Class: EksCli::EC2::SecurityGroup

Inherits:
Object
  • Object
show all
Defined in:
lib/eks_cli/ec2/security_group.rb

Instance Method Summary collapse

Constructor Details

#initialize(cluster_name, open_ports) ⇒ SecurityGroup

Returns a new instance of SecurityGroup.



8
9
10
11
 
# File 'lib/eks_cli/ec2/security_group.rb', line 8

def initialize(cluster_name, open_ports)
  @cluster_name = cluster_name
  @open_ports = open_ports
end

Instance Method Details

#createObject 



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/eks_cli/ec2/security_group.rb', line 13

def create
  Log.info "creating security group for in-cluster communication for #{@cluster_name}"
  gid = client.create_security_group(description: "Security group for in-cluster communication on #{@cluster_name}", 
                                     group_name: "#{@cluster_name}-SG", 
                                     vpc_id: vpc_id).group_id

  Log.info "created security group #{gid}, setting ingress/egress rules"

  client.authorize_security_group_ingress(group_id: gid,
                                          ip_permissions: [{from_port: -1,
                                                            ip_protocol: "-1",
                                                            to_port: -1,
                                                            user_id_group_pairs: [{description: "in-cluster communication for #{@cluster_name}", 
                                                                                   group_id: gid}]}])

  @open_ports.each do |port|

    client.authorize_security_group_ingress(group_id: gid,
                                            ip_permissions: [{from_port: port,
                                                              to_port: port,
                                                              ip_protocol: "tcp",
                                                              ip_ranges: [{cidr_ip: "0.0.0.0/0",
                                                                           description: "EKS cluster allow access on port #{port}"}]}])
  end

  Log.info "done"
  gid
end