Closed manuelh2410 closed 2 years ago
What does seem to work is the following :
`Grant-EC2SecurityGroupIngress -GroupId $RDP -IpPermission @($Ip2) -select "Securitygrouprules"
CidrIpv4 : 1.1.1.1/32 CidrIpv6 : Description : FromPort : 3389 GroupId : sg-0e16d7026f5276778 GroupOwnerId : 419191665529 IpProtocol : tcp IsEgress : False PrefixListId : ReferencedGroupInfo : SecurityGroupRuleId : sgr-0c9cea02e3fad8698 Tags : {} ToPort : 3389 `
Hi @manuelh2410,
Good morning.
The Grant-EC2SecurityGroupIngress CmdLet invokes the AuthorizeSecurityGroupIngress service API operation and returns the AuthorizeSecurityGroupIngressResponse in the following format as documented in the API reference:
The following elements are returned by the service.
requestId
The ID of the request.
Type: String
return
Returns true if the request succeeds; otherwise, returns an error.
Type: Boolean
securityGroupRuleSet
Information about the inbound (ingress) security group rules that were added.
Type: Array of SecurityGroupRule objects
As pointed by you, we need to select SecurityGroupRules
explicitly to return the nested object. The output True {sg-0e16d7026f5276778}
is the behavior of PowerShell console when displaying an object and is not controlled by the CmdLet. This doesn't appear to be a bug since the PowerShell CmdLet Grant-EC2SecurityGroupIngress
is mapping the result to the response returned by service API as expected. Also, the behavior is consistent across all the SDKs (not just AWS .NET SDK or PowerShell tools) and changing the current behavior would be a breaking change for existing customers.
Thanks, Ashish
From an end-user perspective this is cumbersome and not customer-centric . It would make more sense to return "Security Group Rule Created" , rather than returning an ID than can be confused as the ID for the security group rule . The New-EC2SecurityGroup cmdlet does not behave in this manner. the New-EC2SecurityGroup returns the security group ID , of the created group as expected . this is not consistent This does not constitute guidance , there is a clear inconsistency here
From an end-user perspective this is cumbersome and not customer-centric . It would make more sense to return "Security Group Rule Created" , rather than returning an ID than can be confused as the ID for the security group rule . The New-EC2SecurityGroup cmdlet does not behave in this manner. the New-EC2SecurityGroup returns the security group ID , of the created group as expected . this is not consistent
@manuelh2410 The New-EC2SecurityGroup invokes the CreateSecurityGroupResponse service API operation and returns CreateSecurityGroupResponse in the format returned by the service. As mentioned earlier, the display output of the CmdLet is controlled by PowerShell console when displaying an object. The CmdLet returns CreateSecurityGroupResponse
object containing GroupId
and Tags
properties, and since the Tags
list is not directly displayable, PowerShell console just displays the GroupId
(You may verify this by examining the returned object and use $returnedObject.Tags
).
Unfortunately, for Grant-EC2SecurityGroupIngress
, we cannot simply return the list of SecurityGroupRules
since it is correctly mapping to the service response as it is doing for other CmdLets.
Closing this issue since .NET SDK and PowerShell behavior is consistent with the service response, and changing behavior is not feasible.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
Description
Security Group Rules created trough "Grant-EC2SecurityGroupIngress" Not Unique none of the security group rule ids for the rules I created with this cmdlet are unique . According to the AWS Console the security group rule ID for the following request should be "sg-0e16d7026f5276778"
Reproduction Steps
$MYIP = "1.1.1.1/32" $RDP = "sg-0e16d7026f5276778"
$ip2 = @{ IpProtocol="tcp"; FromPort="3389"; ToPort="3389"; IpRanges="$MYIP"}
$Tag = New-Object Amazon.EC2.Model.Tag $Tag.Key = "AWSIP" $Tag.Value = "AWSIP"
Grant-EC2SecurityGroupIngress -GroupId $RDP -IpPermission @($Ip2)
Return SecurityGroupRules
True {sg-0e16d7026f5276778}
The command seems to be returning a bogus security group id . instead of SecurityGroupRuleId : sgr-0c9cea02e3fad8698
I instructed it to create a rule , so I expect an sgr-xxxxx id in return . poor API design .
Environment
Resolution
none
This is a :bug: bug-report