Provided by: ec2-api-tools_22.214.171.124-0ubuntu1_all
ec2-revoke - Revoke permissions from a group
ec2revoke ([ec2-revoke]) ec2revoke [GENERAL OPTIONS] GROUP [SPECIFIC OPTIONS]
Any command option/parameter may be passed a value of '-' to indicate that values for that option should be read from stdin.
Revoke selected permissions from a specified group. The GROUP parameter is name or ID of the group to revoke this permission from. Note that VPC security groups must be specified by ID.
-K, --private-key KEY Specify KEY as the private key to use. Defaults to the value of the EC2_PRIVATE_KEY environment variable (if set). Overrides the default. -C, --cert CERT Specify CERT as the X509 certificate to use. Defaults to the value of the EC2_CERT environment variable (if set). Overrides the default. -U, --url URL Specify URL as the web service URL to use. Defaults to the value of 'https://ec2.amazonaws.com' (us-east-1) or to that of the EC2_URL environment variable (if set). Overrides the default. --region REGION Specify REGION as the web service region to use. This option will override the URL specified by the "-U URL" option and EC2_URL environment variable. -v, --verbose Verbose output. -?, --help Display this help. -H, --headers Display column headers. --debug Display additional debugging information. --show-empty-fields Indicate empty fields. --hide-tags Do not display tags for tagged resources. --connection-timeout TIMEOUT Specify a connection timeout TIMEOUT (in seconds). --request-timeout TIMEOUT Specify a request timeout TIMEOUT (in seconds).
--egress Specifies an egress rule. Otherwise ingress is assumed. -P, --protocol PROTOCOL May be either a protocol name or a protocol number. Note that non-VPC security groups only allow tcp, udp and icmp rules. For non-VPC groups the protocol may be left blank, in which case it will default to tcp if a source subnet is specified, to tcp and udp if a source group and port range are specified, and to tcp, udp and icmp if only a source group is specified. For VPC groups the protocol 'all' must be explicitly specified. -p, --port-range PORT-RANGE Range of ports to open. If the tcp or udp protocol are specified (or implied by default), then the range of ports to grant access to may optionally be specified as a single integer, or as a range (min-max). Specifying -1 defaults to all ports. -t, --icmp-type-code TYPE:CODE icmp type and code. If the icmp protocol is specified, then icmp type and code may optionally be specified as type:code, where both type and code are integers and compliant with RFC792. Type or code (or both) may be specified as -1 which is a wildcard covering all types or codes. -o, --source-or-dest-group SOURCE-OR-DEST-GROUP [--source-or-dest-group...] Source or destination security group to be authorized, specified as an EC2 security group name, e.g. default. This may be specified more than once to allow network traffic from multiple security groups. -u, --source-or-dest-group-user SOURCE-OR-DEST-GROUP-USER [--source-or-dest-group-user...] The owner of the security group specified using -o. If specified only once, the same user will be used for all specified groups. However, if specified once per -o, each user is mapped to a group in order. Anything else is invalid. This option is invalid for VPC security groups. VPC source groups must be owned by the authorizing user. -s, --cidr CIDR The network source from which traffic is to be authorized in the case of an ingress request, or to which traffic is to be authorized in the case of an egress request. Specified as a CIDR subnet range, e.g. 126.96.36.199/24. This may be specified more than once to allow traffic from multiple subnets. If no subnet and no group are specified, this will default to the wildcard CIDR 0.0.0.0/0. --source-subnet Like --cidr, but for ingress requests only. For backward compatibility. --dest-subnet Like --cidr, but for egress requests only. For backward compatibility.