11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# File 'lib/aw_sec/core.rb', line 11
def secure(group_names, public_ip, options = {})
public_ip = public_ip
@port = options[:port] || 22
@region = options[:aws_region]
@aws_key = options[:aws_key]
@aws_secret = options[:aws_secret]
revoke_all = options.has_key?(:revoke_all) ? options[:revoke_all] : true
wtlist = options[:whitelist] || []
whitelist = []
public_ip = "#{public_ip}/32" unless public_ip =~ /\//
wtlist.each do |ip|
whitelist << "#{ip}/32" unless ip =~ /\//
end
puts "Connecting AWS..."
groups = get_groups(group_names)
groups.each do |group|
next if group.nil?
puts "Configuring #{group.name}"
granted_ips = list_ips(group) || []
puts "Existing IPs with access to port #{port}: #{granted_ips.join(',')}"
allowed_ips = granted_ips.select { |i| whitelist.include? i }
allowed_ips << public_ip
if revoke_all
granted_ips.each do |ip|
unless allowed_ips.include? ip
puts "Revoking access to #{ip}"
revoke_access(group, ip)
end
end
end
granted_ips.uniq!
allowed_ips.each do |ip|
puts "Granting access to port #{port} to #{ip}"
safe_authorize_port(group, ip)
end
end
end
|