I am trying to create a security group in AWS using boto3, in which the source of the traffic is comming from an existing security group. This is how I am doing it:
res = client.authorize_security_group_ingress(
GroupId=sg_id, <---- sg I want to modify
IpPermissions=[{
'IpProtocol': 'tcp',
'FromPort': 80,
'ToPort': 80,
'IpRanges': [{'CidrIp': 'sg-xxxxxxx'] <--- sg I want to be the source
}]
)
But I am getting:
An error occurred (InvalidParameterValue) when calling the AuthorizeSecurityGroupIngress operation: CIDR block sg-0ae9ec592f6d43219 is malformed
which to be honest is kind of obvious, because the field in IpRanges is CidrIp, and not something like groupId
, which is what I was expecting to write.
But according to the documentation:
CidrIp (string) -- The IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.
It doesn't really say "source security group id", I just assumed it would be the id. I tried the name and it also does not work (specifying the name will try to look a SG with the name in the default VPC)