Aws Security Group rule deletion via revoke in boto3

Question

I wrote a script to delete a rule in a security group. Not all the rules, only the rule with 0.0.0.0/0 cidr block. I am trying to use ec2.revoke_security_group_ingress , but the parameters mentioned in the boto3 documentation, that I am no able to put my conditions like that.

The line I am talking about is:

response = ec2.revoke_security_group_ingress(GroupId=group_id,GroupName=group_name,IpPermissions=inbound[{'IpRanges': ip[{'CidrIp': cidr}]])

Here I am getting this error:

Response:
{
  "errorMessage": "Syntax error in module 'lambda_function': invalid syntax (lambda_function.py, line 29)",
  "errorType": "Runtime.UserCodeSyntaxError",
  "stackTrace": [
    "  File \"/var/task/lambda_function.py\" Line 29\n              response = ec2.revoke_security_group_ingress(GroupId=group_id,GroupName=group_name,IpPermissions=inbound{'IpRanges': ip{'CidrIp': cidr}}])\n"
  ]
}

If I am trying this:

response = ec2.revoke_security_group_ingress(group_id,group_name,inbound[ip[cidr]])

I am getting this error:

Response:
{
  "errorMessage": "list indices must be integers or slices, not str",
  "errorType": "TypeError",
  "stackTrace": [
    "  File \"/var/task/lambda_function.py\", line 31, in lambda_handler\n    response = ec2.revoke_security_group_ingress(group_id,group_name,inbound[ip[cidr]])\n"
  ]
}

I know there are some basic list to dictionary or dictionary to list error, but I can not understand how to resolve this. Can any one help?

Answer 1

Instead of all this, I tried this.

response = ec2.revoke_security_group_ingress(CidrIp=cidr,GroupId=group_id,IpProtocol=protocol,FromPort=fromport,ToPort=toport)

But be careful, you default security group will make trouble as it does not contain any value. remember to opt it out from your code or deal with it with error handling.