AWS - boto3 - boto3.resource('ec2').SecurityGroup('id')
EC2 - client
Table of Contents
- EC2
- Client
- Paginators
- Waiters
- Service Resource
- ClassicAddress
- DhcpOptions
- Image
- Instance
- InternetGateway
- KeyPair
- KeyPairInfo
- NetworkAcl
- NetworkInterface
- NetworkInterfaceAssociation
- PlacementGroup
- Route
- RouteTable
- RouteTableAssociation
- SecurityGroup
- Snapshot
- Subnet
- Tag
- Volume
- Vpc
- VpcPeeringConnection
- VpcAddress
EC2 - SecurityGroup
class EC2.SecurityGroup(id)
A resource representing an Amazon Elastic Compute Cloud (EC2) SecurityGroup:
1
2
3
4
import boto3
ec2resource = boto3.resource('ec2')
security_group = ec2resource.SecurityGroup('id')
available actions:
- authorize_egress()
- authorize_ingress()
- create_tags()
- delete()
- get_available_subresources()
- load()
- reload()
- revoke_egress()
- revoke_ingress()
Actions
authorize_egress(kwargs_)
- authorize_egress
- [VPC only] Adds the specified egress rules to a security group for use with a VPC.
- An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances associated with the specified destination security groups.
- authorize_ingress(kwargs_)
- Adds the specified ingress rules to a security group.
- An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address ranges, or from the instances associated with the specified destination security groups.
- specify a protocol for each rule (for example, TCP).
- For the TCP and UDP protocols, you must also specify the destination port or port range.
- For the ICMP protocol, you must also specify the ICMP type and code.
- You can use -1 for the type or code to mean all types or all codes.
Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.
Request Syntax
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
response = security_group.authorize_egress(
DryRun=True|False,
IpPermissions=[
# (_list_) -- The sets of IP permissions.
# You can't specify a destination security group and a CIDR IP address range in the same set of permissions.
{
'FromPort': 123,
'IpProtocol': 'string',
'IpRanges': [
# The IPv4 ranges.
{
'CidrIp': 'string',
'Description': 'string'
},
],
'Ipv6Ranges': [
# The IPv6 ranges.
{
'CidrIpv6': 'string',
'Description': 'string'
},
],
'PrefixListIds': [
{
'Description': 'string',
'PrefixListId': 'string'
# The ID of the prefix.
},
],
'ToPort': 123,
'UserIdGroupPairs': [
{
'Description': 'string',
'GroupId': 'string',
'GroupName': 'string',
'PeeringStatus': 'string',
# The status of a VPC peering connection, if applicable.
'UserId': 'string',
# The ID of an AWS account.
'VpcId': 'string',
'VpcPeeringConnectionId': 'string'
},
]
},
],
CidrIp='string',
FromPort=123,
IpProtocol='string',
ToPort=123,
SourceSecurityGroupName='string',
SourceSecurityGroupOwnerId='string'
)
response = ec2security_group.authorize_ingress(
DryRun=True|False
CidrIp='string',
FromPort=123,
GroupName='string',
IpPermissions=[
{
'FromPort': 123,
'IpProtocol': 'string',
'IpRanges': [
{
'CidrIp': 'string',
'Description': 'string'
},
],
'Ipv6Ranges': [
{
'CidrIpv6': 'string',
'Description': 'string'
},
],
'PrefixListIds': [
{
'Description': 'string',
'PrefixListId': 'string'
},
],
'ToPort': 123,
'UserIdGroupPairs': [
{
'Description': 'string',
'GroupId': 'string',
'GroupName': 'string',
'PeeringStatus': 'string',
'UserId': 'string',
'VpcId': 'string',
'VpcPeeringConnectionId': 'string'
},
]
},
],
IpProtocol='string',
SourceSecurityGroupName='string',
SourceSecurityGroupOwnerId='string',
ToPort=123,
)
Return
- None
create_tags(kwargs_)
Request Syntax
1
2
3
4
5
6
7
8
9
tag = ec2security_group.create_tags(
DryRun=True|False,
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
Return:
- Return type: list(ec2.Tag)
- A list of Tag resources
delete(kwargs_) Deletes a security group
If you attempt to delete a security group that is associated with an instance, or is referenced by another security group, the operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in EC2-VPC.
Request Syntax
1
2
3
4
response = ec2security_group.delete(
GroupName='string',
DryRun=True|False
)
get_available_subresources()
Returns a list of all the available sub-resources for this Resource.
- A list containing the name of each sub-resource for this resource Return:
- Return type: list of str
load() and reload()
Calls EC2.Client.describe_security_groups() to update the attributes of the SecurityGroup resource.
- Note that the load and reload methods are the same method and can be used interchangeably.
