I get error using boto3 to update security group ingress IP:
botocore.exceptions.ClientError: An error occurred (InvalidPermission.NotFound) when calling the UpdateSecurityGroupRuleDescriptionsIngress operation: The specified rule does not exist in this security group.
My code look like:
def get_security_group_detail(name, client=None):
if not client:
client = boto3.client = boto3.client(
'ec2',
region_name=config.aws_region,
aws_secret_access_key=config.aws_secret_access_key,
aws_access_key_id=config.aws_access_key_id
)
response = client.describe_security_groups(
Filters=[
{'Name': 'group-name', 'Values': [name]}
])
return response['SecurityGroups'][0]
def update_security_group_ingress_ip(name, ip_list, client=None):
if not client:
client = boto3.client = boto3.client(
'ec2',
region_name=config.aws_region,
aws_secret_access_key=config.aws_secret_access_key,
aws_access_key_id=config.aws_access_key_id
)
new_ip_list = []
for ip in ip_list:
new_ip_list.append({'CidrIp': ip})
sg = get_security_group_detail(name, client)
group_id = sg['GroupId']
ip_permission = sg['IpPermissions']
for rule in ip_permission:
rule['IpRanges'] += new_ip_list
if len(rule['UserIdGroupPairs']) == 0:
rule['UserIdGroupPairs'] = [{
'GroupId': group_id,
'GroupName': sg['GroupName'],
'VpcId': sg['VpcId']
}]
response = client.update_security_group_rule_descriptions_ingress(
DryRun=False,
GroupId=group_id,
IpPermissions=ip_permission
)
return response
As the documentation mentioned. I already provide GroupId
because the Security Group I need to update not always in default VPC but I still get error.
I tried to add VpcId
in UserIdGroupPairs
inside each IpPermissions
but didn't help.
Given I understand the intent of your code correctly, it seems to me you are using the wrong method: update_security_group_rule_descriptions_ingress()
is used to update the Description of an existing ingress rule. If your goal is to add an ingress rule to a group, look at authorize_security_group_ingress()
instead.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.