user3299633
Reputation: 3390
Cant revoke ingress with boto3 on TCP range
This is my code snippet I'm using:
import boto3
ip_check_list = [
"1.2.3.4/32",
"5.6.7.8/32",
]
for region in ['us-east-1']:
client = boto3.client('ec2',region_name=region)
paginator = client.get_paginator('describe_security_groups')
page_iterator = paginator.paginate()
for page in page_iterator:
for sg in page['SecurityGroups']:
for lb in sg['IpPermissions']:
for ip in lb['IpRanges']:
from_port = lb.get('FromPort')
to_port = lb.get('ToPort')
ip_proto=lb['IpProtocol']
if sg['GroupId'] == 'sg-12345' and ip['CidrIp'] in ip_check_list:
try:
if from_port:
response = client.revoke_security_group_ingress (
GroupId=sg['GroupId'],
IpPermissions=[
{
'FromPort': from_port,
'ToPort': to_port,
'IpProtocol': ip_proto,
'IpRanges': [
{
'CidrIp': ip['CidrIp']
}
]
}
]
)
else:
response = client.revoke_security_group_ingress (
GroupId=sg['GroupId'],
IpPermissions=[
{
'IpProtocol': ip_proto,
'IpRanges': [
{
'CidrIp': ip['CidrIp']
}
]
}
]
)
except Exception as e:
print e
print sg['GroupId']
However I get the following error:
An error occurred (InvalidParameterValue) when calling the RevokeSecurityGroupIngress operation: Invalid value 'Must specify both from and to ports with TCP/UDP.' for portRange.
The SG rule in question:
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 0,
"IpRanges": [
{
"CidrIp": "1.2.3.4/32"
}
],
"ToPort": 65535,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
}
],
* EDIT *: Found my error, when I was checking "if from_port" I wasn't accommodating the the valid value of 0, so the block was getting inadvertently skipped.
Upvotes: 0
Views: 230
Answers (2)
user3299633
Reputation: 3390
Found my error, when I was checking "if from_port" I wasn't accommodating the the valid value of 0, so the block was getting inadvertently skipped.
Upvotes: 0
Related Questions
- how to use boto3 authorize_security_group_ingress to add a rule between two security groups in non default VPC
- Boto3 Adding an Inbound Rule to a Security Group in a Non Default VPC
- Getting an error when trying to block public access with boto3
- authorize aws security group using python boto3 with description for each ingress
- how to create an ingress rule with the source being an sg in boto3
- How to use revoke_ingress method of boto3 to remove a particular security group from inbound rules
- Aws Security Group rule deletion via revoke in boto3
- boto3 aws remove all inbound security group rules
- boto3 update_security_group_rule_descriptions_ingress error
- How to add inbound rule to AWS default VPC security group using boto