
revoke-security-group-egress
****************************


DESCRIPTION
===========

This action applies only to security groups in a VPC. It doesn't work
with EC2 security groups. For information about Amazon Virtual Private
Cloud and VPC security groups, go to the Amazon Virtual Private Cloud
User Guide.

The action removes one or more egress rules from a VPC security group.
The values that you specify in the revoke request (e.g., ports, etc.)
must match the existing rule's values in order for the rule to be
revoked.

Each rule consists of the protocol, and the CIDR range or destination
security group. For the TCP and UDP protocols, you must also specify
the destination port or range of ports. For the ICMP protocol, you
must also specify the ICMP type and code.

Rule changes are propagated to instances within the security group as
quickly as possible. However, a small delay might occur.


SYNOPSIS
========

   aws ec2 revoke-security-group-egress
     --group-id <value>
     [--cidr-ip <value>]
     [--ip-permissions <value>]
     [--from-port <value>]
     [--source-security-group-owner-id <value>]
     [--source-security-group-name <value>]
     [--to-port <value>]
     [--ip-protocol <value>]


REQUIRED PARAMETERS
===================

"--group-id"  (string)
   ID of the VPC security group to modify.


OPTIONAL PARAMETERS
===================

"--cidr-ip"  (string)
   Deprecated.

"--ip-permissions"  (list)
   List of IP permissions to authorize on the specified security
   group. Specifying permissions through IP permissions is the
   preferred way of authorizing permissions since it offers more
   flexibility and control.

      (structure)
         An IP permission describing allowed incoming IP traffic to an
         Amazon EC2 security group.

         "to_port"  (integer)
            End of port range for the TCP and UDP protocols, or an
            ICMP code. An ICMP code of "-1" indicates a wildcard
            (i.e., any ICMP code).

         "ip_protocol"  (string)
            The IP protocol of this permission.

            Valid protocol values: "tcp" , "udp" , "icmp"

         "ip_ranges"  (list)
            The list of CIDR IP ranges included in this permission.

               (structure)
                  Contains a list of CIRD IP ranges.

                  "cidr_ip"  (string)
                     The list of CIDR IP ranges.

         "user_id_group_pairs"  (list)
            The list of AWS user IDs and groups included in this
            permission.

               (structure)
                  An AWS user ID identifiying an AWS account, and the
                  name of a security group within that account.

                  "group_name"  (string)
                     Name of the security group in the specified AWS
                     account. Cannot be used when specifying a CIDR IP
                     address range.

                  "user_id"  (string)
                     The AWS user ID of an account.

                  "group_id"  (string)
                     ID of the security group in the specified AWS
                     account. Cannot be used when specifying a CIDR IP
                     address range.

         "from_port"  (integer)
            Start of port range for the TCP and UDP protocols, or an
            ICMP type number. An ICMP type number of "-1" indicates a
            wildcard (i.e., any ICMP type number).

   *Parameter Syntax*

      [
        {
          "to_port": integer,
          "ip_protocol": "string",
          "ip_ranges":
            [
              {
                "cidr_ip": "string"
              }
              ...
            ],
          "user_id_group_pairs":
            [
              {
                "group_name": "string",
                "user_id": "string",
                "group_id": "string"
              }
              ...
            ],
          "from_port": integer
        }
        ...
      ]

"--from-port"  (integer)
   Deprecated.

"--source-security-group-owner-id"  (string)
   Deprecated.

"--source-security-group-name"  (string)
   Deprecated.

"--to-port"  (integer)
   Deprecated.

"--ip-protocol"  (string)
   Deprecated.
