Modifying rules for a given EC2 security group with Boto3

Question

I have recently been working on programatically adding and removing ingress rules to security groups on my EC2 server. However, I now seem to have hit a bit of a wall.

I would like to be able to modify existing rules through a python script, but I haven't been able to find any guidance on the Boto3 docs.

Is there any way in which this can be done?

Thanks

Answer 1

AWS has added new API(modify_security_group_rules) wherein security group rule can be modified. Below code for reference:

client = boto3.client('ec2')
sg_rules_list = [{'SecurityGroupRuleId': 'sgr-07de36a0521f39c8b',
                  'SecurityGroupRule': {
                      'IpProtocol': 'tcp',
                      'FromPort': 22,
                      'ToPort': 22,
                      'CidrIpv4': '3.3.3.3/32',
                      'Description': 'added ssh port'
                  }
                  }
                 ]
response = client.modify_security_group_rules(GroupId='sg-00f3b9232325b20fb',
                                              SecurityGroupRules=sg_rules_list)

More details on this on AWS blog: Easily Manage Security Group Rules with the New Security Group Rule ID

Answer 2

See Boto3:SecurityGroup

There is no API to modify a rule in SG. You have to revoke the rule first and then add the rule with the modified parameters using authorize. The link also has code snippets.

• authorize_egress()
• authorize_ingress()
• revoke_egress()
• revoke_ingress()