Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python Boto AWS Remove VPC Security Group Rules

I'm currently automating the build of an AWS VPC but wish to remove the default rules added to the security group created with the VPC. I can view security group rules like so:

for security_group in vpc_connection.get_all_security_groups(): for rule in vpc_security_group.rules: print dir(rule)

I'd be grateful if anyone could tell me or give me an example of how to remove the default rules from the VPC.

From the API documentation I can see that there are a few methods such as:

boto.ec2.connection.revoke_security_group()

However I am not clear on what needs to be passed in as arguments if this is indeed the correct method.

Many thanks

H

like image 271
Huw Avatar asked Jul 07 '14 14:07

Huw


People also ask

How do I remove an instance security Group in AWS?

To delete a security groupOpen the Amazon EC2 console at https://console.aws.amazon.com/ec2/ . In the navigation pane, choose Security Groups. Select a security group and choose Actions, Delete Security Group. Choose Yes, Delete.

Can we change default security group rules in AWS?

You can add or remove inbound and outbound rules for any default security group. You can't delete a default security group.


1 Answers

I figured this out in the end:

for rule in vpc_security_group.rules:
    for grant in rule.grants:
        ec2_connection.revoke_security_group(group_id=vpc_security_group.id, ip_protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, src_security_group_group_id=grant.group_id, cidr_ip=grant.cidr_ip)

for rule in vpc_security_group.rules_egress:
    for grant in rule.grants:
        ec2_connection.revoke_security_group_egress(vpc_security_group.id, rule.ip_protocol, rule.from_port, rule.to_port, grant.group_id, grant.cidr_ip)
like image 109
Huw Avatar answered Sep 17 '22 06:09

Huw