Revoke all security group ingress rules (with source security groups)

1
votes

I have an ec2.SecurityGroup that I'd like to delete all rules from. I am having trouble removing the default ingress rule for the group, where the source is the security group's ID:

example ingress rule with security group source

I do so this way, using the Go SDK:

for _, perm := sg.IpPermissions {
  for _, pair := range perm.UserIdGroupPairs {
    service.RevokeSecurityGroupIngress(&ec2.RevokeSecurityGroupIngressInput{
    SourceSecurityGroupName: pair.GroupId,
    IpProtocol: perm.IpProtocol,
    SourceSecurityGroupOwnerId: pair.UserId,
        GroupId: sg.GroupId,
    });
  }
}

However, this produces an error: "VPCIdNotSpecified: No default VPC for this user".
How am I supposed to revoke this rule, and ALL others? Go is preferred in answers but a way to accomplish this in any language would be appreciated.

1
amazon-web-servicesgoamazon-ec2

1 Answers

0
votes

I'm not a Go person, but here's some equivalent Python code:

import boto3

ec2_client = boto3.client('ec2')

response = ec2_client.describe_security_groups(GroupIds=['sg-xxx'])

for group in response['SecurityGroups']:
    ec2_client.revoke_security_group_ingress(GroupId=group['GroupId'], IpPermissions = group['IpPermissions'])

Notice that the IpPermissions object returned from describe_security_groups() can be passed directly into revoke_security_group_ingress(). Hopefully you can do the same thing in Go.