无法使用boto3检查并创建AWS安全组

时间:2018-08-11 17:07:36

标签: python amazon-web-services boto3 amazon-vpc aws-security-group

我正在尝试创建一个安全组,并使用boto3将安全组ID作为输出获取。我想要这样的东西:

  1. 如果安全组存在,则获取/返回/输出背景ID。

  2. 如果安全组不存在,请使用给定规则创建并授权该组,然后输出该组ID

到目前为止,这是我的代码:

ec2 = boto3.client('ec2', region_name='us-east-1')
for rds_security_group in ec2.describe_security_groups()['SecurityGroups']:
    if rds_security_group['GroupName'] == 'testgroup':
         print(rds_security_group['GroupId'])
         return (rds_security_group['GroupId'])
     else:
          rds_security_group_name = ec2.create_security_group(
                GroupName='testgroup',
                Description='rds-security-group',
                VpcId='vpc-12345')
          client.authorize_security_group_ingress(
                CidrIp=10.10.10.10/11,
                IpProtocol='tcp',
                FromPort=90,
                ToPort=90,
                GroupId=rds_security_group_name['GroupId'])
          print(rds_security_group_name['GroupId'])
          return(rds_security_group_name['GroupId'])

如果安全组不存在,则代码可以通过创建组并返回组ID来完美地工作。但是如果安全组已经存在并抛出现有错误,则无法返回组ID。

botocore.exceptions.ClientError: An error occurred (InvalidGroup.Duplicate) when calling the CreateSecurityGroup operation: The security group 'testgroup' already exists for VPC 'vpc-12345'

请帮助我吗?

2 个答案:

答案 0 :(得分:1)

您的问题是您要遍历每个安全组并检查其组名。如果第一个安全组未称为“测试组”,则尝试创建它。将您的代码更改为以下内容:

ec2 = boto3.client('ec2', region_name='us-east-1')
for rds_security_group in ec2.describe_security_groups()['SecurityGroups']:
    if rds_security_group['GroupName'] == 'testgroup':
         print(rds_security_group['GroupId'])
         return (rds_security_group['GroupId'])

# Security Group was not found, create it
rds_security_group_name = ec2.create_security_group(
      GroupName='testgroup',
      Description='rds-security-group',
      VpcId='vpc-12345')
client.authorize_security_group_ingress(
      CidrIp=10.10.10.10/11,
      IpProtocol='tcp',
      FromPort=90,
      ToPort=90,
      GroupId=rds_security_group_name['GroupId'])
print(rds_security_group_name['GroupId'])
return(rds_security_group_name['GroupId'])

答案 1 :(得分:0)

ec2 = boto3.client('ec2', region_name='us-east-1')
for rds_security_group in ec2.describe_security_groups()['SecurityGroups']:
    if rds_security_group['GroupName'] == 'testgroup':
         print(rds_security_group['GroupId'])
         return (rds_security_group['GroupId'])
else:
     rds_security_group_name = ec2.create_security_group(
          GroupName='testgroup',
          Description='rds-security-group',
          VpcId='vpc-12345')
     client.authorize_security_group_ingress(
           CidrIp=10.10.10.10/11,
           IpProtocol='tcp',
           FromPort=90,
           ToPort=90,
           GroupId=rds_security_group_name['GroupId'])
     print(rds_security_group_name['GroupId'])
     return(rds_security_group_name['GroupId'])

我确实找到了我的问题的答案,但对现有代码的自我改动很小

相关问题
最新问题