我正在尝试使用Python boto3来描述ELB SecurityGroup并列出它的所有规则。
但是,有一个错误说我没有使用默认的VPC。
我尝试过滤并指定非默认的VPC vpc-67890,但它没有帮助:
client = boto3.client('ec2')
response = client.describe_security_groups(
...: Filters = [
...: {
...: 'Name': 'vpc-id',
...: 'Values': [
...: 'vpc-67890']},
...: ],
...: GroupNames=['SG_NAME'])
ClientError: An error occurred (InvalidGroup.NotFound) when calling the DescribeSecurityGroups operation: The security group 'SG_NAME' does not exist in default VPC 'vpc-12345'
我尝试使用boto3资源,但它是同样的问题,它不会返回所有的安全组,只是空响应:
ec2 = boto3.resource('ec2')
vpc = ec2.Vpc('vpc-67890')
all_security_groups = vpc.security_groups.all()
specific_security_group = vpc.security_groups.filter(GroupNames=['SG_NAME'])
for i in all_security_groups:
print i
(无回应)
当我查询我过滤的特定组时,会抛出错误:
for i in specific_security_group:
print i
ClientError: An error occurred (InvalidGroup.NotFound) when calling the DescribeSecurityGroups operation: The security group 'SG_NAME' does not exist in default VPC 'vpc-12345'
我知道如果使用非默认的VPC,它需要GroupID而不是GroupName,但问题是describe_elb API只返回GroupName。
尝试通过AWS Cli描述SecurityGroup时也是如此:
$ aws ec2 describe-security-groups --group-names SG_NAME
An error occurred (InvalidGroup.NotFound) when calling the DescribeSecurityGroups operation: The security group 'SG_NAME' does not exist in default VPC 'vpc-12345'
任何人有同样的问题吗?
提前致谢。
答案 0 :(得分:2)
是的,您不能在默认VPC之外使用GroupName参数。它有点隐藏在API文档中:describing the GroupName parameter它说:
[EC2-Classic and default VPC only]
您需要将“按组查询”部分保留为空,而是使用过滤器中的组,如下所示:
filters = [dict(Name='group-name', Values=['SG_NAME']),
dict(Name='vpc-id', Values=['vpc-67890'])]
client.describe_security_groups(Filters=filters)