Modifying security groups for a VPC instance

Neil Saunders

unread,

Jul 9, 2013, 12:36:54 PM7/9/13

to boto-...@googlegroups.com

Hi -

I'd like to modify the security groups assigned to a VPC instance via boto (I'm writing a script to remove a particular SG from 600 instances) - Is this possible via boto?

I've been googling for an hour now and and can't see any way to do this programatically - either via boto or the AWS command line?

Can anyone advise if this is possible please?

Thanks!

Neil

Victor Trac

unread,

Jul 10, 2013, 12:33:10 AM7/10/13

to boto-...@googlegroups.com

This is what you want:

http://boto.readthedocs.org/en/latest/ref/ec2.html#boto.ec2.instance.Instance.modify_attribute

You'll need to modify the groupSet attribute.

--
Victor Trac | victortrac.com | twitter.com/victortrac

Neil

--
You received this message because you are subscribed to the Google Groups "boto-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to boto-users+...@googlegroups.com.
To post to this group, send email to boto-...@googlegroups.com.
Visit this group at http://groups.google.com/group/boto-users.
For more options, visit https://groups.google.com/groups/opt_out.

Neil Saunders

unread,

Jul 10, 2013, 6:00:24 AM7/10/13

to boto-...@googlegroups.com, vic...@victortrac.com

Excellent - Thanks Victor - That should have been the end of this but am now running in AWS complaining that I've reached the maximum number of SG's for an instance even though I'm trying to _remove_ an SG (The instance has 2 SG's assigned, trying to set it to only one of them). iPython example:

In [36]: i

Out[36]: Instance:i-0ff1676d

In [37]: i.groups

Out[37]:

[<boto.ec2.group.Group instance at 0x3586518>,

<boto.ec2.group.Group instance at 0x3586560>]

In [38]: newgroups

Out[38]: [<boto.ec2.group.Group instance at 0x3586560>]

In [39]: ",".join([g.id for g in newgroups])

Out[39]: u'sg-fb779394'

In [40]: i.modify_attribute('groupSet',",".join([g.id for g in newgroups]))

---------------------------------------------------------------------------

EC2ResponseError Traceback (most recent call last)

<snip>

EC2ResponseError: EC2ResponseError: 400 Bad Request

<?xml version="1.0" encoding="UTF-8"?>

<Response><Errors><Error><Code>SecurityGroupsPerInstanceLimitExceeded</Code><Message>The maximum number of security groups per instance has been reached.</Message></Error></Errors><RequestID>40c80155-1a80-416b-9f7b-462b71fd2f52</RequestID></Response>

Back to being stumped - Any ideas?

Thanks again for your help.

Ta,

Neil

Neil Saunders

unread,

Jul 10, 2013, 7:12:20 AM7/10/13

to boto-...@googlegroups.com, vic...@victortrac.com

Solved - I was confused by the boto documentation that lists value as a string: Passing as a list of strings works just fine.

In [57]: i.modify_attribute('groupSet',["sg-fb779394"])

Out[57]: True

Thanks for your help Victor.

/Neil

Reply all

Reply to author

Forward