1

I've a script that I'm using to run authorize-security-group-ingress AWS CLI command.

IP = 10.10.10.10
CIDR = 32
Variable = sudo aws ec2 authorize-security-group-ingress --group-id sg-xxxxxx --ip-permissions FromPort=10,ToPort=23,IpProtocol=tcp,IpRanges='[{CidrIp=$((IP / 32))}]'
$Variable

But I get an error CIDR block $((IP / 32)) is malformed. I tried changing the $((IP / 32)) block to $IP/32 , ($(IP) / $(CIDR)) but I still seem to get the same error. Can someone tell me what I'm doing wrong? The main issue is converting to a valid IP CIDR.

insane_dbz
  • 13
  • 5

2 Answers2

1

You could do as Siddarth mentioned. Or, fix your query. The issue with your code is that you are using a single-quote (') instead of double-quotes (") for IpRanges. As per this SO question, Single quotes won't interpolate anything, but double quotes will.

Once you replace it, your script will fail again because $((...)) is an arithmetic expansion. Remove the (()) in your script and it should work fine.

Final solution:

aws ec2 authorize-security-group-ingress --group-id sg-xxxxxx --ip-permissions FromPort=10,ToPort=23,IpProtocol=tcp,IpRanges="[{CidrIp=$IP/$CIDR}]"
krishna_mee2004
  • 6,556
  • 2
  • 35
  • 45
  • Tried this but it gives me a similar error. `sudo aws ec2 authorize-security-group-ingress --group-id sg-xxxx --ip-permissions FromPort=10,ToPort=23,IpProtocol=tcp,IpRanges="[{CidrIp=$IP/$CIDR}]"` `CIDR block / is malformed` – insane_dbz Apr 05 '18 at 13:18
  • Can you share the value of IP and CIDR variables? – krishna_mee2004 Apr 05 '18 at 13:19
  • It actually worked by using your way and by correcting the way I declare the variable. It should be `IP=10.10.10.10` not `IP = 10.10.10.10` and the same with `CIDR`. – insane_dbz Apr 05 '18 at 14:09
0

Have you tried it like this

'[{"IpProtocol":"tcp","IpRanges": [{"CidrIp": "10.10.10.10/32"}]}]'

Replacing your line of code with this worked for me.

papaya
  • 1,505
  • 1
  • 13
  • 26
  • Yes, I've tried that.. That worked for me too.. I'm trying to get an IP from another file, so temporarily I hard coded it as IP. – insane_dbz Apr 05 '18 at 12:16