Piculet
Piculet is a tool to manage EC2 Security Group.
It defines the state of EC2 Security Group using DSL, and updates EC2 Security Group according to DSL.
Installation
Add this line to your application's Gemfile:
gem 'piculet'
And then execute:
$ bundle
Or install it yourself as:
$ gem install piculet
Usage
export AWS_ACCESS_KEY_ID='...'
export AWS_SECRET_ACCESS_KEY='...'
export AWS_REGION='ap-northeast-1'
#export AWS_OWNER_ID='123456789012'
piculet -e -o Groupfile # export EC2 SecurityGroup
vi Groupfile
piculet -a --dry-run
piculet -a # apply `Groupfile` to EC2 SecurityGroup
Groupfile example
require 'other/groupfile'
ec2 do
security_group "default" do
description "default group"
ingress do
:tcp, 0..65535 do
groups(
"default"
)
end
:udp, 0..65535 do
groups(
"default"
)
end
:icmp, -1..-1 do
groups(
"default"
)
end
:tcp, 22..22 do
ip_ranges(
"0.0.0.0/0"
)
end
:udp, 60000..61000 do
ip_ranges(
"0.0.0.0/0",
)
end
end
end
end
ec2 "vpc-XXXXXXXX" do
security_group "default" do
description "default VPC security group"
ingress do
:tcp, 22..22 do
ip_ranges(
"0.0.0.0/0",
)
end
:tcp, 80..80 do
ip_ranges(
"0.0.0.0/0"
)
end
:udp, 60000..61000 do
ip_ranges(
"0.0.0.0/0"
)
end
:any do
groups(
"any_other_group",
"default"
)
end
end
egress do
:any do
ip_ranges(
"0.0.0.0/0"
)
end
end
end
security_group "any_other_group" do
description "any_other_group"
egress do
:any do
ip_ranges(
"0.0.0.0/0"
)
end
end
end
end