Use RevokeSecurityGroupIngress with a CLI - Amazon Elastic Compute Cloud

Use RevokeSecurityGroupIngress with a CLI

The following code examples show how to use RevokeSecurityGroupIngress.

CLI
AWS CLI

Example 1: To remove a rule from a security group

The following revoke-security-group-ingress example removes TCP port 22 access for the 203.0.113.0/24 address range from the specified security group for a default VPC.

aws ec2 revoke-security-group-ingress \ --group-name mySecurityGroup --protocol tcp \ --port 22 \ --cidr 203.0.113.0/24

This command produces no output if it succeeds.

For more information, see Security groups in the Amazon EC2 User Guide.

Example 2: To remove a rule using the IP permissions set

The following revoke-security-group-ingress example uses the ip-permissions parameter to remove an inbound rule that allows the ICMP message Destination Unreachable: Fragmentation Needed and Don't Fragment was Set (Type 3, Code 4).

aws ec2 revoke-security-group-ingress \ --group-id sg-026c12253ce15eff7 \ --ip-permissions IpProtocol=icmp,FromPort=3,ToPort=4,IpRanges=[{CidrIp=0.0.0.0/0}]

This command produces no output if it succeeds.

For more information, see Security groups in the Amazon EC2 User Guide.

PowerShell
Tools for PowerShell

Example 1: This example revokes access to TCP port 22 from the specified address range for the specified security group for EC2-VPC. Note that you must identify security groups for EC2-VPC using the security group ID not the security group name. The syntax used by this example requires PowerShell version 3 or higher.

$ip = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission $ip

Example 2: With PowerShell version 2, you must use New-Object to create the IpPermission object.

$ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 22 $ip.ToPort = 22 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission $ip

Example 3: This example revokes access to TCP port 22 from the specified address range for the specified security group for EC2-Classic. The syntax used by this example requires PowerShell version 3 or higher.

$ip = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission $ip

Example 4: With PowerShell version 2, you must use New-Object to create the IpPermission object.

$ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 22 $ip.ToPort = 22 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission $ip

For a complete list of AWS SDK developer guides and code examples, see Create Amazon EC2 resources using an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.