Class: AWS::EC2::SecurityGroup

Inherits:
Resource
  • Object
show all
Includes:
TaggedItem
Defined in:
lib/aws/ec2/security_group.rb,
lib/aws/ec2/security_group/ip_permission.rb,
lib/aws/ec2/security_group/ip_permission_collection.rb

Overview

Represents a security group in EC2.

Defined Under Namespace

Classes: IpPermission, IpPermissionCollection

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from TaggedItem

#add_tag, #clear_tags, #tags

Constructor Details

#initialize(id, options = {}) ⇒ SecurityGroup

Returns a new instance of SecurityGroup.



27
28
29
30
31
32
33
# File 'lib/aws/ec2/security_group.rb', line 27

def initialize id, options = {}
  @id = id
  @name = options[:name]
  @description = options[:description]
  @owner_id = options[:owner_id]
  super
end

Instance Attribute Details

#idString (readonly) Also known as: group_id

Returns The id of the security group.

Returns:

  • (String)

    The id of the security group.



36
37
38
# File 'lib/aws/ec2/security_group.rb', line 36

def id
  @id
end

Instance Method Details

#allow_ping(*sources) ⇒ Object

Adds ingress rules for ICMP pings. Defaults to 0.0.0.0/0 for the list of allowed IP ranges the ping can come from.

security_group.allow_ping # anyone can ping servers in this group

# only allow ping from a particular address
security_group.allow_ping('123.123.123.123/0')

Parameters:

  • ip_ranges (String)

    One or more IP ranges to allow ping from. Defaults to 0.0.0.0/0



80
81
82
83
# File 'lib/aws/ec2/security_group.rb', line 80

def allow_ping *sources
  sources << '0.0.0.0/0' if sources.empty?
  authorize_ingress('icmp', -1, *sources)
end

#authorize_ingress(protocol, ports, *sources) ⇒ nil

Adds an ingress rules to a security group.

Each ingress exception is comprised of a protocol a port range and a list of sources.

This example grants the whole internet (0.0.0.0/0) access to port 80 over TCP (HTTP web traffic).

security_groups['websrv'].authorize_ingress(:tcp, 80)

In the following example we grant SSH access from a list of IP address.

security_groups['appsrv'].authorize_ingress(:tcp, 22, 
  '111.111.111.111/0', '222.222.222.222/0')

You can also grant privileges to other security groups. This is a convenient shortcut for granting permissions to all EC2 servers in a particular security group access.

web = security_groups['httpservers']
db = security_groups['dbservers']

db.authorize_ingress(:tcp, 3306, web)

You can specify port ranges as well:

security_groups['ftpsvr'].authorize_ingress(:tcp, 20..21)

You can even mix and match IP address and security groups.

Parameters:

  • protocol (String, Symbol)

    Should be :tcp, :udp or :icmp or the string equivalent.

  • ports (Integer, Range)

    The port (or port range) to allow ingress traffic over. You can pass a single integer (like 80) or a range (like 20..21).

  • sources (Mixed)

    One or more CIDR IP addresses, security groups, or hashes. Hash values should have :group_id and :user_id keys/values. This is useful for when the security group belongs to another account. The user id should be the owner_id (account id) of the security group.

Returns:

  • (nil)


142
143
144
145
146
147
148
# File 'lib/aws/ec2/security_group.rb', line 142

def authorize_ingress protocol, ports, *sources
  permissions = format_permission(protocol, ports, sources)
  client.authorize_security_group_ingress(
    :group_id => id,
    :ip_permissions => permissions)
  nil
end

#deletenil

Deletes this security group.

If you attempt to delete a security group that contains instances, or attempt to delete a security group that is referenced by another security group, an error is raised. For example, if security group B has a rule that allows access from security group A, security group A cannot be deleted until the rule is removed.

Returns:

  • (nil)


169
170
171
172
# File 'lib/aws/ec2/security_group.rb', line 169

def delete
  client.delete_security_group(:group_id => id)
  nil
end

#describe_call_nameObject



188
# File 'lib/aws/ec2/security_group.rb', line 188

def describe_call_name; self.class.describe_call_name; end

#descriptionString

Returns The short informal description given when the group was created.

Returns:

  • (String)

    The short informal description given when the group was created.



58
# File 'lib/aws/ec2/security_group.rb', line 58

def description; end

#disallow_ping(*sources) ⇒ Object

Removes ingress rules for ICMP pings. Defaults to 0.0.0.0/0 for the list of IP ranges to revoke.

Parameters:

  • ip_ranges (String)

    One or more IP ranges to allow ping from. Defaults to 0.0.0.0/0



90
91
92
93
# File 'lib/aws/ec2/security_group.rb', line 90

def disallow_ping *sources
  sources << '0.0.0.0/0' if sources.empty?
  revoke_ingress('icmp', -1, *sources)
end

#exists?Boolean

Returns True if the security group exists.

Returns:

  • (Boolean)

    True if the security group exists.



41
42
43
44
45
46
# File 'lib/aws/ec2/security_group.rb', line 41

def exists?
  client.describe_security_groups(:filters =>
                                   [{ :name => "group-id",
                                      :values => [id] }]).
    security_group_index.key?(id)
end

#ip_permissionsSecurityGroup::IpPermissionCollection

Returns a collection of IpPermission objects that represents all of the permissions this security group has authorizations for.

Returns:



66
67
68
# File 'lib/aws/ec2/security_group.rb', line 66

def ip_permissions
  IpPermissionCollection.new(self, :config => config)
end

#nameString

Returns The name of the security group.

Returns:

  • (String)

    The name of the security group.



49
# File 'lib/aws/ec2/security_group.rb', line 49

def name; end

#owner_idString

Returns The id of the owner for this security group.

Returns:

  • (String)

    The id of the owner for this security group.



53
# File 'lib/aws/ec2/security_group.rb', line 53

def owner_id; end

#revoke_ingress(protocol, ports, *sources) ⇒ nil

Parameters:

  • see

    #authorize_ingress

Returns:

  • (nil)


152
153
154
155
156
157
158
# File 'lib/aws/ec2/security_group.rb', line 152

def revoke_ingress protocol, ports, *sources
  permissions = format_permission(protocol, ports, sources)
  client.revoke_security_group_ingress(
    :group_id => id,
    :ip_permissions => permissions)
  nil
end