Option Definition Required? Example
source.
-u
SOURCE_GROUP_USER
The owner of a group specified us-
ing -o. If this is not specified, all
groups will refer to the current
user. If specified more than once,
there must be exactly one -u per -
o and each user will be mapped to
the corresponding group.
No -u 495219933132
-o SOURCE_GROUP The network source from which
traffic is to be authorized specified
as a security Group. See the de-
scription of the -u parameter for
group owner information.
No -o headoffice
-s SOURCE_SUBNET The network source from which
traffic is to be authorized specified
as a CIDR Subnet range.
No -s 205.192.8.45/24
EXAMPLE
$ ec2-authorize websrv -P tcp -p 80 -s 205.192.0.0/16
GROUP websrv ""
PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205.192.0.0/16
SEE ALSO
AuthorizeSecurityGroupIngress
ec2-add-group
ec2-describe-groups
ec2-delete-group
ec2-revoke
Amazon EC2
Developer Guide
41
ec2-revoke
SYNOPSIS
ec2-revoke GROUP [-P PROTOCOL] (-p PORT_RANGE | -t ICMP_TYPE_CODE) [-u
SOURCE_GROUP_USER ...] [-o SOURCE_GROUP ...] [-s SOURCE_SUBNET ...]
DESCRIPTION
Revokes a rule from the security group named GROUP. To identify the rule to be removed you must
provide exactly the same set of options used to create that rule.
OUTPUT
A table containing the following information is returned:
Output type identifier ("GROUP", "PERMISSION").
Group name. Currently, this will report an empty string.
Type of rule. Currently, only ALLOW rules are supported.
Protocol to allow.
Start of port range.
End of port range.
FROM
Source.
Errors are displayed on stderr.
OPTIONS
Option Definition Required? Example
-P PROTOCOL The protocol to allow. This can
betcp, udp or icmp. This option
only applies when specifying a
CIDR subnet as the source.
Yes -P tcp
-p PORT_RANGE The range of ports to revoke. This
may be specified as a single integer
or as a range (min-max). This op-
tion only applies when specifying a
CIDR subnet as the source.
Yes -p 80
-t ICMP_TYPE_CODE If the protocol is ICMP, the ICMP
type and code must be specified.
This must be specified as
type:code where both are integers.
Type or code (or both) may be spe-
cified as -1 which acts as a wild-
card. This option only applies
when specifying a CIDR subnet as
the source.
Yes -t 2:5
Amazon EC2
Developer Guide
42
Previous Page Next Page