AWS ec2 documentation change
Summary
Added PowerShell V5 examples for revoking security group egress rules
Security assessment
The examples demonstrate removing outbound access rules, which is security-related configuration. However, this appears to be standard documentation improvement rather than addressing a specific vulnerability.
Diff
diff --git a/ec2/latest/devguide/example_ec2_RevokeSecurityGroupEgress_section.md b/ec2/latest/devguide/example_ec2_RevokeSecurityGroupEgress_section.md index 30cccc985..d8ebece9f 100644 --- a//ec2/latest/devguide/example_ec2_RevokeSecurityGroupEgress_section.md +++ b//ec2/latest/devguide/example_ec2_RevokeSecurityGroupEgress_section.md @@ -85,0 +86,35 @@ PowerShell +**Tools for PowerShell V5** + + +**Example 1: This example removes the rule for the specified security group for EC2-VPC. This revokes access to the specified IP address range on TCP port 80. The syntax used by this example requires PowerShell version 3 or higher.** + + + $ip = @{ IpProtocol="tcp"; FromPort="80"; ToPort="80"; IpRanges="203.0.113.0/24" } + Revoke-EC2SecurityGroupEgress -GroupId sg-12345678 -IpPermission $ip + + +**Example 2: With PowerShell version 2, you must use New-Object to create the IpPermission object.** + + + $ip = New-Object Amazon.EC2.Model.IpPermission + $ip.IpProtocol = "tcp" + $ip.FromPort = 80 + $ip.ToPort = 80 + $ip.IpRanges.Add("203.0.113.0/24") + Revoke-EC2SecurityGroupEgress -GroupId sg-12345678 -IpPermission $ip + + +**Example 3: This example revokes access to the specified source security group on TCP port 80.** + + + $ug = New-Object Amazon.EC2.Model.UserIdGroupPair + $ug.GroupId = "sg-1a2b3c4d" + $ug.UserId = "123456789012" + Revoke-EC2SecurityGroupEgress -GroupId sg-12345678 -IpPermission @( @{ IpProtocol="tcp"; FromPort="80"; ToPort="80"; UserIdGroupPairs=$ug } ) + + + * For API details, see [RevokeSecurityGroupEgress](https://docs.aws.amazon.com/powershell/v5/reference) in _AWS Tools for PowerShell Cmdlet Reference (V5)_. + + + +