aws ec2 revoke-security-group-egress is giving errors

Question

aws ec2 revoke-security-group-egress --group-id sg-xxxxxxx --protocol tcp --port 443 --cidr 175.41.128.0/18

Error:

A client error (InvalidPermission.NotFound) occurred when calling the RevokeSecurityGroupEgress operation: The specified rule does not exist in this security group.

I have tried with --ip-permissions

aws ec2 revoke-security-group-egress --group-id sg-wwwwwwww --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 443, "ToPort": 443, "IpRanges": [{"CidrIp": "175.41.128.0/18"}]}]'

Error:

A client error (InvalidPermission.NotFound) occurred when calling the RevokeSecurityGroupEgress operation: The specified rule does not exist in this security group.

Answer 1

The response means that the rule you're trying to remove is not present within the security group. Maybe it was already removed. I see you pasted the full error message in the comment above:

The specified rule does not exist in this security group.

So try adding the rule, run the command to remove it, and see if you still get the same error.

Amazon's response error code is definitely confusing in this case, since it contains both "InvalidPermission" (which makes you think you're doing something wrong) and "NotFound". In this case, the "NotFound" is the important part.

Answer 2

Suppose you set AWS access key properly. when run aws cli command, always remember to add region, if not on default region.

--region eu-central-1 

If you can set boto, and run below commands, what did you get?

import boto.ec2
conn = boto.ec2.connect_to_region('<REPLACE_IT>')
conn.get_all_security_groups()