how to use boto3 authorize_security_group_ingress to add a rule between two security groups in non default VPC

Question

I am trying to use boto3 to update security group rules, to add a rule to security group a (sg_a) to allow security group b (sg_b) to access port 8443.

I am trying to use EC2 client to achieve this with the following

ec2.authorize_security_group_ingress(
        GroupId=sg_a,
        SourceSecurityGroupName=sg_b,
        IpProtocol='tcp',
        FromPort=service_port,
        ToPort=service_port
    )

but I got this error:

botocore.exceptions.ClientError: An error occurred (VPCIdNotSpecified) when calling the AuthorizeSecurityGroupIngress operation: No default VPC for this user.

How do I use authorize_security_group_igress for a non-default VPC?

[the docs may help](http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.authorize_security_group_ingress) — floer32, May 03 '16 at 18:26
the correct syntax is: ` ec2.authorize_security_group_ingress( GroupId=sg_a, IpPermissions=[{ 'IpProtocol': 'tcp', 'FromPort': from_port, 'ToPort': to_port, 'UserIdGroupPairs': [{ 'GroupId': sg_b }] }], ) ` — blindstack, May 03 '16 at 20:01

score 11 · Answer 1 · edited Feb 02 '17 at 16:50

11

the correct syntax is:

ec2.authorize_security_group_ingress( 
    GroupId=sg_a, 
    IpPermissions=[
        {'IpProtocol': 'tcp', 
        'FromPort': from_port, 
        'ToPort': to_port, 
        'UserIdGroupPairs': [{ 'GroupId': sg_b }] }
    ],
)

edited Feb 02 '17 at 16:50

schroeder

533
1
7
25

answered May 06 '16 at 17:38

blindstack

251
3
10

There may also be a way to modify it: https://stackoverflow.com/a/69128078/453673 – Nav Jan 10 '23 at 06:21

how to use boto3 authorize_security_group_ingress to add a rule between two security groups in non default VPC

1 Answers1