Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Modifying rules for a given EC2 security group with Boto3

Tags:

python

amazon-web-services

amazon-ec2

boto3

I have recently been working on programatically adding and removing ingress rules to security groups on my EC2 server. However, I now seem to have hit a bit of a wall.

I would like to be able to modify existing rules through a python script, but I haven't been able to find any guidance on the Boto3 docs.

Is there any way in which this can be done?

Thanks

like image 891
User588233 Avatar asked Jan 04 '16 14:01

User588233

People also ask

Can I assign multiple security groups to an EC2 instance?

When you associate multiple security groups with an instance, the rules from each security group are effectively aggregated to create one set of rules. Amazon EC2 uses this set of rules to determine whether to allow access. You can assign multiple security groups to an instance. Therefore, an instance can have hundreds of rules that apply.

How to modify a boto3 rule in securitygroup?

See Boto3:SecurityGroup There is no API to modify a rule in SG. You have to revoke the rule first and then add the rule with the modified parameters using authorize.

What is an Amazon EC2 Security Group?

An Amazon EC2 security group acts as a virtual firewall that controls the traffic for one or more instances. You add rules to each security group to allow traffic to or from its associated instances.

How to create an AWS EC2 instance using boto3?

Before creating an EC2 instance using Boto3, you have to set up an SSH key in your account. You must have an SSH key during the EC2 instance launch if you’re not using AWS Systems Manager and are willing to have remote access to your EC2 instance. In addition to that, you’ll need an SSH key to get the Windows EC2 instance password.

2 Answers

AWS has added new API(modify_security_group_rules) wherein security group rule can be modified. Below code for reference:

client = boto3.client('ec2')
sg_rules_list = [{'SecurityGroupRuleId': 'sgr-07de36a0521f39c8b',
                  'SecurityGroupRule': {
                      'IpProtocol': 'tcp',
                      'FromPort': 22,
                      'ToPort': 22,
                      'CidrIpv4': '3.3.3.3/32',
                      'Description': 'added ssh port'
                  }
                  }
                 ]
response = client.modify_security_group_rules(GroupId='sg-00f3b9232325b20fb',
                                              SecurityGroupRules=sg_rules_list)

More details on this on AWS blog: Easily Manage Security Group Rules with the New Security Group Rule ID

like image 133
Randhir Kumar Avatar answered Nov 07 '22 03:11

Randhir Kumar

See Boto3:SecurityGroup

There is no API to modify a rule in SG. You have to revoke the rule first and then add the rule with the modified parameters using authorize. The link also has code snippets.

  • authorize_egress()
  • authorize_ingress()
  • revoke_egress()
  • revoke_ingress()
like image 25
helloV Avatar answered Nov 07 '22 04:11

helloV
Sign in to Comment

Related questions

Why str(reversed(...)) doesn't give me the reversed string?
Multithreading with Python and C api
How to use Twisted to check Gmail with OAuth2.0 authentication
Pandas resample by first day in my data
psycopg2: How to execute vacuum postgresql query in python script
how to increment inside tuple in python?
argparse optional value for argument
howto get fit parameters from seaborn distplot fit=?
How to understand expression lists in Python
what is the functions type in python3 [duplicate]
how to run a basic mpi4py code
"ValueError: _type_ 'v' not supported" error after installing PyReadline
Charts from Excel to PowerPoint with Python
"ImportError: cannot import name StanfordNERTagger" in NLTK
How to access the next and the previous elements in a Django template forloop?
Python Performance: remove item from list [duplicate]
Raw unicode literal that is valid in Python 2 and Python 3?
openCV equivalent of a PIL resize ANTIALIAS?
Checking a List for a Sequence
Descriptions of Boto3 ClientMethods

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!