python boto3 allow ingress security groups

The 2 different classes are about different levels of abstraction.

Client classes are low level wrappers around each API action. ie. AuthorizeSecurityGroupIngress
Resource classes are object oriented, you instantiate an object to represent the group and interact with it that way. It provides a higher level of abstraction that decouples you from the individual API calls and provides some persistence

to show the difference, lets create a security group and open port 80 to the internet.

with client

    ec2 = boto3.client('ec2')
    response = ec2.create_security_group(GroupName='testgroup2',Description='testme')
    ec2.authorize_security_group_ingress(GroupId=response['GroupId'],IpProtocol="tcp",CidrIp="0.0.0.0/0",FromPort=80,ToPort=80)

with resource:

    ec2 = boto3.resource('ec2')
    mysg = ec2.create_security_group(GroupName="testgroup",Description='testme')
    mysg.authorize_ingress(IpProtocol="tcp",CidrIp="0.0.0.0/0",FromPort=80,ToPort=80)

The key difference here is that resource object eliminates the need for a "response" variable and takes care of remembering the Security group for later use. It doesn't seem like a big difference but it makes your code cleaner and more object oriented
see the boto docs: https://boto3.readthedocs.org/en/latest/guide/resources.html for more detail on them.

python boto3 allow ingress security groups

Tags:

Python

Amazon Web Services

Aws Cli

Boto

Security Groups

Related

Recent Posts