I am preparing a script to update security group with myip and static string when ever i am running with different network connection .
sg.authorize_ingress(DryRun=False,IpPermissions=[{'IpProtocol': 'tcp','FromPort': 22,'ToPort': 22,'IpRanges': [{'CidrIp': 192.168.2.3/32}]}])
above authorize is working fine but if i add
sg.authorize_ingress(DryRun=False,IpPermissions=[{'IpProtocol': 'tcp','FromPort': 22,'ToPort': 22,'IpRanges': [{'CidrIp': 192.168.2.3/32,'Description': 'string'}]}])
As per the syntax if i apply description part it throws an error msg . whether it is possible to update each and every entry with description.
syntax:
'IpRanges': [
{
'CidrIp': 'string',
'Description': 'string'
}
I do it using the AWS Command-Line Interface (CLI) :
IP=`curl -s http://whatismyip.akamai.com/`
aws ec2 authorize-security-group-ingress --group-name "Foo-SG" --protocol tcp --port 22 --cidr $IP/32 --output text
aws ec2 authorize-security-group-ingress --group-name "Foo-SG" --protocol tcp --port 3389 --cidr $IP/32 --output text
However, I haven't tried it with the Description
parameter.
See: authorize-security-group-ingress — AWS CLI Command Reference
import boto3
aws_access_key_id = 'XXXXXXXXXXXXXXXXXXXXXXXXXX'
aws_secret_access_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
ec2 = boto3.resource('ec2', region_name='region_name', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key)
sg = "security group id"
security_group = ec2.SecurityGroup(sg)
add_ip = security_group.authorize_ingress(GroupId=sg,IpPermissions=[ {'IpProtocol': 'tcp','FromPort': 80,'ToPort': 80,'IpRanges':[{'CidrIp': '127.5.5.5/32', 'Description' : 'description'}]}])
Please try with above mentioned code . Because it's working fine for me . Hope it will work for you also .
Here is a general approach I use for boto3 to create ec2s and ssh in.
# Configure so you can SSH
ec2Client.modify_vpc_attribute( VpcId = vpc.id , EnableDnsSupport = { 'Value': DNS_SUPPORT })
ec2Client.modify_vpc_attribute( VpcId = vpc.id , EnableDnsHostnames = { 'Value': DNS_HOSTNAMES })
# Create a security group and allow SSH inbound rule through the VPC
securitygroup = ec2.create_security_group(
GroupName=SG_GROUP_NAME,
Description=SG_DESC,
VpcId=vpc.id
)
securitygroup.authorize_ingress(
IpPermissions=[
{'IpProtocol': SG_IP_PROTOCOL,
'FromPort': SG_FROM_PORT,
'ToPort': SG_TO_PORT,
'IpRanges': [{'CidrIp': SG_IP}]}
]
)
This is for ssh so:
SG_IP_PROTOCOL = 'tcp'
SG_FROM_PORT = 22
SG_TO_PORT = 22
SG_IP = 'XXX.XXX.XXX.XXX/32' # your specified IP address
where
ec2Client = boto3.client('ec2', region_name=aws_region)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.