Boto3: AuthorizeSecurityGroupIngress operation: TCP/UDP port (-1) out of range when passing non -1

Created on 30 Oct 2015  路  3Comments  路  Source: boto/boto3

Hi,

This is my traceback:

Traceback (most recent call last):
  File "./mp_make_env.py", line 50, in <module>
    'ToPort': port
  File "/Users/teran/repos/public/boto3/boto3/resources/factory.py", line 394, in do_action
    response = action(self, *args, **kwargs)
  File "/Users/teran/repos/public/boto3/boto3/resources/action.py", line 77, in __call__
    response = getattr(parent.meta.client, operation_name)(**params)
  File "/Users/teran/repos/public/boto3/venv/src/botocore/botocore/client.py", line 310, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/teran/repos/public/boto3/venv/src/botocore/botocore/client.py", line 395, in _make_api_call
    raise ClientError(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (InvalidPermission.Malformed) when calling the AuthorizeSecurityGroupIngress operation: TCP/UDP port (-1) out of range

Code snippet is the following:

for port in [22, 80, 443, 843]:
    security_group.authorize_ingress(
        IpPermissions=[
            {
                'IpProtocol': 'tcp',
                'ToPort': port
            }
        ]
    )

I'm using boto3 in a venv at cf7d1652746597ba4b9a82c1df9fce81503ade8a. Do you know if I'm doing something wrong or if this is a bug?

Thank you!

question
Source
picture teran-mckinney

Most helpful comment

Thank you!

I just realized my confusion...

FromPort is the beginning of the port range. ToPort is the end of the port range. This is exceptionally confusing as I as thinking it was source/destination port. Could it eventually be renamed to PortRangeStart and PortRangeEnd, or something similar?

--Teran

picture teran-mckinney on 3 Nov 2015
👍12 😄2

All 3 comments

With your snippet I get another error entirely: An error occurred (InvalidParameterValue) when calling the AuthorizeSecurityGroupIngress operation: Invalid value 'Must specify both from and to ports with TCP/UDP.' for portRange.

I suspect that we may be hitting the same issue, however, which is that you need to specify FromPort.

ec2 = boto3.resource('ec2')
security_group = ec2.create_security_group(
    GroupName='tmp_testing_group', Description='test')
for port in [22, 80, 443, 843]:
    security_group.authorize_ingress(
        IpPermissions=[
            {
                'IpProtocol': 'tcp',
                'FromPort': port,
                'ToPort': port
            }
        ]
    )
security_group.delete()

Let me know if that works for you.

JordonPhillips picture JordonPhillips on 30 Oct 2015

Thank you!

I just realized my confusion...

FromPort is the beginning of the port range. ToPort is the end of the port range. This is exceptionally confusing as I as thinking it was source/destination port. Could it eventually be renamed to PortRangeStart and PortRangeEnd, or something similar?

--Teran

teran-mckinney picture teran-mckinney on 3 Nov 2015
👍12 😄2

@teran-mckinney That would be up to the service team, but I expect that they would not do that at this point as it would be a breaking change. Glad everything worked out!

JordonPhillips picture JordonPhillips on 3 Nov 2015
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

leima965 picture leima965  路  3Comments
raolivei picture raolivei  路  3Comments
luistm picture luistm  路  3Comments
chesstrian picture chesstrian  路  3Comments
boompig picture boompig  路  3Comments