def createSG(ec2, name, rules):
"""
Create a new SecurityGroup
"""
# check if the security group exists
group = None
sgGroups = [sg for sg in ec2.get_all_security_groups() if sg.name == name]
if sgGroups:
group = sgGroups[0]
ec2.delete_security_group(name=name, group_id=group)
print "Creating %s Security Group" % name
group = ec2.create_security_group(name, 'group for %s' % name)
if group:
# Set the inbound rules
for rule in rules:
if rule.src_group_name:
group.authorize(ip_protocol=rule.ip_protocol,
from_port=rule.from_port,
to_port=rule.to_port,
cidr_ip=rule.cidr_ip,
src_group=group)
else:
group.authorize(ip_protocol=rule.ip_protocol,
from_port=rule.from_port,
to_port=rule.to_port,
cidr_ip=rule.cidr_ip,
src_group=None)
return True
else:
logError('Error during ' + name + ' Security Group update')
return False
def terminate(elastic_IP):
global allocation_id
ec2 = boto3.client('ec2')
conn = boto.ec2.connect_to_region("us-east-1")
filters = {"ip-address": elastic_IP}
instances = conn.get_only_instances(filters=filters)
filters = [{'Name': 'public-ip', 'Values': [elastic_IP]}]
addresses = ec2.describe_addresses(Filters=filters)
inst_id = str(instances[0].id)
alloc_id = addresses['Addresses'][0]['AllocationId']
ec2.release_address(AllocationId=alloc_id)
conn.terminate_instances(instance_ids=[
inst_id,
])
while instances[0].update(
) != "terminated": #wait until the instance has been terminated
time.sleep(5)
ec2.delete_security_group(GroupName='csc326-group23')
ec2.delete_key_pair(KeyName='key')
def security_group_ssh():
# If the demo security group exists, purge so it's known to be clean.
groups = ec2.get_all_security_groups()
for group in groups:
if group.name == DEMO_SECURITY_GROUP:
ec2.delete_security_group(DEMO_SECURITY_GROUP)
# create new security group opening up ssh and tomcat7 ports
group = ec2.create_security_group(DEMO_SECURITY_GROUP, 'Security group for demonstration')
my_cidr = get_external_ip() + '/32'
group.authorize('tcp', 22, 22, my_cidr)
group.authorize('tcp', 8080, 8080, my_cidr)
return;
def delete_security_group(self, group_name):
if self.account.vpc_id:
try:
sg = self.account.security_groups.get(name=group_name)
kwargs = {'group_id': sg.group_id}
except ObjectDoesNotExist:
return
else:
kwargs = {'name': group_name}
ec2 = self.connect_ec2()
try:
ec2.delete_security_group(**kwargs)
except boto.exception.EC2ResponseError as e:
logger.error('Error deleting security group {0}'.format(group_name))
raise DeleteGroupException(e.error_message)
def delete_security_group(self, group_name):
if self.account.vpc_id:
try:
sg = self.account.security_groups.get(name=group_name)
kwargs = {'group_id': sg.group_id}
except ObjectDoesNotExist:
return
else:
kwargs = {'name': group_name}
ec2 = self.connect_ec2()
try:
ec2.delete_security_group(**kwargs)
except boto.exception.EC2ResponseError as e:
logger.error(
'Error deleting security group {0}'.format(group_name))
raise DeleteGroupException(e.error_message)
def delete_security_group(self, group_name):
from django.core.exceptions import ObjectDoesNotExist
if self.obj.vpc_id:
try:
sg = self.obj.security_groups.get(name=group_name)
kwargs = {'group_id': sg.group_id}
except ObjectDoesNotExist:
return
else:
kwargs = {'name': group_name}
ec2 = self.connect_ec2()
try:
ec2.delete_security_group(**kwargs)
except boto.exception.EC2ResponseError, e:
logger.exception('Error deleting security group {0}'.format(
group_name)
)
if e.status == 400:
raise BadRequest(e.error_message)
raise InternalServerError(e.error_message)
def createSG(ec2,name,rules):
"""
Create a new SecurityGroup
"""
# check if the security group exists
group = None
sgGroups = [sg for sg in ec2.get_all_security_groups() if sg.name == name]
if sgGroups:
group = sgGroups[0]
ec2.delete_security_group(name=name, group_id=group)
print "Creating %s Security Group" % name
group = ec2.create_security_group(name, 'group for %s' % name)
if group:
# Set the inbound rules
for rule in rules:
if rule.src_group_name:
group.authorize(ip_protocol=rule.ip_protocol,from_port=rule.from_port,to_port=rule.to_port,cidr_ip=rule.cidr_ip,src_group=group)
else:
group.authorize(ip_protocol=rule.ip_protocol,from_port=rule.from_port,to_port=rule.to_port,cidr_ip=rule.cidr_ip,src_group=None)
return True
else:
logError('Error during '+name+' Security Group update')
return False
# get_all_security_groups
print "get_all_security_groups"
import boto.ec2
print "begin delete security group"
ec2 = boto.ec2.connect_to_region(region,
aws_access_key_id=aws_access_key,
aws_secret_access_key=aws_secret_key)
sgroup = ec2.get_all_security_groups()
for i in sgroup:
print i.id
print i.name
if i.name != 'default':
try:
ec2.delete_security_group(i.id)
except Exception, e:
pass
print "peering_connections"
orgtab = vpcCon.get_all_vpc_peering_connections()
for i in orgtab:
print i.id
print vpcCon.delete_vpc_peering_connection(i.id)
#print "route"
print "route table"
orgtab = vpcCon.get_all_route_tables()
for i in orgtab:
print i.id
print vpcCon.delete_route_table(i.id)
log = logging.getLogger('botocross')
bc.configure_logging(log, args.log_level)
credentials = bc.parse_credentials(args)
regions = bc.filter_regions(boto.ec2.regions(), args.region)
# execute business logic
groupname = args.name if args.name else ""
group_id = args.id if args.id else ""
log.info("Deleting EC2 security groups '" + groupname + group_id + "':")
groupnames = [args.name] if args.name else None
group_ids = [args.id] if args.id else None
for region in regions:
pprint(region.name, indent=2)
try:
ec2 = boto.connect_ec2(region=region, **credentials)
groups = ec2.get_all_security_groups(groupnames=groupnames,
group_ids=group_ids)
for group in groups:
num_instances = " with " + str(len(
group.instances())) + " instances assigned" if len(
group.instances()) else ""
if group.instances() and not args.force:
print 'NOT deleting security group ' + group.name + "(" + group.id + ")" + num_instances + " (use --force to override)"
else:
print 'Deleting security group ' + group.name + "(" + group.id + ")" + num_instances
ec2.delete_security_group(name=args.name, group_id=args.id)
except boto.exception.BotoServerError, e:
log.error(e.error_message)
def isSelected(region):
return True if region.name.find(args.region) != -1 else False
# execute business logic
groupname = args.name if args.name else ""
group_id = args.id if args.id else ""
heading = "Deleting EC2 security groups '" + groupname + group_id + "'"
regions = boto.ec2.regions()
if args.region:
heading += " (filtered by region '" + args.region + "')"
regions = filter(isSelected, regions)
groupnames = [args.name] if args.name else None
group_ids = [args.id] if args.id else None
print heading + ":"
for region in regions:
pprint(region.name, indent=2)
try:
ec2 = boto.connect_ec2(region=region, **credentials)
groups = ec2.get_all_security_groups(groupnames=groupnames, group_ids=group_ids)
for group in groups:
num_instances = " with " + str(len(group.instances())) + " instances assigned" if len(group.instances()) else ""
if group.instances() and not args.force:
print 'NOT deleting security group ' + group.name + "(" + group.id + ")" + num_instances + " (use --force to override)"
else:
print 'Deleting security group ' + group.name + "(" + group.id + ")" + num_instances
ec2.delete_security_group(name=args.name, group_id=args.id)
except boto.exception.BotoServerError, e:
print e.error_message
print vpcCon.delete_internet_gateway(i.id)
# get_all_security_groups
print "get_all_security_groups"
import boto.ec2
print "begin delete security group"
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id= aws_access_key, aws_secret_access_key =aws_secret_key)
sgroup = ec2.get_all_security_groups()
for i in sgroup:
print i.id
print i.name
if i.name != 'default':
try:
ec2.delete_security_group(i.id)
except Exception, e:
pass
print "peering_connections"
orgtab = vpcCon.get_all_vpc_peering_connections()
for i in orgtab:
print i.id
print vpcCon.delete_vpc_peering_connection(i.id)
#print "route"
print "route table"
orgtab = vpcCon.get_all_route_tables()
for i in orgtab:
print i.id
print vpcCon.delete_route_table(i.id)
enis = ec2.get_all_network_interfaces()
for eni in enis:
for eni_grp in eni.groups:
if eni_grp.name not in groups_in_use:
groups_in_use.append(eni_grp.name)
delete_candidates = []
for group in allgroups:
if group not in groups_in_use and not group.startswith('AWS-OpsWorks-'):
delete_candidates.append(group)
if args.delete:
print "We will now delete security groups identified to not be in use."
for group in delete_candidates:
ec2.delete_security_group(group)
else:
print "The list of security groups to be removed is below."
print "Run this again with `-d` to remove them"
#pp.pprint(sorted(delete_candidates))
for group in sorted(delete_candidates):
print " " + group
print "---------------"
print "Activity Report"
print "---------------"
print "Total number of Security Groups evaluated: %d" % (len(groups_in_use))
print "Total number of EC2 Instances evaluated: %d" % (len(reservations))
print "Total number of Load Balancers evaluated: %d" % (len(load_balancers))
print "Total number of RDS instances evaluated: %d" % (len(dbs))
enis = ec2.get_all_network_interfaces()
for eni in enis:
for eni_grp in eni.groups:
if eni_grp.name not in groups_in_use:
groups_in_use.append(eni_grp.name)
delete_candidates = []
for group in allgroups:
if group not in groups_in_use and not group.startswith('AWS-OpsWorks-'):
delete_candidates.append(group)
if args.delete:
print "We will now delete security groups identified to not be in use."
for group in delete_candidates:
ec2.delete_security_group(group)
else:
print "The list of security groups to be removed is below."
print "Run this again with `-d` to remove them"
#pp.pprint(sorted(delete_candidates))
for group in sorted(delete_candidates):
print " " + group
print "---------------"
print "Activity Report"
print "---------------"
print "Total number of Security Groups evaluated: %d" % (len(groups_in_use))
print "Total number of EC2 Instances evaluated: %d" % (len(reservations))
print "Total number of Load Balancers evaluated: %d" % (len(load_balancers))
print "Total number of RDS instances evaluated: %d" % (len(dbs))
