from the specified address range for the specified security group for EC2-Classic. The syntax used by this example requires PowerShell version 3 or higher.
$ip = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission $ipExample 4: With PowerShell version 2, you must use New-Object to create the IpPermission object.
$ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 22 $ip.ToPort = 22 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission $ip-
For API details, see RevokeSecurityGroupIngress in AWS Tools for PowerShell Cmdlet Reference.
-
