Unable to call RevokeSecurityGroupIngress (incorrect parameters being passed)

[seydar]

Describe the bug

When calling RevokeSecurityGroupIngress (ec2.revoke_security_group_ingress(...)), the request fails because it expects a different capitalization of a parameter than is allowed to be supplied.

Expected Behavior

I expect the call to succeed.

Current Behavior

{'UserId': '*******', 'Account': '********', 'Arn': 'arn:aws:iam::*******:user/ari', 'ResponseMetadata': {'RequestId': '9047b328-4378-4328-bd62-ec32efd4bbdf', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '9047b328-4378-4328-bd62-ec32efd4bbdf', 'content-type': 'text/xml', 'content-length': '400', 'date': 'Wed, 17 Jul 2024 17:19:16 GMT'}, 'RetryAttempts': 0}}

deleting 6 security groups...

Traceback (most recent call last):
  File "/Users/ari/work/cloud/closeout_eks/mre.py", line 21, in <module>
    ec2.revoke_security_group_ingress(GroupId=sg['GroupId'], SecurityGroupRuleIds=ingress_ids)
  File "/Users/ari/opt/miniconda3/envs/mamba_oa_env/lib/python3.10/site-packages/botocore/client.py", line 553, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/ari/opt/miniconda3/envs/mamba_oa_env/lib/python3.10/site-packages/botocore/client.py", line 1009, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (MissingParameter) when calling the RevokeSecurityGroupIngress operation: Either 'ipPermissions' or 'securityGroupRuleIds' should be provided.

Reproduction Steps

import boto3

sts = boto3.client("sts")
print(sts.get_caller_identity())

ec2 = boto3.client("ec2")

sgs = ec2.describe_security_groups()['SecurityGroups']

print(f"deleting {len(sgs)} security groups...")
for sg in sgs:
    rules = ec2.describe_security_group_rules(Filters=[{'Name': 'group-id', 'Values': [sg['GroupId']]}])['SecurityGroupRules']
    ingress = list(filter(lambda r: r['IsEgress'] == False, rules))
    egress  = list(filter(lambda r: r['IsEgress'] == True, rules))

    ingress_ids = list(map(lambda r: r['SecurityGroupRuleId'], ingress))
    egress_ids  = list(map(lambda r: r['SecurityGroupRuleId'], egress))

    # Revoke rules to eliminate circular references that would prevent
    # a SG from being deleted
    ec2.revoke_security_group_ingress(GroupId=sg['GroupId'], SecurityGroupRuleIds=ingress_ids)
    ec2.revoke_security_group_egress(GroupId=sg['GroupId'],  SecurityGroupRuleIds=egress_ids)

Possible Solution

I believe there is something serverside in AWS that is expecting 'ipPermissions' or 'securityGroupRuleIds', but it should be expecting 'IpPermissions' or 'SecurityGroupRuleIds' with capital letters. I am unable to supply the named parameters with lowercase initial letters.

Additional Information/Context

No response

SDK version used

1.34.34

Environment details (OS name and version, etc.)

macOS 12.6.4

[seydar]

This bug also exists on revoke_security_group_egress.

[SamRemis]

Hi @seydar,

Could you try changing those last few lines to the following and let us know if it works?

        if ingress_ids:
            ec2.revoke_security_group_ingress(GroupId=sg['GroupId'], SecurityGroupRuleIds=ingress_ids)
        if egress_ids:
            ec2.revoke_security_group_egress(GroupId=sg['GroupId'],  SecurityGroupRuleIds=egress_ids)

I was unable to reproduce this on any rules that had ingress or egress rules, but encountered the same error when [] was passed as an input parameter.

[github-actions[bot]]

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.