/**
* RevokeSecurityGroupEgress action
*
* Removes one or more egress rules from a security group for EC2-VPC.
* The values that you specify in the revoke request (for example, ports)
* must match the existing rule's values for the rule to be revoked.
*
* Each rule consists of the protocol and the CIDR range or destination security group.
* For the TCP and UDP protocols, you must also specify the destination port or range of ports.
* For the ICMP protocol, you must also specify the ICMP type and code.
*
* Rule changes are propagated to instances within the security group as quickly as possible.
* However, a small delay might occur.
*
* @param IpPermissionList $ipPermissions Ip permission list object
* @param string $groupId optional The ID of the security group to modify.
* @return bool Returns true on success
* @throws ClientException
* @throws Ec2Exception
*/
public function revokeSecurityGroupEgress(IpPermissionList $ipPermissions, $groupId)
{
$result = false;
$options = $ipPermissions->getQueryArrayBare('IpPermissions');
$options['GroupId'] = (string) $groupId;
$action = ucfirst(__FUNCTION__);
$response = $this->client->call($action, $options);
if ($response->getError() === false) {
$sxml = simplexml_load_string($response->getRawContent());
if ((string) $sxml->return != 'true') {
throw new Ec2Exception(sprintf('Amazon Ec2 could not %s GroupId:"%s". It returned "%s"', $action, $options['GroupId'], $sxml->return));
}
$result = true;
}
return $result;
}
/**
* RevokeSecurityGroupIngress action
*
* This action applies to both EC2 security groups and VPC security groups.
* This action removes one or more ingress rules from a security group. The values that you specify in the
* revoke request (e.g., ports, etc.) must match the existing rule's values for the rule to be removed.
*
* Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP
* protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must
* also specify the ICMP type and code.
*
* Rule changes are propagated to instances within the security group as quickly as possible. However,
* depending on the number of instances, a small delay might occur
*
* @param IpPermissionList $ipPermissions Ip permission list object
* @param string $groupId optional The ID of the EC2 or VPC security group to modify.
* The group must belong to your account.
* @param string $groupName optional The name of the EC2 security group to modify.
* It can be used instead of group ID for EC2 security groups.
* @return bool Returns true on success
* @throws ClientException
* @throws Ec2Exception
* @throws \InvalidArgumentException
*/
public function revokeSecurityGroupIngress(IpPermissionList $ipPermissions, $groupId = null, $groupName = null)
{
$result = false;
$options = $ipPermissions->getQueryArrayBare('IpPermissions');
if ($groupName === null && $groupId === null || $groupName !== null && $groupId !== null) {
throw new \InvalidArgumentException(sprintf('Either groupName or groupId is required for the %s. ' . 'Also you cannot specify both in the same call.', __METHOD__));
}
if ($groupId !== null) {
$options['GroupId'] = (string) $groupId;
} else {
if ($groupName !== null) {
$options['GroupName'] = (string) $groupName;
}
}
$response = $this->client->call(ucfirst(__FUNCTION__), $options);
if ($response->getError() === false) {
$sxml = simplexml_load_string($response->getRawContent());
if ((string) $sxml->return != 'true') {
throw new Ec2Exception(sprintf('Amazon Ec2 could not revoke ingress rules to a security group "%s". It returned "%s"', $options['GroupId'] ?: $options['GroupName'], $sxml->return));
}
$result = true;
}
return $result;
}
