0

How ever I tried and is generating error "The filter 'CidrIp' is invalid".

aws ec2 describe-security-groups --filters Name=group-name,Values='*security_group_name*' Name=tag-key,Values=IpRanges Name=CidrIp,Values='0.0.0.0/0' --query 'SecurityGroups[*].{Name:GroupName,ID:GroupId}'
helloV
  • 50,176
  • 7
  • 137
  • 145
Kc Bickey
  • 1,166
  • 12
  • 11

2 Answers2

2

There's no API call that will modify the rule in place; they're immutable. You can only authorize or revoke security group ingress/egress rules.

Here's an example of adding the a security group ingress (assuming this is for a VPC and not the old style EC2 or your default VPC. If it is the latter, you can use --group-name instead of --group-id):

aws ec2 authorize-security-group-ingress --group-id sg-xxxxxxxx --protocol tcp --ports 443 --cidr "0.0.0.0/0"

Modify the security group ID, ports, protocol, and cidr as needed. There's also an option to pass in --ip-permissions for adding multiple rules at once, but the syntax isn't as clean.

Once you've authorized the appropriate ingress rule, revoke the old one (if it exists):

aws ec2 revoke-security-group-ingress --group-id sg-xxxxxxxx --protocol tcp --port 80 --cidr "0.0.0.0/0"

Review the following ec2 subcommands on the AWS CLI page for more information:

  • authorize-security-group-egress
  • authorize-security-group-ingress
  • revoke-security-group-egress
  • revoke-security-group-ingress

AWS CLI EC2 commands

1

Use ip-permission.cidr. From aws ec2 describe-security-groups

ip-permission.cidr - An IPv4 CIDR range that has been granted permission in a security group rule.

helloV
  • 50,176
  • 7
  • 137
  • 145