class AWS::EC2::SecurityGroup
Returns false otherwise.
vpc_id is the ID of the VPC this group was created in.
@attr_reader [String,nil] vpc_id If this is a VPC security group,
@attr_reader [String] owner_id The security group owner’s id.
@attr_reader [String] name The name of the security group.
given when the group was created.
@attr_reader [String] description The short informal description
Represents a security group in EC2.
def self.describe_call_name
- Private: -
def self.describe_call_name :describe_security_groups end
def allow_ping *sources
-
(nil)-
Parameters:
-
sources(String) -- One or more IP ranges to allow ping from.
def allow_ping *sources sources << '0.0.0.0/0' if sources.empty? authorize_ingress('icmp', -1, *sources) end
def authorize_egress *sources
-
(nil)-
Options Hash:
(**options)-
:ports(Range) -- An optional, Integer -
:protocol(Symbol) -- The protocol name or number
Parameters:
-
options(Hash) -- -
sources(Mixed) -- One or more CIDR IP addresses,
Overloads:
-
authorize_egress(*sources, options = {})
Other tags:
- Note: - Calling this method on a non-VPC security group raises an error.
def authorize_egress *sources client.authorize_security_group_egress( :group_id => id, :ip_permissions => [egress_opts(sources)]) nil end
def authorize_ingress protocol, ports, *sources
-
(nil)-
Parameters:
-
sources(Mixed) -- One or more CIDR IP addresses, -
ports(Integer, Range) -- The port (or port range) to allow -
protocol(String, Symbol) -- Should be :tcp, :udp or :icmp
def authorize_ingress protocol, ports, *sources client.authorize_security_group_ingress( :group_id => id, :ip_permissions => [ingress_opts(protocol, ports, sources)] ) nil end
def delete
-
(nil)-
def delete client.delete_security_group(:group_id => id) nil end
def describe_call_name; self.class.describe_call_name; end
def describe_call_name; self.class.describe_call_name; end
def disallow_ping *sources
-
(nil)-
Parameters:
-
sources(String) -- One or more IP ranges to disallow ping from.
def disallow_ping *sources sources << '0.0.0.0/0' if sources.empty? revoke_ingress('icmp', -1, *sources) end
def egress_ip_permissions
-
(SecurityGroup::EgressIpPermissionCollection)- Returns a
def egress_ip_permissions EgressIpPermissionCollection.new(self, :config => config) end
def egress_opts args
def egress_opts args ensure_vpc do last = args.last if last.is_a?(Hash) and (last.key?(:protocol) or last.key?(:ports)) # hashes at the end of egress methods could be a hash intedned # to be a source, like: # # { :group_id => ..., :user_id => ... } # options = args.pop else options = {} end opts = {} opts[:ip_protocol] = [nil,:any, '-1'].include?(options[:protocol]) ? '-1' : options[:protocol].to_s.downcase if options[:ports] opts[:from_port] = Array(options[:ports]).first.to_i opts[:to_port] = Array(options[:ports]).last.to_i end ips, groups = parse_sources(args) opts[:ip_ranges] = ips unless ips.empty? opts[:user_id_group_pairs] = groups unless groups.empty? opts end end
def ensure_vpc &block
def ensure_vpc &block raise 'operation permitted for VPC security groups only' unless vpc? yield end
def exists?
-
(Boolean)- True if the security group exists.
def exists? client.describe_security_groups(:filters => [ { :name => "group-id", :values => [id] } ]).security_group_index.key?(id) end
def find_in_response(resp)
def find_in_response(resp) resp.security_group_index[id] end
def inflected_name
- Private: -
def inflected_name "group" end
def ingress_ip_permissions
-
(SecurityGroup::IngressIpPermissionCollection)- Returns a
def ingress_ip_permissions IngressIpPermissionCollection.new(self, :config => config) end
def ingress_opts protocol, ports, sources
def ingress_opts protocol, ports, sources opts = {} opts[:ip_protocol] = protocol.to_s.downcase opts[:from_port] = Array(ports).first.to_i opts[:to_port] = Array(ports).last.to_i ips, groups = parse_sources(sources) opts[:ip_ranges] = ips unless ips.empty? opts[:user_id_group_pairs] = groups unless groups.empty? opts end
def initialize security_group_id, options = {}
def initialize security_group_id, options = {} @security_group_id = security_group_id super end
def parse_sources sources
def parse_sources sources ips = [] groups = [] sources.each do |source| case source when String ips << { :cidr_ip => source } when SecurityGroup groups << { :group_id => source.id, :user_id => source.owner_id } when ELB::LoadBalancer groups << source.source_security_group when Hash # group name or id required unless source.has_key?(:group_id) or source.has_key?(:group_name) raise ArgumentError, 'invalid ip permission hash, ' + 'must provide :group_id or :group_name' end # prevent typos unless source.keys - [:group_id, :group_name, :user_id] == [] raise ArgumentError, 'invalid ip permission hash, ' + 'only accepts the following keys, :group_id, :group_name, :user_id' end groups << source else raise ArgumentError, 'invalid ingress ip permission, ' + 'expected CIDR IP address or SecurityGroup' end end ips << { :cidr_ip => '0.0.0.0/0' } if ips.empty? and groups.empty? [ips, groups] end
def resource_type
- Private: -
def resource_type 'security-group' end
def revoke_egress *sources
-
(nil)-
Other tags:
- See: #authorize_egress -
def revoke_egress *sources client.revoke_security_group_egress( :group_id => id, :ip_permissions => [egress_opts(sources)]) nil end
def revoke_ingress protocol, ports, *sources
-
(nil)-
Other tags:
- See: #authorize_ingress -
def revoke_ingress protocol, ports, *sources client.revoke_security_group_ingress( :group_id => id, :ip_permissions => [ingress_opts(protocol, ports, sources)] ) nil end
def vpc
-
(VPC, nil)- Returns the VPC this security group belongs to,
def vpc if vpc_id VPC.new(vpc_id, :config => config) end end
def vpc?
-
(Boolean)- Returns true if this is a VPC security group and
def vpc? vpc_id ? true : false end