Boto: how to get security group by id?

Question

I`m trying to get the security group by group id.

Here is the code:

#!/usr/bin/env python2.7
import boto.ec2
import argparse

parser = argparse.ArgumentParser(description="")
parser.add_argument('sec_group_id', help='Security group id')
parser.add_argument('region_name', help='Region name')
args = parser.parse_args()
sec_group_id = args.sec_group_id
region_name = args.region_name

conn = boto.ec2.connect_to_region(region_name);

GivenSecGroup=conn.get_all_security_groups(sec_group_id)

When I execute this:

./sec_groups.py sg-45b9a12c eu-central-1

I get the output:

Traceback (most recent call last):
  File "./sec_groups.py", line 22, in <module>
    GivenSecGroup=conn.get_all_security_groups(sec_group_id)
  File "/usr/lib/python2.7/dist-packages/boto/ec2/connection.py", line 2969, in get_all_security_groups
    [('item', SecurityGroup)], verb='POST')
  File "/usr/lib/python2.7/dist-packages/boto/connection.py", line 1182, in get_list
    raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>InvalidGroup.NotFound</Code><Message>The security group 'sg-45b9a12c' does not exist in default VPC 'vpc-d289c0bb'</Message></Error></Errors><RequestID>edf2afd0-f552-4bdf-938e-1bccef798145</RequestID></Response>

So basically it says “The security group 'sg-45b9a12c' does not exist in default VPC 'vpc-d289c0bb'”

But this security group does exist in default VPC! Here is the prove: AWS console screenshot

How can I make this work?

I would be grateful for your answer.

Answer 1

Short answer:

just change

GivenSecGroup=conn.get_all_security_groups(sec_group_id)

to

GivenSecGroup=conn.get_all_security_groups(group_ids=[sec_group_id])

Long Answer:

get_all_security_groups first argument is a list of security group names and the second is the list of ids:

def get_all_security_groups(self, groupnames=None, group_ids=None,
                            filters=None, dry_run=False):
    """
    Get all security groups associated with your account in a region.

    :type groupnames: list
    :param groupnames: A list of the names of security groups to retrieve.
                       If not provided, all security groups will be
                       returned.

    :type group_ids: list
    :param group_ids: A list of IDs of security groups to retrieve for
                      security groups within a VPC.

Answer 2

I will show alternative boto3 answer beside @Vor.

IMHO, you should switch to boto3, the developer has make it clear that boto will not support new features. You don't need to specify region, you can tied the region inside credential file,etc.

import boto3
import argparse
ec2=boto3.client("ec2")
parser = argparse.ArgumentParser(description="")
parser.add_argument('sec_group_id', help='Security group id')
args = parser.parse_args()
sec_group_id = args.sec_group_id

my_sec_grp = ec2.describe_security_groups(GroupIds = [sec_group_id])

Boto3 are closely tied with AWS Cli. The current AWS cli has show features such "--query" that allow user to filter the results return. If AWS implement that features, that will be in boto3, not boto.