0

I am trying to revoke an ingress rule on a security group that is inside my VPC which is not the default. I can find the security group using DescribeSecurityGroupsRequest and create the ingress rule using AuthorizeSecurityGroupIngressRequest all that works fine and I'm able to see the new rule in the AWS console, but when I try to revoke the same Ingress rule I am getting can not find the security group on default VPC but I don't see a way to specify which VPC. I'm using

RevokeSecurityGroupIngressRequest revokeSecurityGroupIngressRequest = new RevokeSecurityGroupIngressRequest();
revokeSecurityGroupIngressRequest.GroupId = "sg-id";
revokeSecurityGroupIngressRequest.GroupName = "sg-name";
revokeSecurityGroupIngressRequest.IpPermissions = ipPermissions;

I have seen how you would do this using the CLI or lambda using boto3 but I don't see how to do it using the .net SDK

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Travis J
  • 109
  • 3
  • 11
  • 1
    Try removing the `GroupName`. The documentation "For security groups in a nondefault VPC, you must specify the security group ID.", and also shows `GroupName` as only being appropriate for the Default VPC. – John Rotenstein Jan 24 '21 at 01:13
  • Ok I will try that as soon as I get back to the office. I just reviewed that documentation I did not see that before. Seems like a strange design choice to make it work like that if that is the case. – Travis J Jan 24 '21 at 04:20
  • 1
    I suspect that `GroupName` was originally the only required parameter. However, once VPC was introduced, it was then possible to have multiple Security Groups with the same name, so `GroupId` became the unique identifier. – John Rotenstein Jan 24 '21 at 06:57
  • Ah ok that makes sense. I’ll give it a shot this afternoon and report back. – Travis J Jan 24 '21 at 15:56
  • That worked. Thank you for the help. Now I know to look for that in the docs next time. – Travis J Jan 24 '21 at 21:24

1 Answers1

0

John Rotenstein Had the right answer. The group name is used for default VPC. If you specify the group name it defaults to the default VPC. Omitting that and using the security group ID only works perfectly.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Travis J
  • 109
  • 3
  • 11