Amazon web services 无法在TCP范围内用boto3撤销入口
这是我正在使用的代码片段:Amazon web services 无法在TCP范围内用boto3撤销入口,amazon-web-services,boto3,aws-security-group,Amazon Web Services,Boto3,Aws Security Group,这是我正在使用的代码片段: import boto3 ip_check_list = [ "1.2.3.4/32", "5.6.7.8/32", ] for region in ['us-east-1']: client = boto3.client('ec2',region_name=region) paginator = client.get_paginator('describe_security_groups') page_iterator = paginato
import boto3
ip_check_list = [
"1.2.3.4/32",
"5.6.7.8/32",
]
for region in ['us-east-1']:
client = boto3.client('ec2',region_name=region)
paginator = client.get_paginator('describe_security_groups')
page_iterator = paginator.paginate()
for page in page_iterator:
for sg in page['SecurityGroups']:
for lb in sg['IpPermissions']:
for ip in lb['IpRanges']:
from_port = lb.get('FromPort')
to_port = lb.get('ToPort')
ip_proto=lb['IpProtocol']
if sg['GroupId'] == 'sg-12345' and ip['CidrIp'] in ip_check_list:
try:
if from_port:
response = client.revoke_security_group_ingress (
GroupId=sg['GroupId'],
IpPermissions=[
{
'FromPort': from_port,
'ToPort': to_port,
'IpProtocol': ip_proto,
'IpRanges': [
{
'CidrIp': ip['CidrIp']
}
]
}
]
)
else:
response = client.revoke_security_group_ingress (
GroupId=sg['GroupId'],
IpPermissions=[
{
'IpProtocol': ip_proto,
'IpRanges': [
{
'CidrIp': ip['CidrIp']
}
]
}
]
)
except Exception as e:
print e
print sg['GroupId']
但是,我得到以下错误:
An error occurred (InvalidParameterValue) when calling the RevokeSecurityGroupIngress operation: Invalid value 'Must specify both from and to ports with TCP/UDP.' for portRange.
有关SG规则:
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 0,
"IpRanges": [
{
"CidrIp": "1.2.3.4/32"
}
],
"ToPort": 65535,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"Ipv6Ranges": []
}
],
*编辑*:当我检查“if from_port”时发现我的错误,我没有接受有效的0值,因此无意中跳过了该块。
对于TCP和UDP协议,还必须指定目标端口或端口范围
因此,您需要为第二个
撤销\u安全性\u组\u入口提供一些端口值。可能是一些默认值,或者是整个端口范围 在我检查“if from\u port”时发现了错误,我没有接受0的有效值,因此该块被意外跳过。您需要在第二个撤销安全组\u入口中添加FromPort
和ToPort
。但我的代码正在这样做——它正在向端口添加一个和从端口添加一个。else块不需要端口,因为它们不是必需的。