无法使用boto3将非默认VPC的revoke_ingress撤消 [英] Cannot revoke_ingress for non-default VPC with boto3

问题描述

AWS Lambda/python 2.7/boto3

AWS Lambda / python 2.7 / boto3

我正在尝试从安全组( SG_we_are_working_with )的众多规则中撤消一条规则，但是会收到错误消息

I'm trying to revoke one rule out of many in a security group (SG_we_are_working_with) but receive error

调用时发生错误(InvalidGroup.NotFound)RevokeSecurityGroupIngress操作:安全组"sg-xxxxx"默认VPC'none'中不存在

An error occurred (InvalidGroup.NotFound) when calling the RevokeSecurityGroupIngress operation: The security group 'sg-xxxxx' does not exist in default VPC 'none'

该SG实际上不是默认的VPC，而是自定义的，但我明确提到了VPC ID！

The SG is really not in the default VPC but custom one, but I mention VPC id explicitly!

SG_we_are_working_with = 'sg-xxxxx'
SG_which_is_the_source_of_the_traffic = 'sg-11111111'
VpcId = 'vpc-2222222'

#first I load the group to find the necessary rule
ec2 = boto3.resource('ec2')
security_group = ec2.SecurityGroup(SG_we_are_working_with)
security_group.load()   # get current data

# here is loop over rules
for item in security_group.ip_permissions:

在这里我们取必要的项目，它类似于:

here we take the necessary item, it has something like:

{ 
"PrefixListIds": [], 
"FromPort": 6379, 
"IpRanges": [], 
"ToPort": 11211, 
"IpProtocol": "tcp", 
"UserIdGroupPairs": [ { 
    "UserId": "00111111111", 
    "Description": "my descr", 
    "GroupId": "sg-11111111" 
} ], 
"Ipv6Ranges": [] 
}

然后:

# now attempt to delete, the necessary data is in 'item' variable:
IpPermissions=[
    {
        'FromPort': item['FromPort'],
        'ToPort': item['ToPort'],
        'IpProtocol': 'tcp',
        'UserIdGroupPairs': [
            {
                'Description': item['UserIdGroupPairs'][0]["Description"],
                'GroupId': item['UserIdGroupPairs'][0]["GroupId"],
                'UserId': item['UserIdGroupPairs'][0]["UserId"],
                'VpcId': str(VpcId)
            },
        ]
    }
]
security_group.revoke_ingress(
    FromPort =  item['FromPort'],
    GroupName = SG_we_are_working_with,
    IpPermissions = IpPermissions,
    IpProtocol = 'tcp',
    SourceSecurityGroupName = SG_which_is_the_source_of_the_traffic,
    ToPort = item['ToPort']
)

我正在使用的文档为我在做什么错了?

谢谢.

推荐答案

除了最后一部分，以上所有代码都是正确的，不知道为什么文档中未对此进行解释.

All code above is correct except the last part, have no idea why it is not explained in the doc.

解决方案，使用问题中的代码:

Solution, using the code from the question:

security_group.revoke_ingress(
    IpPermissions = IpPermissions,
)

所有这些东西

FromPort =  item['FromPort'],
GroupName = SG_we_are_working_with,
IpProtocol = 'tcp',
SourceSecurityGroupName = SG_which_is_the_source_of_the_traffic,
ToPort = item['ToPort']

过多并导致了错误.

这篇关于无法使用boto3将非默认VPC的revoke_ingress撤消的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！