I am trying to set security group ids while creating an EC2 instance. If I have a specific security group Id list, I can do this:
boto3.resource(resource, region_name=self.region)
ec2 = self.resource
instances = ec2.create_instances(
ImageId=image_id,
MinCount=minCount,
MaxCount=maxCount,
InstanceType=instance_type,
SubnetId=subnet_id,
KeyName=key_pair,
SecurityGroupIds=security_groups)
If I don't have the security group ids I'd like to use a default security group ids that get associated to launch-wizard-# security group if I don't pass SecurityGroupIds argument in ec2.create_instances. Is there a way to pass something to SecurityGroupIds argument that tells boto3 to use default security group Id? More specifically:
instances = ec2.create_instances(
ImageId=image_id,
MinCount=minCount,
MaxCount=maxCount,
InstanceType=instance_type,
SubnetId=subnet_id,
KeyName=key_pair,
SecurityGroupIds= <"What do I pass here so that boto3 takes in defaults?">)
So that I get the same behavior as below (using the previous code snippet):
instances = ec2.create_instances(
ImageId=image_id,
MinCount=minCount,
MaxCount=maxCount,
InstanceType=instance_type,
SubnetId=subnet_id,
KeyName=key_pair)
Those
launch-wizard-#SGs are created by the console launch wizard, they are not "default" in any way.On the other hand each VPC has a
defaultSG that can be assigned to instances, however it's not very useful. E.g. it doesn't permit inbound access from outside.I recommend against relying on any implicit defaults. Better create a new SG in your boto3 script before creating the instance and then assign it to the instance.
See Working with Security Groups in boto3 for details.