RDS - Revoke Security Group

 

Declaration

<AMAWSRDS ACTIVITY="revoke_security_group" SECURITYGROUP="text" EC2GROUP="text" EC2OWNERID="text" RESULTDATASET="text" />

See Also

RDS - Authorize Security Group | RDS - Create Instance | RDS - Create Security Group | RDS - Create Session | RDS - Create Snapshot | RDS - Delete Instance | RDS - Delete Security Group | RDS - Delete Snapshot | RDS - End Session | RDS - List Instance(s) | RDS - List Security Group(s) | RDS - List Snapshot(s) | RDS - Modify Instance | RDS - Reboot Instance | RDS - Revoke Security Group

Description

Revokes ingress to a DB Security Group for previously authorized IP ranges or EC2 Security Groups.

IMPORTANT: The RDS activities in AutoMate use Amazon's RDS engine to perform their work. You must enter a valid Amazon RDS service account in order for these activities to work properly.

Practical Usage

Used to revokes access to a DB Security Group for a range of IP addresses.

Parameters

Security Group Properties

Property

Type

Req'd

Default

Markup

Description

Group Name

Text

Yes

(Empty)

SECURITYGROUP="mydbgroup"

The name of the Amazon RDS security group in which to revoke access.

CIDRIP

Number

No

(Empty)

CIDRIP="192.168.100.100/0"

If enabled, specifies the IP range to allow access. Must be a valid Classless Inter-Domain Routing (CIDR) range in the format xxx.xxx.xxx.xxx/x (i.e.,192.168.100.100/0). If this parameter is enabled, the EC2 Security Group parameter becomes inactive.

EC2 Security Group

 

 

 

 

If enabled, specifies the Security Group Name and Owner ID to allow access. If this parameter is enabled, the CIDRIP parameter becomes inactive.

NOTE: This is a design time parameter and contains no markup.

Name

Text

No

(Empty)

EC2GROUP="mysecuritygrp"

The name of the Amazon EC2 security group in which to revoke access (i.e. mydbsecuritygroup). This parameter is active only if the EC2 Security Group option is selected. Must be entered along with Owner ID.

Owner ID

Number

No

(Empty)

EC2OWNERID=123456789012

The AWS account number of the owner of the EC2 security group in which to revoke access. This parameter is active only if the EC2 Security Group option is selected. Must be entered along with Name parameter.

Create and populate dataset with RDS Security group information

Text

No

(Empty)

RESULTDATASET="myDataset"

The name of the dataset to be created and populated with the RDS security group information. More on datasets below under Datasets.

Credentials Properties

These properties allow you to enter a custom set of credentials specific to this activity or link this activity to an existing session.  

Property

Type

Req'd

Default

Markup

Description

Provide Credentials

 

 

 

 

Indicates where this activity's credentials should originate from. Different properties apply depending on the option selected. This is a design-time parameter used interactively during  construction mode, thus, contains no markups. The available options are:

  • Custom (Default) - Specifies that a custom set of credentials will be entered for this EC2 activity. Select this option if performing a single RDS activity.

  • Session Based - Specifies that credentials should derive from a session created in a previous step with the use of the Create Session activity. This allows several RDS activities to be linked to a specific session.

Access Key

Text

Yes

(Empty)

ACCESSKEY=

"022QF06E7MXBSH9DHM02"

A 20-character, alphanumeric string that uniquely identifies a user who owns a RDS account. This along with a Secret Access Key forms a secure information set that RDS uses to confirm a valid user's identity. This property is active only if Custom is selected under the Provide Credentials property.

Secret Access Key

Text

Yes

(Empty)

SECRETKEY=

"kWcrlUX5JEDGM/LtmEENI/

aVmYvHNif5zB+d9+ct"

A 40-character string that serves the role as Password to access RDS. This along with an associated Access Key forms a secure information set that RDS uses to confirm a valid user's identity. This property is active only if Custom is selected under the Provide Credentials property.

User Agent

Text

No

AutoMate

USERAGENT="AutoMate"

The User Agent header name. The User-Agent request-header field contains information about the user agent originating the request such as proxies, name, etc. The default User Agent name is AutoMate. This property is active only if Custom is selected under the Provide Credentials property.

Maximum retry on error

Number

No

(Empty)

MAXERRORRETRY="4"

Signifies how many times the Amazon RDS engine should retry the request before returning an error. This property is active only if Custom is selected under the Provide Credentials property.

Service URL

Text

No

(Empty)

SERVICEURL=

"https://sdb.eu-west-1.amazonaws.com"

The Service URL used to make requests to the RDS service. The Service URL provides the service endpoint. For example, to make the service call to a different region, you can pass the region-specific endpoint, such as https://sdb.eu-west-1.amazonaws.com. This property is active only if Custom is selected under the Provide Credentials property.

Proxy Host

Text

No

(Empty)

PROXYHOST="proxy.host.com"

The host name (server.domain.com) or IP address (xxx.xxx.xxx.xxx) of the proxy server. This property is active only if Custom is selected under the Provide Credentials property.

Proxy Port

Number

No

(Empty)

PROXYPORT="1028"

The port that should be used to connect to the proxy server. This property is active only if Custom is selected under the Provide Credentials property.

Signature Method

Text

No

(Empty)

SIGNMETHOD="HmacSHA256"

The Signature Method for signing the request. This property is active only if Custom is selected under the Provide Credentials property.

Signature Version

Number

No

(Empty)

SIGNVERSION="2"

The Signature Version for signing the request. The version refers to the particular algorithm for signing the request. This property is active only if Custom is selected under the Provide Credentials property.

Session Name

Text

Yes

(Empty)

SESSION="EC2Session1"

The session name to be created. This allows several RDS activities to be linked to this  session, eliminating redundancy. Numerous sessions can be used within a single task. The default value is RDSSession. This property is active only if Session Based is selected under the Provide Credentials property.

NOTE: Use the End Session activity to end an RDS session.

Description Properties

The Description tab allows you to customize the text description of any step when it appears in the Steps Pane.

More on setting custom step description

Error Causes Properties

The Error Causes tab is part of AutoMate's Error Handling functionality which allows you to select / omit specific errors that will cause a particular step to fail.

More about error causes properties

On Error Properties

The On Error tab is part of AutoMate's Error Handling functionality which allows you to determine what the task should do if a particular step encounters an error.

More about on error properties

Notes

Datasets

A dataset is a multiple column, multiple row container object. This activity creates and populates a dataset containing a specific set of fields. The table below describes these fields (assuming the dataset name assigned was theDataset).

Name

Type

Return Value

theDataset.DBSecurityGroupDescription

Text

The user-defined description of the security group in which to revoke access.

theDataset.DBSecurityGroupName

Text

The user-defined name of the security group in which to revoke access.

theDataset.EC2SecurityGroup

Text

The name of the EC2 security group.

theDataset.IPRange

Text

The CIDR range for the authorized Amazon RDS DB security group

theDataset.OwnerId

Number

The AWS account number of the owner of the EC2 security group in which to revoke access (i.e. 123412341234).

Variables and Expressions

All text fields allow the use of expressions, which can be entered by surrounding the expression in percentage signs (example: %MYVARIABLE%, %Left('Text',2)%). To help construct these expressions, you can open Expression Builder from these fields by pressing F2.

More on variables
More on expressions

More on the expression builder

Example

NOTE: The code below can be copied and pasted directly into the Steps pane of the Task Builder.

 

Description: Revoke RDS security group "myGroup". EC2 security group is "theGroup". EC2 owner id is "owner_ID". Store RDS security group information into dataset "theDataset". Use default RDS session.

 

<AMAWSRDS ACTIVITY="revoke_security_group" SECURITYGROUP="myGroup" EC2GROUP="theGroup" EC2OWNERID="owner_ID" RESULTDATASET="theDataset" />

 

↑ [Top of Page]