More than 5 years have passed since last update.

aws cli セキュリティグループの追加・削除

Last updated at 2016-04-29Posted at 2016-04-29

#aws cliのバージョン確認
aws --version
aws-cli/1.10.8 Python/2.7.10 Linux/4.4.5-15.26.amzn1.x86_64 botocore/1.3.30

バージョンが古いのでバージョンアップ
sudo pip install -U awscli

aws --version
aws-cli/1.10.24 Python/2.7.10 Linux/4.4.5-15.26.amzn1.x86_64 botocore/1.4.15

#セキュリティグループ名とグループID確認

aws ec2 describe-security-groups --query "SecurityGroups[].[GroupName,GroupId]" --output table

#セキュリティグループ設定状況確認

aws ec2 describe-security-groups --group-id sg-xxxxxxxx --output table

#セキュリティグループにルール追加

aws ec2 authorize-security-group-ingress --group-name GroupName1 --protocol tcp --port 22 --cidr 123.456.789.012/32

エラー
A client error (InvalidGroup.NotFound) occurred when calling the AuthorizeSecurityGroupIngress operation: The security group 'GroupName1' does not exist in default VPC 'vpc-xxxxxxxx'

AWS CLI Command Referenceを確認
http://docs.aws.amazon.com/cli/latest/reference/ec2/authorize-security-group-ingress.html
--group-name (string)
[EC2-Classic, default VPC] The name of the security group.

なるほど

aws ec2 authorize-security-group-ingress --group-id sg-xxxxxxxx--protocol tcp --port 22 --cidr 123.456.789.012/32

OutputはNone

#セキュリティグループ設定状況確認

aws ec2 describe-security-groups --group-id sg-xxxxxxxx--output table

----------------------------------------
| DescribeSecurityGroups |
+-----------------------------------+
|| SecurityGroups ||
|+--------------+------------------+|
|| Description | GroupName1 ||
|| GroupId | sg-xxxxxxxx ||
|| GroupName | GroupName1 ||
|| OwnerId | 123456789012 ||
|| VpcId | vpc-xxxxxxxx ||
|+--------------+------------------+|
||| IpPermissions |||
||+---------------------+----------+||
||| FromPort | 22 |||
||| IpProtocol | tcp |||
||| ToPort | 22 |||
||+---------------------+----------+||
|||| IpRanges ||||
|||+---------+--------------------+|||
|||| CidrIp | 123.456.789.012/32 ||||
|||+---------+--------------------+|||
||| IpPermissionsEgress |||
||+----------------------+---------+||
||| IpProtocol | -1 |||
||+----------------------+---------+||
|||| IpRanges ||||
|||+------------+-----------------+|||
|||| CidrIp | 0.0.0.0/0 ||||
|||+------------+-----------------+|||

#セキュリティグループのルール削除

aws ec2 revoke-security-group-ingress --group-id sg-xxxxxxxx --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "IpRanges": [{"CidrIp": "123.456.789.012/32"}]}]'

OutputはNone

#補足

aws ec2 revoke-security-group-ingress --group-id sg-xxxxxxxx --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "IpRanges": [{"CidrIp": "123.456.789.012/32"}]}]'

をWindowsのコマンドプロンプトとWindows PoweShell for AWSから実行するとエラーになったのでメモ

###コマンドプロンプトでのエラー

C:>aws ec2 revoke-security-group-ingress --group-id sg-xxxxxxxx --ip-permissions '[{"IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "IpRanges": [{"CidrIp": "123.456.789.012/32"}]}]'

Error parsing parameter '--ip-permissions': Expected: '=', received: ''' for input:
'[{IpProtocol:

###Windows PoweShell for AWSでのエラー

PS C:> aws ec2 revoke-security-group-ingress --group-id sg-xxxxxxxx --ip-permissions '[{"IpProtocol": "tcp", "FromPort"
: 22, "ToPort": 22, "IpRanges": [{"CidrIp": "123.456.789.012/32"}]}]'

Expecting property name enclosed in double quotes: line 1 column 3 (char 2)

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up