Use RevokeSecurityGroupIngress
with a CLI
The following code examples show how to use RevokeSecurityGroupIngress
.
- CLI
-
- AWS CLI
-
Example 1: To remove a rule from a security group
The following
revoke-security-group-ingress
example removes TCP port 22 access for the203.0.113.0/24
address range from the specified security group for a default VPC.aws ec2 revoke-security-group-ingress \ --group-name
mySecurityGroup
--protocoltcp
\ --port22
\ --cidr203.0.113.0/24
This command produces no output if it succeeds.
For more information, see Security groups in the Amazon EC2 User Guide.
Example 2: To remove a rule using the IP permissions set
The following
revoke-security-group-ingress
example uses theip-permissions
parameter to remove an inbound rule that allows the ICMP messageDestination Unreachable: Fragmentation Needed and Don't Fragment was Set
(Type 3, Code 4).aws ec2 revoke-security-group-ingress \ --group-id
sg-026c12253ce15eff7
\ --ip-permissionsIpProtocol=icmp,FromPort=3,ToPort=4,IpRanges=[{CidrIp=0.0.0.0/0}]
This command produces no output if it succeeds.
For more information, see Security groups in the Amazon EC2 User Guide.
-
For API details, see RevokeSecurityGroupIngress
in AWS CLI Command Reference.
-
- PowerShell
-
- Tools for PowerShell
-
Example 1: This example revokes access to TCP port 22 from the specified address range for the specified security group for EC2-VPC. Note that you must identify security groups for EC2-VPC using the security group ID not the security group name. The syntax used by this example requires PowerShell version 3 or higher.
$ip = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission $ip
Example 2: With PowerShell version 2, you must use New-Object to create the IpPermission object.
$ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 22 $ip.ToPort = 22 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission $ip
Example 3: This example revokes access to TCP port 22 from the specified address range for the specified security group for EC2-Classic. The syntax used by this example requires PowerShell version 3 or higher.
$ip = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission $ip
Example 4: With PowerShell version 2, you must use New-Object to create the IpPermission object.
$ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 22 $ip.ToPort = 22 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission $ip
-
For API details, see RevokeSecurityGroupIngress in AWS Tools for PowerShell Cmdlet Reference.
-
For a complete list of AWS SDK developer guides and code examples, see Create Amazon EC2 resources using an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.