Beispiel #1
def get_vdcm_management_security_group(template,
    """Get a vdcm security group containing the vdcm rules for management

    :param name: unique name of the security group.
    :param template: the template to add this subnet too.
    :param vpc: the vpc to add this subnet too.
    :param cidr: the cidr to use to create this security group rule. Defaults to the CISCO_CIDR.
    :return: security_group
    sg = SecurityGroup(sg_name, template=template)
    sg.Tags = Tags(Name=aws_name(sg.title))
    sg.GroupDescription = 'vdcm security group for management'
    sg.VpcId = Ref(vpc)

    rules = Rules()
    rs = [
        rules.ssh, rules.http, rules.https, rules.influxdb, rules.vnc,, rules.graphana, rules.all_icmp, rules.abr2ts
    if cidr:
        rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs]


    sg.SecurityGroupIngress = rs

    return sg
Beispiel #2
def get_private_security_group(template, vpc, cidr, desc):
    """Get a security group containing the rules to allow all protocol on all ports from "CIDR-subnet".
    only to be used behind bastion

    :param template: the template to add this subnet too.
    :param vpc: the vpc to add this subnet too.
    :return: security_goup
    sg = SecurityGroup('{}securitygroup'.format(desc), template=template)
    sg.Tags = Tags(Name=aws_name(sg.title))
    sg.GroupDescription = 'security group for {} subnet'.format(desc)
    sg.VpcId = Ref(vpc)
    rules = Rules()
    rs = [rules.all]
    if cidr:
        rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs]
    sg.SecurityGroupIngress = rs
    return sg
Beispiel #3
def get_vdcm_video_security_group(template, vpc, cidr=None):
    """Get a vdcm security group containing the default vdcm rules for video.

    :param template: the template to add this subnet too.
    :param vpc: the vpc to add this subnet too.
    :param cidr: the cidr to use to create this security group rule.
    :return: security_goup
    sg = SecurityGroup('vdcmvideosecuritygroup', template=template)
    sg.Tags = Tags(Name=aws_name(sg.title))
    sg.GroupDescription = 'vdcm security group for video'
    sg.VpcId = Ref(vpc)
    rules = Rules()
    rs = [rules.all_udp, rules.all_icmp, rules.all_sn]
    if cidr:
        rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs]

    sg.SecurityGroupIngress = rs
    return sg
Beispiel #4
def get_http_security_group(template,
    """Get a securty group that fits for plain http"""
    sg = SecurityGroup(title=sg_name, template=template)
    sg.Tags = Tags(Name=aws_name(sg.title))
    sg.GroupDescription = 'security group for http'
    sg.VpcId = Ref(vpc)
    rules = Rules()
    rs = [rules.http]
    if cidr:
        if not isinstance(cidr, list):
            cidr = [cidr]
        rs = [
            rules.override_cidr(rule=r, cidr=cidr_item) for r in rs
            for cidr_item in cidr

    sg.SecurityGroupIngress = rs

    return sg
Beispiel #5
def get_elb_security_group(template,
    """Get elb security group containing the elb rules for management

    :param template: the template to add this subnet too.
    :param vpc: the vpc to add this subnet too.
    :param cidr: the cidr to use to create this security group rule. Defaults to the CISCO_CIDR.
    :return: security_group
    sg = SecurityGroup(sg_name, template=template)
    sg.Tags = Tags(Name=aws_name(sg.title))
    sg.GroupDescription = 'security group for elb'
    sg.VpcId = Ref(vpc)

    rules = Rules()
    rs = [, rules.https]
    if cidr:
        rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs]
    sg.SecurityGroupIngress = rs
    return sg