stackoom
  简体   繁体   中英

boto3 update_security_group_rule_descriptions_ingress error

 原文  2018-01-18 08:48:57       python/ amazon-web-services/ amazon-ec2/ boto/ boto3

Question

I get error using boto3 to update security group ingress IP:

botocore.exceptions.ClientError: An error occurred (InvalidPermission.NotFound) when calling the UpdateSecurityGroupRuleDescriptionsIngress operation: The specified rule does not exist in this security group.

My code look like: 

def get_security_group_detail(name, client=None):
    if not client:
        client = boto3.client = boto3.client(
            'ec2',
            region_name=config.aws_region,
            aws_secret_access_key=config.aws_secret_access_key,
            aws_access_key_id=config.aws_access_key_id
        )
    response = client.describe_security_groups(
        Filters=[
            {'Name': 'group-name', 'Values': [name]}
        ])
    return response['SecurityGroups'][0]

def update_security_group_ingress_ip(name, ip_list, client=None):
    if not client:
        client = boto3.client = boto3.client(
            'ec2',
            region_name=config.aws_region,
            aws_secret_access_key=config.aws_secret_access_key,
            aws_access_key_id=config.aws_access_key_id
        )
    new_ip_list = []
    for ip in ip_list:
        new_ip_list.append({'CidrIp': ip})

    sg = get_security_group_detail(name, client)
    group_id = sg['GroupId']
    ip_permission = sg['IpPermissions']

    for rule in ip_permission:
        rule['IpRanges'] += new_ip_list
        if len(rule['UserIdGroupPairs']) == 0:
            rule['UserIdGroupPairs'] = [{
                'GroupId': group_id,
                'GroupName': sg['GroupName'],
                'VpcId': sg['VpcId']
            }]

    response = client.update_security_group_rule_descriptions_ingress(
        DryRun=False,
        GroupId=group_id,
        IpPermissions=ip_permission
    )
    return response

As the documentation mentioned. I already provide GroupId because the Security Group I need to update not always in default VPC but I still get error.

I tried to add VpcId in UserIdGroupPairs inside each IpPermissions but didn't help.

1 answers

solution1
 3 ACCPTED  2018-01-18 09:44:42

Given I understand the intent of your code correctly, it seems to me you are using the wrong method: update_security_group_rule_descriptions_ingress() is used to update the Description of an existing ingress rule. If your goal is to add an ingress rule to a group, look at authorize_security_group_ingress() instead.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use revoke_ingress method of boto3 to remove a particular security group from inbound rules Descriptions of Boto3 ClientMethods authorize aws security group using python boto3 with description for each ingress Boto3 delete security group by group id how to create an ingress rule with the source being an sg in boto3 Adding a list of security groups using Boto3 gives error "The security group does not exist" unable to check and create aws security group with boto3 Boto3 How to add a security group to an ec2 instance boto3 aws remove all inbound security group rules Create security group tags using Python boto3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM