诀窍是通过获取当前规则的输出,describe-security-groups
然后将其作为参数传递给revoke-security-group-ingress
. 这样,规则完全匹配。
首先,此命令提取现有的入站权限:
aws ec2 describe-security-groups --group-ids sg-xxx --query SecurityGroups[].IpPermissions[]
输出如下所示:
[
{
"FromPort": 0,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [
{
"CidrIpv6": "::/0"
}
],
"PrefixListIds": [],
"ToPort": 65535,
"UserIdGroupPairs": []
}
]
然后,将该命令嵌入到命令中revoke-security-group-ingress
:
aws ec2 revoke-security-group-ingress --group-id sg-xxx --ip-permissions "`aws ec2 describe-security-groups --group-ids sg-xxx --query SecurityGroups[].IpPermissions[]`"
(这适用于我的 Mac。如果您运行的是 Windows,请在 Ubuntu shell 下运行它。)