RevokeClientVpnIngress - Amazon Elastic Compute Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Removes an ingress authorization rule from a Client VPN endpoint.

Request Parameters

The following parameters are for this specific action. For more information about required and optional parameters that are common to all actions, see Common Query Parameters.


The ID of the Active Directory group for which to revoke access.

Type: String

Required: No


The ID of the Client VPN endpoint with which the authorization rule is associated.

Type: String

Required: Yes


Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Type: Boolean

Required: No


Indicates whether access should be revoked for all clients.

Type: Boolean

Required: No


The IPv4 address range, in CIDR notation, of the network for which access is being removed.

Type: String

Required: Yes

Response Elements

The following elements are returned by the service.


The ID of the request.

Type: String


The current state of the authorization rule.

Type: ClientVpnAuthorizationRuleStatus object


For information about the errors that are common to all actions, see Common client error codes.



This example removes an authorization rule from a Client VPN endpoint.

Sample Request &ClientVpnEndpointId=cvpn-endpoint-00c5d11fc4EXAMPLE &TargetNetworkCidr= &RevokeAllGroups=true &AUTHPARAMS

Sample Response

<RevokeClientVpnIngressResponse xmlns=""> <requestId>691de4ea-32ef-447b-b4f8-d8463XAMPLE</requestId> <status> <code>revoking</code> </status> </RevokeClientVpnIngressResponse>

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: