Module: Balancer::SecurityGroup
Instance Method Summary collapse
- #authorize_elb_port(group_id) ⇒ Object
- #aws_cli_command(aws_command, params) ⇒ Object
- #create_security_group ⇒ Object
- #destroy_security_group ⇒ Object
- #find_security_group(name) ⇒ Object
- #option_transformer ⇒ Object
-
#param ⇒ Object
Few other common methods also included here.
- #pretty_display(data) ⇒ Object
-
#sg_vpc_id ⇒ Object
Use security group that is set in the profile under create_target_group.
Instance Method Details
#authorize_elb_port(group_id) ⇒ Object
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/balancer/security_group.rb', line 36 def (group_id) resp = ec2.describe_security_groups(group_ids: [group_id]) sg = resp.security_groups.first = sg..find do |perm| perm.from_port == 80 && perm.to_port == 80 perm.ip_ranges.find { |ip_range| ip_range.cidr_ip == @options[:sg_cidr] } end if return end listener_port = param.create_listener[:port] # authorize the matching port in the create_listener setting params = {group_id: group_id, protocol: "tcp", port: listener_port, cidr: @options[:sg_cidr]} puts "Authorizing listening port for security group" aws_cli_command("aws ec2 authorize-security-group-ingress", params) ec2.( group_id: params[:group_id], ip_permissions: [ from_port: listener_port, to_port: listener_port, ip_protocol: "tcp", ip_ranges: [ cidr_ip: @options[:sg_cidr], description: "balancer #{@name}" ] ] ) end |
#aws_cli_command(aws_command, params) ⇒ Object
133 134 135 136 137 |
# File 'lib/balancer/security_group.rb', line 133 def aws_cli_command(aws_command, params) # puts "Equivalent aws cli command:" = option_transformer.to_cli(params) puts " #{aws_command} #{}".colorize(:light_blue) end |
#create_security_group ⇒ Object
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/balancer/security_group.rb', line 5 def create_security_group sg = find_security_group(@name) group_id = sg.group_id if sg unless group_id puts "Creating security group #{@name} in vpc #{sg_vpc_id}" params = {group_name: @name, description: @name, vpc_id: sg_vpc_id} aws_cli_command("aws ec2 create-security-group", params) begin resp = ec2.create_security_group(params) rescue Aws::EC2::Errors::InvalidVpcIDNotFound => e puts "ERROR: #{e.class} #{e.}".colorize(:red) exit 1 end group_id = resp.group_id puts "Created security group: #{group_id}" end (group_id) ec2.(resources: [group_id], tags: [{ key: "Name", value: @name }, key: "balancer", value: @name ]) group_id end |
#destroy_security_group ⇒ Object
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# File 'lib/balancer/security_group.rb', line 69 def destroy_security_group sg = find_security_group(@name) return unless sg balancer_tag = sg..find { |t| t.key == "balancer" && t.value == @name } unless balancer_tag puts "WARN: not destroying the #{@name} security group because it doesn't have a matching balancer tag".colorize(:yellow) return end puts "Deleting security group #{@name} in vpc #{sg_vpc_id}" params = {group_id: sg.group_id} aws_cli_command("aws ec2 delete-security-group", params) tries = 0 begin ec2.delete_security_group(params) puts "Deleted security group: #{sg.group_id}" rescue Aws::EC2::Errors::DependencyViolation => e sleep 2**tries tries += 1 if tries <= 4 # retry because it takes some time for the load balancer to be deleted # and that can cause a DependencyViolation exception retry else puts "WARN: #{e.class} #{e.}".colorize(:yellow) puts "Unable to delete the security group because it's still in use by another resource. Leaving the security group." end end end |
#find_security_group(name) ⇒ Object
107 108 109 110 111 112 113 |
# File 'lib/balancer/security_group.rb', line 107 def find_security_group(name) resp = ec2.describe_security_groups(filters: [ {name: "group-name", values: ["my-elb"]}, {name: "vpc-id", values: [sg_vpc_id]}, ]) resp.security_groups.first end |
#option_transformer ⇒ Object
128 129 130 |
# File 'lib/balancer/security_group.rb', line 128 def option_transformer Balancer::OptionTransformer.new end |
#param ⇒ Object
Few other common methods also included here
118 119 120 |
# File 'lib/balancer/security_group.rb', line 118 def param Param.new(@options) end |
#pretty_display(data) ⇒ Object
123 124 125 126 |
# File 'lib/balancer/security_group.rb', line 123 def pretty_display(data) data = data.deep_stringify_keys puts YAML.dump(data) end |
#sg_vpc_id ⇒ Object
Use security group that is set in the profile under create_target_group
102 103 104 |
# File 'lib/balancer/security_group.rb', line 102 def sg_vpc_id param.create_target_group[:vpc_id] end |