If you have authorized internal network communication between ECS instances across different accounts within the same region, you can revoke security group authorization by calling the API operation.
Prerequisites
- An Alibaba Cloud account is created. To create an Alibaba Cloud account, go to the Alibaba Cloud official website.
- Alibaba Cloud Command-Line Interface (CLI) is installed for the ECS instance. For information about how to install Alibaba Cloud CLI in different operating systems, see the following topics:
Background information
In this topic, the RevokeSecurityGroup operation is used to revoke authorized security group rules. Before you start, you
must prepare the following information:
- Account name: the name of the account that you use to log on to the ECS console.
- Security group IDs of the ECS instances: the IDs of the security groups to which the
instances involved belong.
You can query the security group IDs in the ECS console or by calling the DescribeSecurityGroupReferences operation.
- Region IDs of the ECS instances: See Regions and zones. cn-beijing is used in this example.
Assume that the information of the two accounts is as follows.
Account | Account name | Security group | Security group ID |
---|---|---|---|
Account A | a@aliyun.com | sg1 | sg-bp1azkttqpldxgtedXXX |
Account B | b@aliyun.com | sg2 | sg-bp15ed6xe1yxeycg7XXX |