Amazon RDS - Revoke Security Group
Declaration
<AMAWSRDS ACTIVITY="revoke_security_group" SECURITYGROUP="text" EC2GROUP="text" EC2OWNERID="text" ACCESSKEY="text" SECRETKEY="text (encrypted)" SERVICEURL="text" PROXYHOST="text" USERAGENT="text" PROXYPORT="number" PROXYUSER="text" PROXYPWD="text (encrypted)" MAXERRORRETRY="number" SIGNMETHOD="text" SIGNVERSION="number" />
Description: Revokes ingress to a DB Security Group for previously authorized IP ranges or EC2 Security Groups.
Practical Usage
Used to revokes access to a DB Security Group for a range of IP addresses.
Connection Parameters
Property |
Type |
Required |
Default |
Markup |
Description |
---|---|---|---|---|---|
Connection |
|
|
|
|
Indicates where Amazon Web Service user credentials and preferences should originate from. This is a design mode parameter used only during task construction and configuration, thus, comprises no markup. The available options are:
|
Session |
Text |
Yes if connection is session-based |
RDSSession1 |
SESSION="RDSSession1" |
The name of an existing session to attach this activity to. This parameter is active only if the Connection parameter is set to Session. The default session name is 'RDSSession1'. |
Access key |
Text |
Yes if connection is host-based |
(Empty) |
ACCESSKEY= "022QF06E7MXBSH9DHM02" |
A 20-character alphanumeric string that uniquely identifies the owner of the AWS service account, similar to a username. This key along with a corresponding secret access key forms a secure information set that AWS uses to confirm a valid user's identity. This parameter is active only if the Connection parameter is set to Host. |
Secret Access key |
Text |
Yes if connection is host-based |
(Empty) |
SECRETKEY= "kWcrlUX5JEDGM/LtmEENI/ aVmYvHNif5zB+d9+ct" |
A 40-character string that serves the role as password to access the AWS service account. This along with an associated access key forms a secure information set that EC2 uses to confirm a valid user's identity. This parameter is active only if the Connection parameter is set to Host. |
User agent |
Text |
No |
AutoMate |
USERAGENT="AutoMate" |
The name of the client or application initiating requests to AWS. The default value is 'AutoMate'. |
Maximum retry on error |
Number |
No |
(Empty) |
MAXERRORRETRY="4" |
The total amount of times this activity should retry its request to the server before returning an error. Network components can generate errors anytime in the life of a request, thus, implementing retries can increase reliability. |
Service URL |
Text |
No |
(Empty) |
SERVICEURL= "https://rds.eu-west-1.amazonaws.com" |
The URL that provides the service endpoint. To make the service call to a different region, you can pass the region-specific endpoint URL. For example, entering https://rds.us-west-1.amazonaws.com points to US West (Northern California) region. A complete list of EC2 regions, accompanying endpoints and valid protocols can be found below under RDS Endpoints and Regions. |
Proxy host |
Text |
No |
(Empty) |
PROXYHOST="proxy.host.com" |
The host name (e.g., server.domain.com) or IP address (e.g., xxx.xxx.xxx.xxx) of the proxy server to use when connecting to AWS. |
Proxy port |
Number |
No |
(Empty) |
PROXYPORT="1028" |
The port that should be used to connect to the proxy server. |
Proxy username |
Text |
No |
(Empty) |
PROXYUSER="username" |
The username that should be used to authenticate connection with the proxy server (if required). |
Proxy password |
Text |
No |
(Empty) |
PROXYPWD="encrypted" |
The password that should be used to authenticate connection with the proxy server (if required). |
Signature method |
Text |
No |
(Empty) |
SIGNMETHOD="HmacSHA256" |
The signature method to use for signing the request. This provides a valid hashing algorithm for signature calculation. Valid AWS signature methods are HmacSHA1 and HmacSHA256. |
Signature version |
Number |
No |
(Empty) |
SIGNVERSION="2" |
The signature version for signing the request. Valid AWS signature versions are 2 and 4. The difference with version 4 is that it allows you to sign your message using a key that is derived from your secret access key rather than using the secret access key itself. |
Security Group Parameters
