Update Security Groups

Overview

The Update Security Groups action allows you to update the rules of Security Groups.

Read more about Security Group Rules

Permissions

The action uses the following AWS EC2 API endpoints to target and update Security Groups:

• DescribeSecurityGroups
• RevokeSecurityGroupIngress
• RevokeSecurityGroupEgress

Configuring the action

Targeting

You can choose to target Security Groups by Tag groups, or all Security Groups in the selected context.

Rule Changes

An Update Security Groups action can be configured with multiple rule changes. Currently this action can only be used to delete rules from Security Groups.

Match Criteria

You can choose to match rules by the following criteria:

• Direction - The direction of the rule. Valid values are Ingress or Egress.
• IP Protocol - The IP protocol of the rule. Valid values are TCP, UDP, ICMP (v4), ICMP (v6) or all protocols.
• Port - The port specified in the rule.
• Source/Destination endpoint - The source of the rule. This can be an IP address, a CIDR block, a security group ID, or a Prefix List ID.
• Description - The description of the rule.

Note that if more than one match condition is specified, all conditions must be met for the rule to be deleted.