I have recently been working on programatically adding and removing ingress rules to security groups on my EC2 server. However, I now seem to have hit a bit of a wall.
I would like to be able to modify existing rules through a python script, but I haven't been able to find any guidance on the Boto3 docs.
Is there any way in which this can be done?
Thanks
Seems like there are no way to modify security group rule. You have to delete the old one:
security_group.revoke_ingress(IpProtocol="tcp", CidrIp="0.0.0.0/0", FromPort=3306, ToPort=3306)
and add the new one:
security_group.authorize_ingress(IpProtocol="tcp",CidrIp="0.0.0.0/0",FromPort=3306,ToPort=3306)
Hope it help.
AWS has added new API( modify_security_group_rules ) wherein security group rule can be modified. Below code for reference:
import boto3
client = boto3.client('ec2')
sg_rules_list = [{'SecurityGroupRuleId': 'sgr-07de36a0521f39c8b',
'SecurityGroupRule': {
'IpProtocol': 'tcp',
'FromPort': 22,
'ToPort': 22,
'CidrIpv4': '3.3.3.3/32',
'Description': 'added ssh port'
}
}
]
response = client.modify_security_group_rules(GroupId='sg-00f3b9232325b20fb',
SecurityGroupRules=sg_rules_list)
More details on this on AWS blog: Easily Manage Security Group Rules with the New Security Group Rule ID
There is no API to modify a rule in SG. You have to revoke the rule first and then add the rule with the modified parameters using authorize. The link also has code snippets.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.