class Awful::SecurityGroup

Public Instance Methods

authorize(name) click to toggle source
# File lib/awful/security_group.rb, line 105
def authorize(name)
  ec2.authorize_security_group_ingress(
    group_id:    get_id(name),
    ip_protocol: options[:protocol],
    from_port:   options[:from_port] || options[:port],
    to_port:     options[:to_port]   || options[:port],
    cidr_ip:     options[:cidr] || get_my_ip,
  )
rescue Aws::EC2::Errors::InvalidPermissionDuplicate => e
  warn(e.message)
end
dump(name) click to toggle source
# File lib/awful/security_group.rb, line 76
def dump(name)
  first_matching_sg(name).output do |sg|
    puts YAML.dump(stringify_keys(sg.to_hash))
  end
end
first_matching_sg(name) click to toggle source

return first SG that matches name to id, group_name, or Name tag

# File lib/awful/security_group.rb, line 52
def first_matching_sg(name)
  field = name.match(/^sg-[\d[a-f]]{8}$/) ? :group_id : :group_name
  ec2.describe_security_groups.map(&:security_groups).flatten.find do |sg|
    sg.send(field).match(name) or (tag_name(sg)||'').match(name)
  end
end
get_id(name) click to toggle source

get security group by name or id

# File lib/awful/security_group.rb, line 60
def get_id(name)
  if name.match(/^sg-[\d[a-f]]{8}$/)
    name
  else
    ec2.describe_security_groups(filters: [{name: 'group-name', values: [name]}]).security_groups.first.group_id
  end
end
get_my_ip() click to toggle source

lookup my IP as a CIDR

# File lib/awful/security_group.rb, line 69
def get_my_ip
  open('http://v4.ident.me/').read + '/32'
end
inbound(name) click to toggle source
# File lib/awful/security_group.rb, line 84
def inbound(name)
  first_matching_sg(name).ip_permissions.output do |perms|
    sources = ->(perm) { perm.ip_ranges.map(&:cidr_ip) + perm.user_id_group_pairs.map(&:group_id) }
    if options[:long]
      perms.map do |p|
        sources.call(p).map do |s|
          [p.ip_protocol, p.from_port, p.to_port, s]
        end
      end.flatten(1).output { |list| print_table list }
    else
      puts perms.map { |p| sources.call(p) }.flatten
    end
  end
end
ls(*ids) click to toggle source
# File lib/awful/security_group.rb, line 19
def ls(*ids)
  ## filter by tags
  filters = []
  options[:tags].each do |tag|
    key, value = tag.split('=')
    filters << {name: "tag:#{key}", values: [value]}
  end
  filters << {name: 'tag:aws:cloudformation:stack-name', values: [options[:stack]]}    if options[:stack]
  filters << {name: 'tag:aws:cloudformation:logical-id', values: [options[:resource]]} if options[:resource]
  filters = nil if filters.empty? # sdk does not like empty arrays as args

  ec2.describe_security_groups(group_ids: ids, filters: filters).security_groups.output do |groups|
    if options[:long]
      print_table groups.map { |g|
        [ g.group_name, g.group_id, g.vpc_id, g.description ]
      }.sort
    elsif options[:ingress]
      print_table groups.map { |g|
        [ g.group_name, g.group_id, g.ip_permissions.map { |p| "#{p.ip_protocol}:#{p.from_port}-#{p.to_port}" }.join(',') ]
      }.sort
    elsif options[:egress]
      print_table groups.map { |g|
        [ g.group_name, g.group_id, g.ip_permissions_egress.map { |p| "#{p.ip_protocol}:#{p.from_port}-#{p.to_port}" }.join(',') ]
      }.sort
    else
      puts groups.map(&:group_name).sort
    end
  end
end
revoke(name) click to toggle source
# File lib/awful/security_group.rb, line 123
def revoke(name)
  ec2.revoke_security_group_ingress(
    group_id:    get_id(name),
    ip_protocol: options[:protocol],
    from_port:   options[:from_port] || options[:port],
    to_port:     options[:to_port]   || options[:port],
    cidr_ip:     options[:cidr] || get_my_ip,
  )
rescue Aws::EC2::Errors::InvalidPermissionNotFound => e
  warn(e.message)
end