stackoom
  简体   繁体   中英

authorize aws security group using python boto3 with description for each ingress

 原文  2018-05-25 14:24:59       python/ boto3/ aws-security-group

Question

I am preparing a script to update security group with myip and static string when ever i am running with different network connection .

sg.authorize_ingress(DryRun=False,IpPermissions=[{'IpProtocol': 'tcp','FromPort': 22,'ToPort': 22,'IpRanges': [{'CidrIp': 192.168.2.3/32}]}])

above authorize is working fine but if i add

sg.authorize_ingress(DryRun=False,IpPermissions=[{'IpProtocol': 'tcp','FromPort': 22,'ToPort': 22,'IpRanges': [{'CidrIp': 192.168.2.3/32,'Description': 'string'}]}])

As per the syntax if i apply description part it throws an error msg . whether it is possible to update each and every entry with description.

syntax:

'IpRanges': [
                {
                    'CidrIp': 'string',
                    'Description': 'string'
                }

3 answers

solution1
 1  2018-05-26 01:16:16

I do it using the AWS Command-Line Interface (CLI) :

IP=`curl -s http://whatismyip.akamai.com/`
aws ec2 authorize-security-group-ingress --group-name "Foo-SG" --protocol tcp --port 22   --cidr $IP/32 --output text
aws ec2 authorize-security-group-ingress --group-name "Foo-SG" --protocol tcp --port 3389 --cidr $IP/32 --output text

However, I haven't tried it with the Description parameter.

See: authorize-security-group-ingress — AWS CLI Command Reference

solution2
 1  2018-10-25 16:38:41

import boto3

aws_access_key_id = 'XXXXXXXXXXXXXXXXXXXXXXXXXX'

aws_secret_access_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

ec2 = boto3.resource('ec2', region_name='region_name', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key)

sg = "security group id"

security_group = ec2.SecurityGroup(sg)

add_ip = security_group.authorize_ingress(GroupId=sg,IpPermissions=[ {'IpProtocol': 'tcp','FromPort': 80,'ToPort': 80,'IpRanges':[{'CidrIp': '127.5.5.5/32', 'Description' : 'description'}]}])

Please try with above mentioned code . Because it's working fine for me . Hope it will work for you also .

solution3
 0  2020-06-10 22:29:41

Here is a general approach I use for boto3 to create ec2s and ssh in.

# Configure so you can SSH
ec2Client.modify_vpc_attribute( VpcId = vpc.id , EnableDnsSupport = { 'Value': DNS_SUPPORT })
ec2Client.modify_vpc_attribute( VpcId = vpc.id , EnableDnsHostnames = { 'Value': DNS_HOSTNAMES })

# Create a security group and allow SSH inbound rule through the VPC
securitygroup = ec2.create_security_group(
    GroupName=SG_GROUP_NAME,
    Description=SG_DESC,
    VpcId=vpc.id
)

securitygroup.authorize_ingress(
    IpPermissions=[
        {'IpProtocol': SG_IP_PROTOCOL,
         'FromPort': SG_FROM_PORT,
         'ToPort': SG_TO_PORT,
         'IpRanges': [{'CidrIp': SG_IP}]}
    ]
)

This is for ssh so:

SG_IP_PROTOCOL = 'tcp'
   SG_FROM_PORT = 22
   SG_TO_PORT = 22
   SG_IP = 'XXX.XXX.XXX.XXX/32' # your specified IP address

where

    ec2Client = boto3.client('ec2', region_name=aws_region)

AWS Boto3 Documentation

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Create security group tags using Python boto3 boto3 update_security_group_rule_descriptions_ingress error How do I access a parameter's description in AWS parameter store, using boto3 in python? boto3 aws remove all inbound security group rules unable to check and create aws security group with boto3 Create AWS SG using python boto3 Put in AWS Dynamo using python Boto3 aws python boto3 is not returning the right number of security groups How to use revoke_ingress method of boto3 to remove a particular security group from inbound rules Return and Print JSON Dictionary from AWS IAM Group using Python / Boto3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM