AWS EC2 Revoke Security Group Ingress VERSION 1

This handler uses the AWS REST API to Remove one or more ingress rules from a security group. The values that you specify in the revoke request (for example, ports) must match the existing rule's values for the rule to be removed. Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. This handler implements a subset of the full AWS call (single rule submission only). For more information see the AWS Amazon Virtual Private Cloud User Guide online.

The Dry Run parameter validates user permissions and inputs. If it is set to true, an error will always be thrown by the handler before completing the handler action. Error response will be 'DryRunOperation' if the account has proper permissions and inputs; 'UnauthorizedOperation' if the account does not have proper permissions.


Dry RunDry run validates user permissions and inputs without completing the EC2 action (true or false).
Group NameThe name of the security group.
Group IDThe ID of the security group. Required for a non-default VPC.
Source Security Group NameThe name of the source security group.
Source Security Owner IDThe AWS account ID for the source security group.
IP ProtocolThe IP protocol name (tcp, udp, icmp). Use -1 to specify all.
From PortThe start of port range for the TCP and UDP protocols, or an ICMP type number.
To PortThe end of port range for the TCP and UDP protocols, or an ICMP code number.
CIDR IP Address RangeThe CIDR IP address range.

Sample Configuration

Dry Run
Group Name
Group ID
Source Security Group Name
Source Security Owner ID
IP Protocol
From Port
To Port
CIDR IP Address Range


This handler does not return any results.


No Changelog Available.