Skip to content

/AWS1/IF_EC2=>REVOKECLIENTVPNINGRESS()

About RevokeClientVpnIngress

Removes an ingress authorization rule from a Client VPN endpoint.

Method Signature

METHODS /AWS1/IF_EC2~REVOKECLIENTVPNINGRESS
  IMPORTING
    !IV_CLIENTVPNENDPOINTID TYPE /AWS1/EC2CLIENTVPNENDPOINTID OPTIONAL
    !IV_TARGETNETWORKCIDR TYPE /AWS1/EC2STRING OPTIONAL
    !IV_ACCESSGROUPID TYPE /AWS1/EC2STRING OPTIONAL
    !IV_REVOKEALLGROUPS TYPE /AWS1/EC2BOOLEAN OPTIONAL
    !IV_DRYRUN TYPE /AWS1/EC2BOOLEAN OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_ec2rvkeclivpningrslt
  RAISING
    /AWS1/CX_EC2CLIENTEXC
    /AWS1/CX_EC2SERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_clientvpnendpointid TYPE /AWS1/EC2CLIENTVPNENDPOINTID /AWS1/EC2CLIENTVPNENDPOINTID

The ID of the Client VPN endpoint with which the authorization rule is associated.

iv_targetnetworkcidr TYPE /AWS1/EC2STRING /AWS1/EC2STRING

The IPv4 address range, in CIDR notation, of the network for which access is being removed.

Optional arguments:

iv_accessgroupid TYPE /AWS1/EC2STRING /AWS1/EC2STRING

The ID of the Active Directory group for which to revoke access.

iv_revokeallgroups TYPE /AWS1/EC2BOOLEAN /AWS1/EC2BOOLEAN

Indicates whether access should be revoked for all groups for a single TargetNetworkCidr that earlier authorized ingress for all groups using AuthorizeAllGroups. This does not impact other authorization rules that allowed ingress to the same TargetNetworkCidr with a specific AccessGroupId.

iv_dryrun TYPE /AWS1/EC2BOOLEAN /AWS1/EC2BOOLEAN

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

RETURNING

oo_output TYPE REF TO /aws1/cl_ec2rvkeclivpningrslt /AWS1/CL_EC2RVKECLIVPNINGRSLT

Domain /AWS1/RT_ACCOUNT_ID
Primitive Type NUMC

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->revokeclientvpningress(
  iv_accessgroupid = |string|
  iv_clientvpnendpointid = |string|
  iv_dryrun = ABAP_TRUE
  iv_revokeallgroups = ABAP_TRUE
  iv_targetnetworkcidr = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lo_clientvpnauthorizationr = lo_result->get_status( ).
  IF lo_clientvpnauthorizationr IS NOT INITIAL.
    lv_clientvpnauthorizationr_1 = lo_clientvpnauthorizationr->get_code( ).
    lv_string = lo_clientvpnauthorizationr->get_message( ).
  ENDIF.
ENDIF.