EC2::Client#describe_security_groups undocumented & unchecked options limitation. about aws-cli HOT 3 OPEN

After some noodling, I realized that there is a reasonable workaround: tag the security group with it's name! That is,

ec2.describe_security_groups(
  filters: [
    {name: 'vpc-id', values: [vpc_id]},
    {name: 'tag:name', values: [group_name]}
  ]
)

Works if you #create_tags(resources: [group_id], tags: [{ key: name, value: group_name}]) first.

from aws-cli.

The error message you provided indicates that there is an issue with using both the group_names and filters options together when calling the describe_security_groups method in the AWS SDK for Ruby.

from aws-cli.

Describe the issue

group_names: option is incompatible with filters: { name: 'vpc-id', } option.

This looks pretty much like a bug, but I expect it is a lot easier to get a documentation fix than a change to the API.

Demonstration from the ruby sdk:

vpc_id = LambdaFunction::WorkerLambda::VPC_ID.to_s
group_name = ec2.describe_security_groups(
  filters: [{name: 'vpc-id', values: [vpc_id]
}]).security_groups[4].group_name

ec2.describe_security_groups(
  filters: [{name: 'vpc-id', values: [vpc_id]}],
  group_names: [group_name]
)

/usr/local/bundle/gems/aws-sdk-core-3.190.2/lib/seahorse/client/plugins/raise_response_errors.rb:17:in `call':
The security group 'security-group' does not exist in default VPC 'vpc-12345678' (Aws::EC2::Errors::InvalidGroupNotFound)

So the options check does not fail. This looks like a bug in the client, but since we're getting an exception anyway...

I also note that the API documentation indicates that group_ids is a required field if you are not in the default vpc. If this were true, it would be a severe bug. Thankfully, the API does not require this, at least for the case I observe.

Links

https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-security-groups.html https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/EC2/Client.html#describe_security_groups-instance_method

This is my Answer for this documentation i tried this solution using some other Ai tools to leverage my work :

It seems like you're encountering an issue with the AWS SDK for Ruby when using the describe_security_groups method. The error message indicates an incompatibility between the group_names and filters options.

The issue appears to arise when you provide both group_names and filters options in the describe_security_groups call. The error message suggests that the provided security group name (group_name) does not exist in the default VPC.

It's important to note that the AWS API documentation indicates that group_ids is a required field if you are not in the default VPC. However, you've observed that this is not the case in your scenario.

This discrepancy between the documented behavior and the actual behavior you're experiencing could indeed indicate a bug in the AWS SDK for Ruby. It might be worth checking the AWS SDK for Ruby's issue tracker or forums to see if others have reported similar issues. Additionally, reaching out to AWS support could provide further insights or assistance in resolving this issue.

In the meantime, you might consider adjusting your code to either use group_ids instead of group_names or to remove the group_names option altogether if it's not necessary for your use case. This might help to work around the issue until a fix is available.

from aws-cli.