def create_rds_security_groups(db_identifier):
instance_sec_grp_name, database_sec_grp_name = get_rds_security_group_names(db_identifier)
# create the security group that we will then allow for the database
instance_sec_grp = create_security_group(instance_sec_grp_name,
instance_database_sec_group_description % db_identifier)
# construct the rule that will allow access from anything with the above security group
ingress_rule = create_sec_grp_rule_parameters_allowing_traffic_from_another_security_group(
POSTGRES_PORT,
instance_sec_grp["GroupId"]
)
# and create the new security group
create_security_group(database_sec_grp_name,
database_sec_group_description % instance_sec_grp_name,
list_of_dicts_of_ingress_kwargs=[ingress_rule])
def get_or_create_rabbit_mq_security_group(eb_environment_name):
rabbit_mq_sec_grp_name = construct_rabbit_mq_security_group_name(eb_environment_name)
# we assume that the group was created correctly, don't attempt to add rules if we find it
try:
return get_security_group_by_name(rabbit_mq_sec_grp_name)
except InvalidSecurityGroupNameException:
log.info("Did not find a security group named '%s,' creating it." % rabbit_mq_sec_grp_name)
instance_sec_grp_id = get_rds_security_groups_by_eb_name(eb_environment_name)["instance_sec_grp"]['GroupId']
ingress_params = create_sec_grp_rule_parameters_allowing_traffic_from_another_security_group(
tcp_port=RABBIT_MQ_PORT, sec_grp_id=instance_sec_grp_id
)
sec_grp = create_security_group(
rabbit_mq_sec_grp_name,
RABBIT_MQ_SEC_GRP_DESCRIPTION % instance_sec_grp_id,
list_of_dicts_of_ingress_kwargs=[ingress_params]
)
open_tcp_port(sec_grp['GroupId'], 22)
return get_security_group_by_id(sec_grp['GroupId'])