Property |
Type |
Required |
Default |
Markup |
Description |
---|---|---|---|---|---|
Group name |
Text |
Yes |
(Empty) |
SECURITYGROUP="mydbgroup" |
The name of the Amazon RDS security group in which to revoke access. |
CIDRIP |
Number |
No |
(Empty) |
CIDRIP="192.168.100.100/0" |
If enabled, specifies the IP range to allow access. Must be a valid Classless Inter-Domain Routing (CIDR) range in the format xxx.xxx.xxx.xxx/x (i.e.,192.168.100.100/0). If this parameter is enabled, the EC2 Security Group parameter becomes inactive. |
EC2 security group |
|
|
|
|
If enabled, specifies the Security Group Name and Owner ID to allow access. If this parameter is enabled, the CIDRIP parameter becomes inactive. This is a design time parameter and contains no markup. |
Name |
Text |
No |
(Empty) |
EC2GROUP="mysecuritygrp" |
The name of the Amazon EC2 security group in which to revoke access (e.g., mydbsecuritygroup). This parameter is active only if the EC2 Security Group option is selected. Must be entered along with Owner ID. |
Owner ID |
Number |
No |
(Empty) |
EC2OWNERID=123456789012 |
The AWS account number of the owner of the EC2 security group in which to revoke access. This parameter is active only if the EC2 Security Group option is selected. Must be entered along with Name parameter. |
Create and populate dataset with RDS Security group information |
Text |
No |
(Empty) |
RESULTDATASET="myDataset" |
The name of the dataset to be created and populated with the RDS security group information. More information regarding the individual fields this dataset creates can be found below under Datasets. |
Description tab - A custom description can be provided on the Description tab to convey additional information or share special notes about a task step.
Error Causes tab - Specify how this step should behave upon the occurrence of an error. (Refer to Task Builder > Error Causes Tab for details.)
On Error tab - Specify what AWE should do if this step encounters an error as defined on the Error Causes tab. (Refer to Task Builder > On Error Tab for details.)
RDS Endpoints and Regions
This table contains a complete list of Amazon Relational Database Service endpoints, along with their corresponding regions and supported protocols.
Endpoint |
Region |
Protocol |
---|---|---|
rds.us-east-1.amazonaws.com |
US East (Northern Virginia) Region |
HTTP and HTTPS |
rds.us-west-2.amazonaws.com |
US West (Oregon) Region |
HTTP and HTTPS |
rds.us-west-1.amazonaws.com |
US West (Northern California) Region |
HTTP and HTTPS |
rds.eu-west-1.amazonaws.com |
EU (Ireland) Region |
HTTP and HTTPS |
rds.ap-southeast-1.amazonaws.com |
Asia Pacific (Singapore) Region |
HTTP and HTTPS |
rds.ap-southeast-2.amazonaws.com |
Asia Pacific (Sydney) Region |
HTTP and HTTPS |
rds.ap-northeast-1.amazonaws.com |
Asia Pacific (Tokyo) Region |
HTTP and HTTPS |
rds.sa-east-1.amazonaws.com |
South America (Sao Paulo) Region |
HTTP and HTTPS |
Datasets
A dataset is a multiple column, multiple row container object. This activity creates and populates a dataset containing a specific set of fields. The table below describes these fields (assuming the dataset name assigned was theDataset).
Name |
Type |
Return Value |
---|---|---|
theDataset.DBSecurityGroupDescription |
Text |
The user-defined description of the security group in which to revoke access. |
theDataset.DBSecurityGroupName |
Text |
The user-defined name of the security group in which to revoke access. |
theDataset.EC2SecurityGroup |
Text |
The name of the EC2 security group. |
theDataset.IPRange |
Text |
The CIDR range for the authorized Amazon RDS DB security group |
theDataset.OwnerId |
Number |
The AWS account number of the owner of the EC2 security group in which to revoke access (e.g., 123412341234). |
Example
The sample AML code below can be copied and pasted directly into the Steps panel of the Task Builder.
Description: Revoke RDS security group "myGroup". EC2 security group is "theGroup". EC2 owner id is "owner_ID". Store RDS security group information into dataset "theDataset". Use default RDS session.
<AMAWSRDS ACTIVITY="revoke_security_group" SECURITYGROUP="myGroup" EC2GROUP="theGroup" EC2OWNERID="owner_ID" RESULTDATASET="theDataset" />