[英]Revoke all security group ingress rules (with source security groups)
I have an ec2.SecurityGroup that I'd like to delete all rules from.我有一个 ec2.SecurityGroup 我想从中删除所有规则。 I am having trouble removing the default ingress rule for the group, where the source is the security group's ID:
我无法删除组的默认入口规则,其中源是安全组的 ID:
I do so this way, using the Go SDK:我这样做,使用 Go SDK:
for _, perm := sg.IpPermissions {
for _, pair := range perm.UserIdGroupPairs {
service.RevokeSecurityGroupIngress(&ec2.RevokeSecurityGroupIngressInput{
SourceSecurityGroupName: pair.GroupId,
IpProtocol: perm.IpProtocol,
SourceSecurityGroupOwnerId: pair.UserId,
GroupId: sg.GroupId,
});
}
}
However, this produces an error: "VPCIdNotSpecified: No default VPC for this user".但是,这会产生错误:“VPCIdNotSpecified: No default VPC for this user”。
How am I supposed to revoke this rule, and ALL others?我应该如何撤销这条规则,以及所有其他规则? Go is preferred in answers but a way to accomplish this in any language would be appreciated.
Go 在答案中是首选,但以任何语言实现此目的的方法将不胜感激。
I'm not a Go person, but here's some equivalent Python code:我不是 Go 人,但这里有一些等效的 Python 代码:
import boto3
ec2_client = boto3.client('ec2')
response = ec2_client.describe_security_groups(GroupIds=['sg-xxx'])
for group in response['SecurityGroups']:
ec2_client.revoke_security_group_ingress(GroupId=group['GroupId'], IpPermissions = group['IpPermissions'])
Notice that the IpPermissions
object returned from describe_security_groups()
can be passed directly into revoke_security_group_ingress()
.请注意,从
describe_security_groups()
返回的IpPermissions
object 可以直接传递到revoke_security_group_ingress()
中。 Hopefully you can do the same thing in Go.希望您可以在 Go 中做同样的事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.