aws-cli icon indicating copy to clipboard operation
aws-cli copied to clipboard

Published 20 hours ago verified publisher icon aws

The example CLI for aws ec2 modify-security-group-rules is not working

Open chimerab opened this issue 2 years ago • 12 comments

Describe the bug

According to document https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-security-group-rules.html

aws ec2 modify-security-group-rules
--group-id sg-1234567890abcdef0
--security-group-rules SecurityGroupRuleId=sgr-abcdef01234567890,SecurityGroupRule={Description=test,IpProtocol=-1,CidrIpv4=0.0.0.0/0}

Expected Behavior

{ "Return": true }

Current Behavior

Parameter validation failed: Invalid type for parameter SecurityGroupRules[0].SecurityGroupRule, value: Description=test, type: <class 'str'>, valid types: <class 'dict'> Invalid type for parameter SecurityGroupRules[1].SecurityGroupRule, value: IpProtocol=-1, type: <class 'str'>, valid types: <class 'dict'> Invalid type for parameter SecurityGroupRules[2].SecurityGroupRule, value: CidrIpv4=0.0.0.0/0, type: <class 'str'>, valid types: <class 'dict'>

Reproduction Steps

aws --version aws-cli/1.22.81 Python/3.7.10 Linux/4.14.290-217.505.amzn2.x86_64 botocore/1.24.26

just copy/past the example in the document in the console.

Possible Solution

aws ec2 modify-security-group-rules
--group-id sg-1234567890abcdef0
--security-group-rules SecurityGroupRuleId=sgr-abcdef01234567890,SecurityGroupRule='{Description=test,IpProtocol=-1,CidrIpv4=0.0.0.0/0}'

Additional Information/Context

No response

CLI version used

1.22.81

Environment details (OS name and version, etc.)

Amazon Linux 2

chimerab avatar Aug 29 '22 02:08 chimerab

Experiencing the same issue.

yankeexe avatar Sep 22 '22 04:09 yankeexe

Hello and thanks for reaching out. It looks like the example should be:

aws ec2 modify-security-group-rules 
        --group-id sg-1234567890abcdef0 
        --security-group-rules SecurityGroupRuleId=sgr-abcdef01234567890,SecurityGroupRule={{Description=test},{IpProtocol=-1},{CidrIpv4=0.0.0.0/0}}

I created the PR linked above to update the example.

tim-finnigan avatar Sep 22 '22 16:09 tim-finnigan

Hey guys, I struggled with this issue for 3 hours and finally hit the right syntax for this command to work.

Hidden in an input here by Akshat Sachdeva.

The correct syntax will be:

aws ec2 modify-security-group-rules --group-id sg-xxx --security-group-rules "SecurityGroupRuleId=sgr-xxx,SecurityGroupRule={Description='SSH Test1',CidrIpv4=x.x.x.x/32,IpProtocol=tcp,FromPort=22,ToPort=22}"

OR

aws ec2 modify-security-group-rules --group-id sg-xxx --security-group-rules 'SecurityGroupRuleId=sgr-xxx,SecurityGroupRule={Description="SSH Test2",CidrIpv4=x.x.x.x/32,IpProtocol=tcp,FromPort=22,ToPort=22}'

PLEASE NOTICE, the single quote and double quote symbols for both options and understand them.

leosilvapaiola avatar Oct 17 '22 16:10 leosilvapaiola

Example is not clear or followable. Not sure how I landed on quotation which was accepted, and its ugly, but it worked from terminal:

aws ec2 modify-security-group-rules --group-id sg-xxx --security-group-rules '{"SecurityGroupRuleId":"sgr-xxx","SecurityGroupRule":{"IpProtocol":"-1","CidrIpv4":"0.0.0.0/0"}}' { "Return": true }

tjrjaws avatar Oct 20 '22 22:10 tjrjaws

This seems to be due to an underlying issue with how some shorthand syntax examples are generated. Other services affected include SNS and SQS. Some further investigation is required into what is affected and how to resolve this.

tim-finnigan avatar Oct 26 '22 18:10 tim-finnigan

Hey guys, I struggled with this issue for 3 hours and finally hit the right syntax for this command to work.

Same here... :confused: Thanks a lot for clarification!

oleg-ku-32768 avatar Nov 07 '22 15:11 oleg-ku-32768

Thanks to @tjrjaws your example worked for me! Here is another example that I'm using to update the inbound IPv4 Rules to grant access via RDP to an EC2 Instance.

aws ec2 modify-security-group-rules --profile PROFILE-NAME --group-id sg-123456 --security-group-rules '{"SecurityGroupRuleId":"sgr-123456","SecurityGroupRule":{"Description":"updated rules","IpProtocol":"tcp","FromPort":3389,"ToPort":3389,"CidrIpv4":"8.8.8.8/32"}}'

Tenosiey avatar Nov 10 '22 08:11 Tenosiey

Tried to fix this in this PR. Can anyone please have a review? https://github.com/aws/aws-cli/pull/7286/files

wangshu3000 avatar Feb 21 '23 09:02 wangshu3000

[leosilvapaiola] > Your solution worked for me, thanks :)

nbaud avatar Feb 25 '23 10:02 nbaud

One more way: aws ec2 modify-security-group-rules --group-id sg-0000000000 --security-group-rules SecurityGroupRuleId=sgr-000000000000000,SecurityGroupRule="{IpProtocol=tcp,FromPort=80,ToPort=80,CidrIpv4=0.0.0.0/0}"

I believe that amazon people simply forgot to put double quotes, I haven't tested it, but it's possible that it works with single quotes too.

RafaelRanvier avatar Apr 22 '23 15:04 RafaelRanvier

One more way: aws ec2 modify-security-group-rules --group-id sg-0000000000 --security-group-rules SecurityGroupRuleId=sgr-000000000000000,SecurityGroupRule="{IpProtocol=tcp,FromPort=80,ToPort=80,CidrIpv4=0.0.0.0/0}"

I believe that amazon people simply forgot to put double quotes, I haven't tested it, but it's possible that it works with single quotes too.

Yes that works too, but the main issue was in my case, when I wanted to add a 'description' to the rule. There it is when you have to be careful with the single quotes or the double quotes.

leosilvapaiola avatar May 03 '23 19:05 leosilvapaiola

Thanks for lots of good examples. Here is my working Windows syntax aws ec2 modify-security-group-rules --group-id sg-abcdef12345678901 --security-group-rules "SecurityGroupRuleId=sgr-1234567890123456,SecurityGroupRule={Description='PW 140224',IpProtocol=tcp,FromPort=3389,ToPort=3389,CidrIpv4=1.2.3.4/32}"

paulfwhite avatar Feb 14 '24 05:02 paulfwhite