There's no API call that will modify the rule in place; they're immutable. You can only authorize or revoke security group ingress/egress rules.
Here's an example of adding the a security group ingress (assuming this is for a VPC and not the old style EC2 or your default VPC. If it is the latter, you can use --group-name instead of --group-id):
aws ec2 authorize-security-group-ingress --group-id sg-xxxxxxxx --protocol tcp --ports 443 --cidr "0.0.0.0/0"
Modify the security group ID, ports, protocol, and cidr as needed. There's also an option to pass in --ip-permissions for adding multiple rules at once, but the syntax isn't as clean.
Once you've authorized the appropriate ingress rule, revoke the old one (if it exists):
aws ec2 revoke-security-group-ingress --group-id sg-xxxxxxxx --protocol tcp --port 80 --cidr "0.0.0.0/0"
Review the following ec2 subcommands on the AWS CLI page for more information:
- authorize-security-group-egress
- authorize-security-group-ingress
- revoke-security-group-egress
- revoke-security-group-ingress
AWS CLI EC2 commands