Request Syntax
1
2
security_group.load()
security_group.reload()
Return
- None
revoke_egress(kwargs_) and revoke_ingress(kwargs_)
revoke_egress(kwargs_)- [VPC only] Removes the specified egress rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic. To remove a rule, the values that you specify (for example, ports) must match the existing rule’s values exactly.
- [Default VPC] If the values you specify do not match the existing rule’s values, no error is returned, and the output describes the security group rules that were not revoked.
revoke_ingress(kwargs_)- Removes the specified ingress rules from a security group. To remove a rule, the values that you specify (for example, ports) must match the existing rule’s values exactly.
- [EC2-Classic , default VPC] If the values you specify do not match the existing rule’s values, no error is returned, and the output describes the security group rules that were not revoked.
AWS recommends to use
DescribeSecurityGroupsto verify that the rule has been removed.
- Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or source security group.
- For the TCP and UDP protocols, you must also specify the destination port or range of ports.
- For the ICMP protocol, you must also specify the ICMP type and code.
- If the security group rule has a description, you do not have to specify the description to revoke the rule.
Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.
Request Syntax
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
response = security_group.revoke_egress(
DryRun=True|False,
IpPermissions=[
{
'FromPort': 123,
'IpProtocol': 'string',
'IpRanges': [
{
'CidrIp': 'string',
'Description': 'string'
},
],
'Ipv6Ranges': [
{
'CidrIpv6': 'string',
'Description': 'string'
},
],
'PrefixListIds': [
{
'Description': 'string',
'PrefixListId': 'string'
},
],
'ToPort': 123,
'UserIdGroupPairs': [
{
'Description': 'string',
'GroupId': 'string',
'GroupName': 'string',
'PeeringStatus': 'string',
'UserId': 'string',
'VpcId': 'string',
'VpcPeeringConnectionId': 'string'
},
]
},
],
CidrIp='string',
FromPort=123,
IpProtocol='string',
ToPort=123,
SourceSecurityGroupName='string',
SourceSecurityGroupOwnerId='string'
)
Return:
- Return type: dict
- Response Syntax
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
{
'Return': True|False,
'UnknownIpPermissions': [
{
'FromPort': 123,
'IpProtocol': 'string',
'IpRanges': [
{
'CidrIp': 'string',
'Description': 'string'
},
],
'Ipv6Ranges': [
{
'CidrIpv6': 'string',
'Description': 'string'
},
],
'PrefixListIds': [
{
'Description': 'string',
'PrefixListId': 'string'
},
],
'ToPort': 123,
'UserIdGroupPairs': [
{
'Description': 'string',
'GroupId': 'string',
'GroupName': 'string',
'PeeringStatus': 'string',
'UserId': 'string',
'VpcId': 'string',
'VpcPeeringConnectionId': 'string'
},
]
},
]
}
response = security_group.revoke_ingress(
CidrIp='string',
FromPort=123,
GroupName='string',
IpPermissions=[
{
'FromPort': 123,
'IpProtocol': 'string',
'IpRanges': [
{
'CidrIp': 'string',
'Description': 'string'
},
],
'Ipv6Ranges': [
{
'CidrIpv6': 'string',
'Description': 'string'
},
],
'PrefixListIds': [
{
'Description': 'string',
'PrefixListId': 'string'
},
],
'ToPort': 123,
'UserIdGroupPairs': [
{
'Description': 'string',
'GroupId': 'string',
'GroupName': 'string',
'PeeringStatus': 'string',
'UserId': 'string',
'VpcId': 'string',
'VpcPeeringConnectionId': 'string'
},
]
},
],
IpProtocol='string',
SourceSecurityGroupName='string',
SourceSecurityGroupOwnerId='string',
ToPort=123,
DryRun=True|False
)
Return:
- Return type: dict
- Response Syntax
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
{
'Return': True|False,
# Returns true if the request succeeds; otherwise, returns an error.
'UnknownIpPermissions': [
# The inbound rules that were unknown to the service.
# In some cases, unknownIpPermissionSet might be in a different format from the request parameter.
{
'FromPort': 123,
'IpProtocol': 'string',
'IpRanges': [
{
'CidrIp': 'string',
'Description': 'string'
},
],
'Ipv6Ranges': [
{
'CidrIpv6': 'string',
'Description': 'string'
},
],
'PrefixListIds': [
{
'Description': 'string',
'PrefixListId': 'string'
},
],
'ToPort': 123,
'UserIdGroupPairs': [
{
'Description': 'string',
'GroupId': 'string',
'GroupName': 'string',
'PeeringStatus': 'string',
'UserId': 'string',
'VpcId': 'string',
'VpcPeeringConnectionId': 'string'
},
]
},
]
}
This post is licensed under CC BY 4.0 by the author.
Comments powered by Disqus.