按SG名称描述ELB AWS安全组规则

时间:2018-03-23 20:59:57

标签: python amazon-web-services boto3

我正在尝试使用Python boto3来描述ELB SecurityGroup并列出它的所有规则。

但是,有一个错误说我没有使用默认的VPC。

我尝试过滤并指定非默认的VPC vpc-67890,但它没有帮助:

client = boto3.client('ec2')
response = client.describe_security_groups(
     ...: Filters = [
     ...: {
     ...: 'Name': 'vpc-id',
     ...: 'Values': [
     ...: 'vpc-67890']},
     ...: ],
     ...: GroupNames=['SG_NAME'])

ClientError: An error occurred (InvalidGroup.NotFound) when calling the DescribeSecurityGroups operation: The security group 'SG_NAME' does not exist in default VPC 'vpc-12345'

我尝试使用boto3资源,但它是同样的问题,它不会返回所有的安全组,只是空响应:

ec2 = boto3.resource('ec2')
vpc = ec2.Vpc('vpc-67890')
all_security_groups = vpc.security_groups.all()
specific_security_group = vpc.security_groups.filter(GroupNames=['SG_NAME'])

for i in all_security_groups:
    print i

(无回应)

当我查询我过滤的特定组时,会抛出错误:

for i in specific_security_group:
    print i

ClientError: An error occurred (InvalidGroup.NotFound) when calling the DescribeSecurityGroups operation: The security group 'SG_NAME' does not exist in default VPC 'vpc-12345'

我知道如果使用非默认的VPC,它需要GroupID而不是GroupName,但问题是describe_elb API只返回GroupName。

尝试通过AWS Cli描述SecurityGroup时也是如此:

$ aws ec2 describe-security-groups --group-names SG_NAME

An error occurred (InvalidGroup.NotFound) when calling the DescribeSecurityGroups operation: The security group 'SG_NAME' does not exist in default VPC 'vpc-12345'

任何人有同样的问题吗?

提前致谢。

1 个答案:

答案 0 :(得分:2)

是的,您不能在默认VPC之外使用GroupName参数。它有点隐藏在API文档中:describing the GroupName parameter它说:

  

[EC2-Classic and default VPC only]

您需要将“按组查询”部分保留为空,而是使用过滤器中的组,如下所示:

filters = [dict(Name='group-name', Values=['SG_NAME']), 
           dict(Name='vpc-id', Values=['vpc-67890'])]
client.describe_security_groups(Filters=filters)