Python SecurityGroup.Tags Examples

Example #1

File: security.py Project: yarlevi/pyaws

def get_vdcm_management_security_group(template,
                                       vpc,
                                       sg_name='vdcmmanagementsecuritygroup',
                                       cidr=CISCO_CIDR):
    """Get a vdcm security group containing the vdcm rules for management

    :param name: unique name of the security group.
    :param template: the template to add this subnet too.
    :param vpc: the vpc to add this subnet too.
    :param cidr: the cidr to use to create this security group rule. Defaults to the CISCO_CIDR.
    :return: security_group
    """
    sg = SecurityGroup(sg_name, template=template)
    sg.Tags = Tags(Name=aws_name(sg.title))
    sg.GroupDescription = 'vdcm security group for management'
    sg.VpcId = Ref(vpc)

    rules = Rules()
    rs = [
        rules.ssh, rules.http, rules.https, rules.influxdb, rules.vnc,
        rules.rest, rules.graphana, rules.all_icmp, rules.abr2ts
    ]
    if cidr:
        rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs]

    rs.append(rules.all_sn)

    sg.SecurityGroupIngress = rs

    return sg

Example #2

File: generator.py Project: matthewbga/blargotron

def generate_env_template(app_env, env_dict):
    sg_name = env_dict['sg_name']
    vpc_id = 'vpc-a1d187c4'  # query for this!
    logger.debug('generating template for %s' % vpc_id)
    
    t = Template()
    t.add_version('2010-09-09')
    t.add_description('env template for %s' % app_env)
    app_sg = SecurityGroup('TestAppSecurityGroup')
    app_sg.VpcId = vpc_id
    app_sg.GroupDescription = 'testing'
    app_sg.Tags = name_tag(sg_name)
    t.add_resource(app_sg)
    return t.to_json()

Example #3

File: security.py Project: yarlevi/pyaws

def get_private_security_group(template, vpc, cidr, desc):
    """Get a security group containing the rules to allow all protocol on all ports from "CIDR-subnet".
    only to be used behind bastion

    :param template: the template to add this subnet too.
    :param vpc: the vpc to add this subnet too.
    :return: security_goup
    """
    sg = SecurityGroup('{}securitygroup'.format(desc), template=template)
    sg.Tags = Tags(Name=aws_name(sg.title))
    sg.GroupDescription = 'security group for {} subnet'.format(desc)
    sg.VpcId = Ref(vpc)
    rules = Rules()
    rs = [rules.all]
    if cidr:
        rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs]
    sg.SecurityGroupIngress = rs
    return sg

Example #4

File: security.py Project: yarlevi/pyaws

def get_vdcm_video_security_group(template, vpc, cidr=None):
    """Get a vdcm security group containing the default vdcm rules for video.

    :param template: the template to add this subnet too.
    :param vpc: the vpc to add this subnet too.
    :param cidr: the cidr to use to create this security group rule.
    :return: security_goup
    """
    sg = SecurityGroup('vdcmvideosecuritygroup', template=template)
    sg.Tags = Tags(Name=aws_name(sg.title))
    sg.GroupDescription = 'vdcm security group for video'
    sg.VpcId = Ref(vpc)
    rules = Rules()
    rs = [rules.all_udp, rules.all_icmp, rules.all_sn]
    if cidr:
        rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs]

    sg.SecurityGroupIngress = rs
    return sg

Example #5

File: security.py Project: yarlevi/pyaws

def get_http_security_group(template,
                            vpc,
                            sg_name='httpsecuritygroup',
                            cidr=ALL_CISCO_CIDRS):
    """Get a securty group that fits for plain http"""
    sg = SecurityGroup(title=sg_name, template=template)
    sg.Tags = Tags(Name=aws_name(sg.title))
    sg.GroupDescription = 'security group for http'
    sg.VpcId = Ref(vpc)
    rules = Rules()
    rs = [rules.http]
    if cidr:
        if not isinstance(cidr, list):
            cidr = [cidr]
        rs = [
            rules.override_cidr(rule=r, cidr=cidr_item) for r in rs
            for cidr_item in cidr
        ]

    sg.SecurityGroupIngress = rs

    return sg

Example #6

File: security.py Project: yarlevi/pyaws

def get_elb_security_group(template,
                           vpc,
                           sg_name='elbsecuritygroup',
                           cidr="10.0.0.0/16"):
    """Get elb security group containing the elb rules for management

    :param template: the template to add this subnet too.
    :param vpc: the vpc to add this subnet too.
    :param cidr: the cidr to use to create this security group rule. Defaults to the CISCO_CIDR.
    :return: security_group
    """
    sg = SecurityGroup(sg_name, template=template)
    sg.Tags = Tags(Name=aws_name(sg.title))
    sg.GroupDescription = 'security group for elb'
    sg.VpcId = Ref(vpc)

    rules = Rules()
    rs = [rules.rest, rules.https]
    if cidr:
        rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs]
    sg.SecurityGroupIngress = rs
    return sg

Example #7

File: final-project.py Project: cfortier2/cs90-final

    rta.SubnetId = Ref(sub)
    t.add_resource(rta)
    route_table_associations.append(rta)

# security group addresses
# list of tuples
# [('cidr block', 'cloudformation resource name')]
home_egress_ips = [
    ('68.193.66.133/32', 'home')
        ]

# security groups
home_ssh = SecurityGroup(config['name'] + 'homeSsh')
home_ssh.GroupDescription = 'home SSH in'
home_ssh.VpcId = Ref(vpc)
home_ssh.Tags = Tags(Name = config['name'] + '-home-ssh')
t.add_resource(home_ssh)

consul_sg = SecurityGroup('consul')
consul_sg.GroupDescription = 'consul cluster'
consul_sg.VpcId = Ref(vpc)
consul_sg.Tags = Tags(Name = config['name'] + '-consul')
t.add_resource(consul_sg)

# consul ports
consul_ports = [
        8300,
        8301,
        8302,
        8400,
        8500,