Sample Request
<AuthorizeSecurityGroupIngress xm-
lns="http://ec2.amazonaws.com/doc/2006-06-26">
<userId/>
<groupName>WebServers</groupName>
<ipPermissions>
<item>
<ipProtocol>tcp</ipProtocol>
<fromPort>80</fromPort>
<toPort>80</toPort>
<groups/>
<ipRanges>
<item>
<cidrIp>0.0.0.0/0</cidrIp>
</item>
</ipRanges>
</item>
</ipPermissions>
</AuthorizeSecurityGroupIngress>
<AuthorizeSecurityGroupIngress xm-
lns="http://ec2.amazonaws.com/doc/2006-06-26">
<userId/>
<groupName>RangedPortsBySource</groupName>
<ipPermissions>
<item>
<ipProtocol>tcp</ipProtocol>
<fromPort>6000</fromPort>
<toPort>7000</toPort>
<groups/>
<ipRanges/>
<dnsNames>
<item>
<dnsName>host.example.com</dnsName>
</item>
</dnsNames>
</item>
</ipPermissions>
</AuthorizeSecurityGroupIngress>
Sample Response
<AuthorizeSecurityGroupIngressResponse xm-
lns="http://ec2.amazonaws.com/doc/2006-06-26">
<return>true</return>
</AuthorizeSecurityGroupIngressResponse>
Related Operations
CreateSecurityGroup
DescribeSecurityGroups
RevokeSecurityGroupIngress
DeleteSecurityGroup
RevokeSecurityGroupIngress
Amazon EC2
Developer Guide
71
The RevokeSecurityGroupIngress operation revokes existing permissions that were previously
granted to a security group. The permissions to revoke must be specified using the same values
originally used to grant the permission.
Permissions are specified in terms of the IP protocol (TCP, UDP or ICMP), the source of the request (by
IP range or an Amazon EC2 user-group pair), source and destination port ranges (for TCP and UDP),
and ICMP codes and types (for ICMP).
Note
Changes are anticipated in this API that may restrict further what is allowable. Please consult
the section called “Anticipated API changes” for more details.
Permission changes are propagated to instances within the security group being modified as quickly as
possible. However, a small delay is likely, depending on the number of instances that are members of
the indicated group.
Request Parameters
The following table describes the request parameters for RevokeSecurityGroupIngress. Parameter
names are case sensitive.
Element Name Definition Re-
quired?
Type
userId AWS Access Key ID. Yes xsd:string
groupName Name of the group to modify. Yes xsd:string
ipPermissions Set of permissions to remove from the
group.
Yes ec2:IpPermissionTyp
e[]
Response Tags
The following table describes the default response tags included in RevokeSecurityGroupIngress
responses.
Element Name Definition
return true if permissions successfully revoked.
Sample Request
<RevokeSecurityGroupIngress xmlns="http://ec2.amazonaws.com/doc/2006-06-26">
<userId/>
<groupName>RangedPortsBySource</groupName>
<ipPermissions>
<item>
<ipProtocol>tcp</ipProtocol>
<fromPort>6000</fromPort>
<toPort>7000</toPort>
<groups/>
<ipRanges/>
</item>
</ipPermissions>
</RevokeSecurityGroupIngress>
Amazon EC2
Developer Guide
72
Previous Page Next Page