无法使用boto3将非默认VPC的revoke_ingress撤消 [英] Cannot revoke_ingress for non-default VPC with boto3
问题描述
AWS Lambda/python 2.7/boto3
AWS Lambda / python 2.7 / boto3
我正在尝试从安全组( SG_we_are_working_with
)的众多规则中撤消一条规则,但是会收到错误消息
I'm trying to revoke one rule out of many in a security group (SG_we_are_working_with
) but receive error
调用时发生错误(InvalidGroup.NotFound)RevokeSecurityGroupIngress操作:安全组"sg-xxxxx"默认VPC'none'中不存在
An error occurred (InvalidGroup.NotFound) when calling the RevokeSecurityGroupIngress operation: The security group 'sg-xxxxx' does not exist in default VPC 'none'
该SG实际上不是默认的VPC,而是自定义的,但我明确提到了VPC ID!
The SG is really not in the default VPC but custom one, but I mention VPC id explicitly!
SG_we_are_working_with = 'sg-xxxxx'
SG_which_is_the_source_of_the_traffic = 'sg-11111111'
VpcId = 'vpc-2222222'
#first I load the group to find the necessary rule
ec2 = boto3.resource('ec2')
security_group = ec2.SecurityGroup(SG_we_are_working_with)
security_group.load() # get current data
# here is loop over rules
for item in security_group.ip_permissions:
在这里我们取必要的项目,它类似于:
here we take the necessary item, it has something like:
{
"PrefixListIds": [],
"FromPort": 6379,
"IpRanges": [],
"ToPort": 11211,
"IpProtocol": "tcp",
"UserIdGroupPairs": [ {
"UserId": "00111111111",
"Description": "my descr",
"GroupId": "sg-11111111"
} ],
"Ipv6Ranges": []
}
然后:
# now attempt to delete, the necessary data is in 'item' variable:
IpPermissions=[
{
'FromPort': item['FromPort'],
'ToPort': item['ToPort'],
'IpProtocol': 'tcp',
'UserIdGroupPairs': [
{
'Description': item['UserIdGroupPairs'][0]["Description"],
'GroupId': item['UserIdGroupPairs'][0]["GroupId"],
'UserId': item['UserIdGroupPairs'][0]["UserId"],
'VpcId': str(VpcId)
},
]
}
]
security_group.revoke_ingress(
FromPort = item['FromPort'],
GroupName = SG_we_are_working_with,
IpPermissions = IpPermissions,
IpProtocol = 'tcp',
SourceSecurityGroupName = SG_which_is_the_source_of_the_traffic,
ToPort = item['ToPort']
)
我正在使用的文档为我在做什么错了?
谢谢.
推荐答案
除了最后一部分,以上所有代码都是正确的,不知道为什么文档中未对此进行解释.
All code above is correct except the last part, have no idea why it is not explained in the doc.
解决方案,使用问题中的代码:
Solution, using the code from the question:
security_group.revoke_ingress(
IpPermissions = IpPermissions,
)
所有这些东西
FromPort = item['FromPort'],
GroupName = SG_we_are_working_with,
IpProtocol = 'tcp',
SourceSecurityGroupName = SG_which_is_the_source_of_the_traffic,
ToPort = item['ToPort']
过多并导致了错误.
这篇关于无法使用boto3将非默认VPC的revoke_ingress撤消的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!