boto3 update_security_group_rule_descriptions_ingress 错误
boto3 update_security_group_rule_descriptions_ingress error
我在使用 boto3 更新安全组入口 IP 时遇到错误:
botocore.exceptions.ClientError: An error occurred (InvalidPermission.NotFound) when calling the UpdateSecurityGroupRuleDescriptionsIngress operation: The specified rule does not exist in this security group.
我的代码如下:
def get_security_group_detail(name, client=None):
if not client:
client = boto3.client = boto3.client(
'ec2',
region_name=config.aws_region,
aws_secret_access_key=config.aws_secret_access_key,
aws_access_key_id=config.aws_access_key_id
)
response = client.describe_security_groups(
Filters=[
{'Name': 'group-name', 'Values': [name]}
])
return response['SecurityGroups'][0]
def update_security_group_ingress_ip(name, ip_list, client=None):
if not client:
client = boto3.client = boto3.client(
'ec2',
region_name=config.aws_region,
aws_secret_access_key=config.aws_secret_access_key,
aws_access_key_id=config.aws_access_key_id
)
new_ip_list = []
for ip in ip_list:
new_ip_list.append({'CidrIp': ip})
sg = get_security_group_detail(name, client)
group_id = sg['GroupId']
ip_permission = sg['IpPermissions']
for rule in ip_permission:
rule['IpRanges'] += new_ip_list
if len(rule['UserIdGroupPairs']) == 0:
rule['UserIdGroupPairs'] = [{
'GroupId': group_id,
'GroupName': sg['GroupName'],
'VpcId': sg['VpcId']
}]
response = client.update_security_group_rule_descriptions_ingress(
DryRun=False,
GroupId=group_id,
IpPermissions=ip_permission
)
return response
如documentation所述。我已经提供了 GroupId,因为我需要更新的安全组并不总是在默认 VPC 中,但我仍然遇到错误。
我尝试在每个 IpPermissions 中的 UserIdGroupPairs 中添加 VpcId 但没有帮助。
鉴于我正确理解了您代码的意图,在我看来您使用了错误的方法:
update_security_group_rule_descriptions_ingress() 用于更新现有 入口规则的描述。
如果您的目标是向群组添加入口规则,请查看 authorize_security_group_ingress()。
我在使用 boto3 更新安全组入口 IP 时遇到错误:
botocore.exceptions.ClientError: An error occurred (InvalidPermission.NotFound) when calling the UpdateSecurityGroupRuleDescriptionsIngress operation: The specified rule does not exist in this security group.
我的代码如下:
def get_security_group_detail(name, client=None):
if not client:
client = boto3.client = boto3.client(
'ec2',
region_name=config.aws_region,
aws_secret_access_key=config.aws_secret_access_key,
aws_access_key_id=config.aws_access_key_id
)
response = client.describe_security_groups(
Filters=[
{'Name': 'group-name', 'Values': [name]}
])
return response['SecurityGroups'][0]
def update_security_group_ingress_ip(name, ip_list, client=None):
if not client:
client = boto3.client = boto3.client(
'ec2',
region_name=config.aws_region,
aws_secret_access_key=config.aws_secret_access_key,
aws_access_key_id=config.aws_access_key_id
)
new_ip_list = []
for ip in ip_list:
new_ip_list.append({'CidrIp': ip})
sg = get_security_group_detail(name, client)
group_id = sg['GroupId']
ip_permission = sg['IpPermissions']
for rule in ip_permission:
rule['IpRanges'] += new_ip_list
if len(rule['UserIdGroupPairs']) == 0:
rule['UserIdGroupPairs'] = [{
'GroupId': group_id,
'GroupName': sg['GroupName'],
'VpcId': sg['VpcId']
}]
response = client.update_security_group_rule_descriptions_ingress(
DryRun=False,
GroupId=group_id,
IpPermissions=ip_permission
)
return response
如documentation所述。我已经提供了 GroupId,因为我需要更新的安全组并不总是在默认 VPC 中,但我仍然遇到错误。
我尝试在每个 IpPermissions 中的 UserIdGroupPairs 中添加 VpcId 但没有帮助。
鉴于我正确理解了您代码的意图,在我看来您使用了错误的方法:
update_security_group_rule_descriptions_ingress() 用于更新现有 入口规则的描述。
如果您的目标是向群组添加入口规则,请查看 authorize_security_group_ingress()。