/** * RevokeSecurityGroupEgress action * * Removes one or more egress rules from a security group for EC2-VPC. * The values that you specify in the revoke request (for example, ports) * must match the existing rule's values for the rule to be revoked. * * Each rule consists of the protocol and the CIDR range or destination security group. * For the TCP and UDP protocols, you must also specify the destination port or range of ports. * For the ICMP protocol, you must also specify the ICMP type and code. * * Rule changes are propagated to instances within the security group as quickly as possible. * However, a small delay might occur. * * @param IpPermissionList $ipPermissions Ip permission list object * @param string $groupId optional The ID of the security group to modify. * @return bool Returns true on success * @throws ClientException * @throws Ec2Exception */ public function revokeSecurityGroupEgress(IpPermissionList $ipPermissions, $groupId) { $result = false; $options = $ipPermissions->getQueryArrayBare('IpPermissions'); $options['GroupId'] = (string) $groupId; $action = ucfirst(__FUNCTION__); $response = $this->client->call($action, $options); if ($response->getError() === false) { $sxml = simplexml_load_string($response->getRawContent()); if ((string) $sxml->return != 'true') { throw new Ec2Exception(sprintf('Amazon Ec2 could not %s GroupId:"%s". It returned "%s"', $action, $options['GroupId'], $sxml->return)); } $result = true; } return $result; }
/** * RevokeSecurityGroupIngress action * * This action applies to both EC2 security groups and VPC security groups. * This action removes one or more ingress rules from a security group. The values that you specify in the * revoke request (e.g., ports, etc.) must match the existing rule's values for the rule to be removed. * * Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP * protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must * also specify the ICMP type and code. * * Rule changes are propagated to instances within the security group as quickly as possible. However, * depending on the number of instances, a small delay might occur * * @param IpPermissionList $ipPermissions Ip permission list object * @param string $groupId optional The ID of the EC2 or VPC security group to modify. * The group must belong to your account. * @param string $groupName optional The name of the EC2 security group to modify. * It can be used instead of group ID for EC2 security groups. * @return bool Returns true on success * @throws ClientException * @throws Ec2Exception * @throws \InvalidArgumentException */ public function revokeSecurityGroupIngress(IpPermissionList $ipPermissions, $groupId = null, $groupName = null) { $result = false; $options = $ipPermissions->getQueryArrayBare('IpPermissions'); if ($groupName === null && $groupId === null || $groupName !== null && $groupId !== null) { throw new \InvalidArgumentException(sprintf('Either groupName or groupId is required for the %s. ' . 'Also you cannot specify both in the same call.', __METHOD__)); } if ($groupId !== null) { $options['GroupId'] = (string) $groupId; } else { if ($groupName !== null) { $options['GroupName'] = (string) $groupName; } } $response = $this->client->call(ucfirst(__FUNCTION__), $options); if ($response->getError() === false) { $sxml = simplexml_load_string($response->getRawContent()); if ((string) $sxml->return != 'true') { throw new Ec2Exception(sprintf('Amazon Ec2 could not revoke ingress rules to a security group "%s". It returned "%s"', $options['GroupId'] ?: $options['GroupName'], $sxml->return)); } $result = true; } return $result; }