Provided by: ec2-api-tools_1.6.12.0-0ubuntu1_all bug

NAME

       ec2-revoke - Revoke permissions from a group

SYNOPSIS

        ec2revoke ([ec2-revoke])
        ec2revoke [GENERAL OPTIONS] GROUP [SPECIFIC OPTIONS]

GENERAL NOTES

        Any command option/parameter may be passed a value of '-' to indicate
        that values for that option should be read from stdin.

DESCRIPTION

        Revoke selected permissions from a specified group.
        The GROUP parameter is name or ID of the group to revoke this permission from.
        Note that VPC security groups for non-default VPCs must be specified by ID.

GENERAL OPTIONS

        -O, --aws-access-key KEY
            AWS Access Key ID. Defaults to the value of the AWS_ACCESS_KEY
            environment variable (if set).

        -W, --aws-secret-key KEY
            AWS Secret Access Key. Defaults to the value of the AWS_SECRET_KEY
            environment variable (if set).

        -T, --security-token TOKEN
            AWS delegation token. Defaults to the value of the AWS_DELEGATION_TOKEN
            environment variable (if set).

        -K, --private-key KEY
            [DEPRECATED] Specify KEY as the private key to use. Defaults to the value of the
            EC2_PRIVATE_KEY environment variable (if set). Overrides the default.

        -C, --cert CERT
            [DEPRECATED] Specify CERT as the X509 certificate to use. Defaults to the value
            of the EC2_CERT environment variable (if set). Overrides the default.

        -U, --url URL
            Specify URL as the web service URL to use. Defaults to the value of
            'https://ec2.amazonaws.com' (us-east-1) or to that of the
            EC2_URL environment variable (if set). Overrides the default.

        --region REGION
            Specify REGION as the web service region to use.
            This option will override the URL specified by the "-U URL" option
            and EC2_URL environment variable.
            This option defaults to the region specified by the EC2_URL environment variable
            or us-east-1 if this environment variable is not set.

        -D, --auth-dry-run
            Check if you can perform the requested action rather than actually performing it.

        -v, --verbose
            Verbose output.

        -?, --help
            Display this help.

        -H, --headers
            Display column headers.

        --debug
            Display additional debugging information.

        --show-empty-fields
            Indicate empty fields.

        --hide-tags
            Do not display tags for tagged resources.

        --connection-timeout TIMEOUT
            Specify a connection timeout TIMEOUT (in seconds).

        --request-timeout TIMEOUT
            Specify a request timeout TIMEOUT (in seconds).

SPECIFIC OPTIONS

        --egress
            Specifies an egress rule.  Otherwise ingress is assumed.

        -P, --protocol PROTOCOL
            May be either a protocol name or a protocol number.  Note that non-VPC
            security groups only allow tcp, udp and icmp rules.  For non-VPC groups
            the protocol may be left blank, in which case it will default
            to tcp if a source subnet is specified, to tcp and udp if a source group
            and port range are specified, and to tcp, udp and icmp if only a
            source group is specified.
            For VPC groups the protocol 'all' must be explicitly specified.

        -p, --port-range PORT-RANGE
            Range of ports to open. If the tcp or udp protocol are specified (or
            implied by default), then the range of ports to grant access to may
            optionally be specified as a single integer, or as a range (min-max).
            Specifying -1 defaults to all ports.

        -t, --icmp-type-code TYPE:CODE
            icmp type and code. If the icmp protocol is specified, then icmp type
            and code may optionally be specified as type:code, where both type and
            code are integers and compliant with RFC792. Type or code (or both) may
            be specified as -1 which is a wildcard covering all types or codes.

        -o, --source-or-dest-group SOURCE-OR-DEST-GROUP [--source-or-dest-group...]
            Source or destination security group to be authorized, specified as
            an EC2 security group name, e.g. default. This may be specified more
            than once to allow network traffic from multiple security groups.

        -u,                 --source-or-dest-group-user                 SOURCE-OR-DEST-GROUP-USER
       [--source-or-dest-group-user...]
            The owner of the security group specified using -o. If specified only
            once, the same user will be used for all specified groups. However, if
            specified once per -o, each user is mapped to a group in order.
            Anything else is invalid.
            This option is invalid for VPC security groups.  VPC source groups
            must be owned by the authorizing user.

        -s, --cidr CIDR
            The network source from which traffic is to be authorized in the
            case of an ingress request, or to which traffic is to be authorized
            in the case of an egress request.  Specified as a CIDR subnet range,
            e.g. 205.192.8.45/24. This may be specified more than once to allow
            traffic from multiple subnets.
            If no subnet and no group are specified, this will default
            to the wildcard CIDR 0.0.0.0/0.

        --source-subnet
            Like --cidr, but for ingress requests only.  For backward compatibility.

        --dest-subnet
            Like --cidr, but for egress requests only.  For backward compatibility.

SEE ALSO

         http://docs.amazonwebservices.com/AWSEC2/2013-10-15/CommandLineReference
         http://docs.amazonwebservices.com/AWSEC2/latest/CommandLineReference