nixops-aws icon indicating copy to clipboard operation
nixops-aws copied to clipboard
verified publisher icon NixOS

Can't create EC2 IPv6 security group entries

Open nh2 opened this issue 8 years ago • 3 comments

I tried to make an IPv6 security group entry with ::/0:

      resources.ec2SecurityGroups.mygroup = {
        accessKeyId = "myaccesskeyid";
        region = "eu-central-1";
        name = "mygroup";
        description = "mygroup";
        rules = [
          { fromPort = 22; toPort = 22; sourceIp = "0.0.0.0/0"; }
          { fromPort = 22; toPort = 22; sourceIp = "::/0"; }
        ];
      };

But it doesn't work; it gets me (with boto logging enabled):

Action=AuthorizeSecurityGroupIngress&GroupId=sg-abc123&IpPermissions.1.FromPort=22&IpPermissions.1.IpProtocol=tcp&IpPermissions.1.IpRanges.1.CidrIp=%3A%3A%2F0&IpPermissions.1.ToPort=22&Version=2014-10-01'

boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>InvalidParameterValue</Code><Message>CIDR block ::/0 is malformed</Message></Error></Errors><RequestID>....</RequestID></Response>

The commet at https://github.com/ansible/ansible/issues/23507#issuecomment-295370682 suggests that boto doesn't actually support IPv6 CIDR ranges, and that only boto3 does.

nh2 avatar Jun 18 '17 22:06 nh2

We already have some resources using boto3 and usually features like this are the reason to port to boto3.

domenkozar avatar Jul 24 '17 11:07 domenkozar

There is typo in code block:

name = "mygroup

Anton-Latukha avatar Sep 29 '17 15:09 Anton-Latukha

There is typo in code block:

Sorry, that was just a copy-paste error. Will fix.

nh2 avatar Jun 27 '19 15:06 nh2