Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 无法在TCP范围内用boto3撤销入口_Amazon Web Services_Boto3_Aws Security Group - Fatal编程技术网
Fatal编程技术网

Amazon web services 无法在TCP范围内用boto3撤销入口

amazon-web-services

Amazon web services 无法在TCP范围内用boto3撤销入口,amazon-web-services,boto3,aws-security-group,Amazon Web Services,Boto3,Aws Security Group,这是我正在使用的代码片段: import boto3 ip_check_list = [ "1.2.3.4/32", "5.6.7.8/32", ] for region in ['us-east-1']: client = boto3.client('ec2',region_name=region) paginator = client.get_paginator('describe_security_groups') page_iterator = paginato

这是我正在使用的代码片段:

import boto3

ip_check_list = [
  "1.2.3.4/32",
  "5.6.7.8/32",

]

for region in ['us-east-1']:
  client = boto3.client('ec2',region_name=region)
  paginator = client.get_paginator('describe_security_groups')
  page_iterator = paginator.paginate()
  for page in page_iterator:
    for sg in page['SecurityGroups']:
      for lb in sg['IpPermissions']:
        for ip in lb['IpRanges']:
          from_port = lb.get('FromPort')
          to_port = lb.get('ToPort')
          ip_proto=lb['IpProtocol']
          if sg['GroupId'] == 'sg-12345' and ip['CidrIp'] in ip_check_list:
            try:
              if from_port:
                response = client.revoke_security_group_ingress (
                  GroupId=sg['GroupId'],
                  IpPermissions=[
                    {
                      'FromPort': from_port,
                      'ToPort': to_port,
                      'IpProtocol': ip_proto,
                      'IpRanges': [
                        {
                          'CidrIp': ip['CidrIp']
                        }
                      ]
                    }
                  ]
                )
              else:
                response = client.revoke_security_group_ingress (
                  GroupId=sg['GroupId'],
                  IpPermissions=[
                    {
                      'IpProtocol': ip_proto,
                      'IpRanges': [
                        {
                          'CidrIp': ip['CidrIp']
                        }
                      ]
                    }
                  ]
                )
            except Exception as e:
              print e
              print sg['GroupId']
但是,我得到以下错误:

An error occurred (InvalidParameterValue) when calling the RevokeSecurityGroupIngress operation: Invalid value 'Must specify both from and to ports with TCP/UDP.' for portRange.
有关SG规则:

           "IpPermissions": [
                {
                    "PrefixListIds": [],
                    "FromPort": 0,
                    "IpRanges": [
                        {
                            "CidrIp": "1.2.3.4/32"
                        }
                    ],
                    "ToPort": 65535,
                    "IpProtocol": "tcp",
                    "UserIdGroupPairs": [],
                    "Ipv6Ranges": []
                }
            ],
*编辑*:当我检查“if from_port”时发现我的错误,我没有接受有效的0值,因此无意中跳过了该块。

对于TCP和UDP协议,还必须指定目标端口或端口范围

因此,您需要为第二个
撤销\u安全性\u组\u入口提供一些端口值。可能是一些默认值,或者是整个端口范围
 在我检查“if from\u port”时发现了错误,我没有接受0的有效值,因此该块被意外跳过。
您需要在第二个
撤销安全组\u入口中添加
FromPort
ToPort
。但我的代码正在这样做——它正在向端口添加一个和从端口添加一个。else块不需要端口,因为它们不是必需的。