Wednesday, April 27, 2022

[SOLVED] Adding custom cidr to ingress security group using Lambda without default vpc


First of all I have been searching stackflow and the internet for this but I didn't find exactly where the issue is.

Basically I am trying to add custom cidr ips to a security group via lambda function. I have given all the appropriate permissions (as far as i can tell) [REMOVED]and also tried attaching the vpc (which is non-default) to the lambda function to access the security group[REMOVED].

But I am getting "An error occurred (VPCIdNotSpecified) when calling the AuthorizeSecurityGroupIngress operation: No default VPC for this user"


    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
            "Resource": "*"
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
            "Resource": [

Lambda function:

import boto3
ec2 = boto3.client('ec2')
def lambda_handler(event, context):
    response = ec2.authorize_security_group_ingress(
            'FromPort': 443,
            'IpProtocol': 'tcp',
            'IpRanges': [
                    'CidrIp': '1x.1x.x.1x/32',
                    'Description': 'adding test cidr using lambda'
            'ToPort': 443
    return response

Could someone point me to the right direction? VPC is non-default. All I need is the add ingress rule to existing security group within non-default vpc



Found the solution: Initially it was syntax error but after googling i thought it requires vpc so I added VPC to the Lambda configuration which was not required for this purpose. For anyone having the same issue (only want to update security group with the cidr): below is the correct function and permissions (function isnt complete as depending on the solution u may want to delete old rules too):

Lambda function:

import boto3
ec2 = boto3.client('ec2')
def lambda_handler(event, context):
    response = ec2.authorize_security_group_ingress(
                'FromPort': 443,
                'IpProtocol': 'tcp',
                'IpRanges': [
                        'CidrIp': '1x.2x.3x.4x/32',
                        'Description': 'Security group updated via lambda'
                'ToPort': 443
    return response

IAM Policy on lambda execution role:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
            "Resource": "arn or all"

Answered By - spiceitup
Answer Checked By - Dawn Plyler (WPSolving Volunteer)