Deleteing securitygroup rules

[9072997]

awless update securitygroup id=@launch-wizard-7 inbound=authorize protocol=tcp cidr=8.8.8.8/32 portrange=22 seems to append a rule to a security group. It appears (apologies if I am just not finding it) that there is not an obvious way to remove a rule. I would expect either awless update securitygroup -h to have an option for overwriting all rules with the given one, or awless delete securitygroup -h to have an option to delete a rule.

awless version=v0.1.8, commit=03a0c3b859f8c33b43a883711fb12df3b77328f8, build-date=2017-11-29T15:57:49-08:00, build-arch=amd64, build-os=linux, build-for=targz

[fxaguessy]

Hi, There is indeed no direct way to delete rules in a security group with awless delete.

However, to delete the rule awless update securitygroup id=@launch-wizard-7 inbound=authorize protocol=tcp cidr=8.8.8.8/32 portrange=22, for example, you just have to write the opposite rule awless update securitygroup id=@launch-wizard-7 inbound=revoke protocol=tcp cidr=8.8.8.8/32 portrange=22. This is actually what awless does when you use the awless revert command.

In order to delete a rule:

• inbound=authorize -> inbound=revoke
• inbound=revoke -> inbound=authorize
• outbound=authorize -> outbound=revoke
• outbound=revoke -> outbound=authorize

We also might add a parameter to reset the rules of a security group if there is a need for that.

[9072997]

Thanks, it looks like that will make it possible to do everything I need it to. I'll leave it up to you weather you think this should stay open as a feature request, or be closed since this functionality is already available. I do think it would be helpful to mention this somehow in the awless update -h, but I admit I don't know how to best do that without breaking the format a bit.