# Use `RevokeSecurityGroupIngress` with a CLI The following code examples show how to use `RevokeSecurityGroupIngress`. Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code examples: + [Getting started with Amazon DocumentDB](example_docdb_GettingStarted_025_section.md) + [Getting started with Amazon ElastiCache](example_ec2_GettingStarted_065_section.md) + [Getting started with Amazon MSK](example_ec2_GettingStarted_057_section.md) ------ #### [ CLI ] **AWS CLI** **Example 1: To remove a rule from a security group** The following `revoke-security-group-ingress` example removes TCP port 22 access for the `203.0.113.0/24` address range from the specified security group for a default VPC. ``` aws ec2 revoke-security-group-ingress \ --group-name mySecurityGroup --protocol tcp \ --port 22 \ --cidr 203.0.113.0/24 ``` This command produces no output if it succeeds. For more information, see [Security groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html) in the *Amazon EC2 User Guide*. **Example 2: To remove a rule using the IP permissions set** The following `revoke-security-group-ingress` example uses the `ip-permissions` parameter to remove an inbound rule that allows the ICMP message `Destination Unreachable: Fragmentation Needed and Don't Fragment was Set` (Type 3, Code 4). ``` aws ec2 revoke-security-group-ingress \ --group-id sg-026c12253ce15eff7 \ --ip-permissions IpProtocol=icmp,FromPort=3,ToPort=4,IpRanges=[{CidrIp=0.0.0.0/0}] ``` This command produces no output if it succeeds. For more information, see [Security groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html) in the *Amazon EC2 User Guide*. + For API details, see [RevokeSecurityGroupIngress](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/revoke-security-group-ingress.html) in *AWS CLI Command Reference*. ------ #### [ PowerShell ] **Tools for PowerShell V4** **Example 1: This example revokes access to TCP port 22 from the specified address range for the specified security group for EC2-VPC. Note that you must identify security groups for EC2-VPC using the security group ID not the security group name. The syntax used by this example requires PowerShell version 3 or higher.** ``` $ip = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission $ip ``` **Example 2: With PowerShell version 2, you must use New-Object to create the IpPermission object.** ``` $ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 22 $ip.ToPort = 22 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission $ip ``` **Example 3: This example revokes access to TCP port 22 from the specified address range for the specified security group for EC2-Classic. The syntax used by this example requires PowerShell version 3 or higher.** ``` $ip = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission $ip ``` **Example 4: With PowerShell version 2, you must use New-Object to create the IpPermission object.** ``` $ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 22 $ip.ToPort = 22 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission $ip ``` + For API details, see [RevokeSecurityGroupIngress](https://docs.aws.amazon.com/powershell/v4/reference) in *AWS Tools for PowerShell Cmdlet Reference (V4)*. **Tools for PowerShell V5** **Example 1: This example revokes access to TCP port 22 from the specified address range for the specified security group for EC2-VPC. Note that you must identify security groups for EC2-VPC using the security group ID not the security group name. The syntax used by this example requires PowerShell version 3 or higher.** ``` $ip = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission $ip ``` **Example 2: With PowerShell version 2, you must use New-Object to create the IpPermission object.** ``` $ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 22 $ip.ToPort = 22 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupIngress -GroupId sg-12345678 -IpPermission $ip ``` **Example 3: This example revokes access to TCP port 22 from the specified address range for the specified security group for EC2-Classic. The syntax used by this example requires PowerShell version 3 or higher.** ``` $ip = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="203.0.113.0/24" } Revoke-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission $ip ``` **Example 4: With PowerShell version 2, you must use New-Object to create the IpPermission object.** ``` $ip = New-Object Amazon.EC2.Model.IpPermission $ip.IpProtocol = "tcp" $ip.FromPort = 22 $ip.ToPort = 22 $ip.IpRanges.Add("203.0.113.0/24") Revoke-EC2SecurityGroupIngress -GroupName "my-security-group" -IpPermission $ip ``` + For API details, see [RevokeSecurityGroupIngress](https://docs.aws.amazon.com/powershell/v5/reference) in *AWS Tools for PowerShell Cmdlet Reference (V5)*. ------ For a complete list of AWS SDK developer guides and code examples, see [Create Amazon EC2 resources using an AWS SDK](sdk-general-information-section.md). This topic also includes information about getting started and details about previous SDK versions.