class Awful::SecurityGroup
Public Instance Methods
dump(name)
click to toggle source
# File lib/awful/security_group.rb, line 76 def dump(name) first_matching_sg(name).output do |sg| puts YAML.dump(stringify_keys(sg.to_hash)) end end
first_matching_sg(name)
click to toggle source
return first SG that matches name to id, group_name, or Name tag
# File lib/awful/security_group.rb, line 52 def first_matching_sg(name) field = name.match(/^sg-[\d[a-f]]{8}$/) ? :group_id : :group_name ec2.describe_security_groups.map(&:security_groups).flatten.find do |sg| sg.send(field).match(name) or (tag_name(sg)||'').match(name) end end
get_id(name)
click to toggle source
get security group by name or id
# File lib/awful/security_group.rb, line 60 def get_id(name) if name.match(/^sg-[\d[a-f]]{8}$/) name else ec2.describe_security_groups(filters: [{name: 'group-name', values: [name]}]).security_groups.first.group_id end end
get_my_ip()
click to toggle source
lookup my IP as a CIDR
# File lib/awful/security_group.rb, line 69 def get_my_ip open('http://v4.ident.me/').read + '/32' end
inbound(name)
click to toggle source
# File lib/awful/security_group.rb, line 84 def inbound(name) first_matching_sg(name).ip_permissions.output do |perms| sources = ->(perm) { perm.ip_ranges.map(&:cidr_ip) + perm.user_id_group_pairs.map(&:group_id) } if options[:long] perms.map do |p| sources.call(p).map do |s| [p.ip_protocol, p.from_port, p.to_port, s] end end.flatten(1).output { |list| print_table list } else puts perms.map { |p| sources.call(p) }.flatten end end end
ls(*ids)
click to toggle source
# File lib/awful/security_group.rb, line 19 def ls(*ids) ## filter by tags filters = [] options[:tags].each do |tag| key, value = tag.split('=') filters << {name: "tag:#{key}", values: [value]} end filters << {name: 'tag:aws:cloudformation:stack-name', values: [options[:stack]]} if options[:stack] filters << {name: 'tag:aws:cloudformation:logical-id', values: [options[:resource]]} if options[:resource] filters = nil if filters.empty? # sdk does not like empty arrays as args ec2.describe_security_groups(group_ids: ids, filters: filters).security_groups.output do |groups| if options[:long] print_table groups.map { |g| [ g.group_name, g.group_id, g.vpc_id, g.description ] }.sort elsif options[:ingress] print_table groups.map { |g| [ g.group_name, g.group_id, g.ip_permissions.map { |p| "#{p.ip_protocol}:#{p.from_port}-#{p.to_port}" }.join(',') ] }.sort elsif options[:egress] print_table groups.map { |g| [ g.group_name, g.group_id, g.ip_permissions_egress.map { |p| "#{p.ip_protocol}:#{p.from_port}-#{p.to_port}" }.join(',') ] }.sort else puts groups.map(&:group_name).sort end end end
revoke(name)
click to toggle source
# File lib/awful/security_group.rb, line 123 def revoke(name) ec2.revoke_security_group_ingress( group_id: get_id(name), ip_protocol: options[:protocol], from_port: options[:from_port] || options[:port], to_port: options[:to_port] || options[:port], cidr_ip: options[:cidr] || get_my_ip, ) rescue Aws::EC2::Errors::InvalidPermissionNotFound => e warn(e.message) end