def test_security_group_ingress_separate_from_security_group_by_id():
ec2 = boto3.client("ec2", region_name="us-west-1")
sg_name = str(uuid4())
ec2.create_security_group(GroupName=sg_name,
Description="test security group")
sg_2 = str(uuid4())[0:6]
template = {
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"test-security-group2": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "test security group",
"Tags": [{
"Key": "sg-name",
"Value": sg_2
}],
},
},
"test-sg-ingress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupName": sg_name,
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "8080",
"SourceSecurityGroupId": {
"Ref": "test-security-group2"
},
},
},
},
}
template_json = json.dumps(template)
cf = boto3.client("cloudformation", region_name="us-west-1")
cf.create_stack(StackName=str(uuid4())[0:6], TemplateBody=template_json)
security_group1 = ec2.describe_security_groups(
GroupNames=[sg_name])["SecurityGroups"][0]
security_group2 = get_secgroup_by_tag(ec2, sg_2)
security_group1["IpPermissions"].should.have.length_of(1)
security_group1["IpPermissions"][0][
"UserIdGroupPairs"].should.have.length_of(1)
security_group1["IpPermissions"][0]["UserIdGroupPairs"][0][
"GroupId"].should.equal(security_group2["GroupId"])
security_group1["IpPermissions"][0]["IpProtocol"].should.equal("tcp")
security_group1["IpPermissions"][0]["FromPort"].should.equal(80)
security_group1["IpPermissions"][0]["ToPort"].should.equal(8080)
def get_secgroup_by_tag(ec2, sg_):
return ec2.describe_security_groups(Filters=[{
"Name": "tag:sg-name",
"Values": [sg_]
}])["SecurityGroups"][0]
def test_vpc_single_instance_in_subnet():
template_json = json.dumps(vpc_single_instance_in_subnet.template)
cf = boto3.client("cloudformation", region_name="us-west-1")
stack_name = str(uuid4())[0:6]
cf.create_stack(
StackName=stack_name,
TemplateBody=template_json,
Parameters=[{
"ParameterKey": "KeyName",
"ParameterValue": "my_key"
}],
)
ec2 = boto3.client("ec2", region_name="us-west-1")
stack = cf.describe_stacks(StackName=stack_name)["Stacks"][0]
resources = cf.list_stack_resources(
StackName=stack_name)["StackResourceSummaries"]
vpc_id = [
resource for resource in resources
if resource["ResourceType"] == "AWS::EC2::VPC"
][0]["PhysicalResourceId"]
vpc = ec2.describe_vpcs(VpcIds=[vpc_id])["Vpcs"][0]
vpc["CidrBlock"].should.equal("10.0.0.0/16")
vpc["Tags"].should.contain({
"Key": "Application",
"Value": stack["StackId"]
})
security_group = ec2.describe_security_groups(
Filters=[{
"Name": "vpc-id",
"Values": [vpc["VpcId"]]
}])["SecurityGroups"][0]
security_group["VpcId"].should.equal(vpc["VpcId"])
subnet_id = [
resource for resource in resources
if resource["ResourceType"] == "AWS::EC2::Subnet"
][0]["PhysicalResourceId"]
subnet = ec2.describe_subnets(SubnetIds=[subnet_id])["Subnets"][0]
subnet["VpcId"].should.equal(vpc["VpcId"])
instance_id = [
resource for resource in resources
if resource["ResourceType"] == "AWS::EC2::Instance"
][0]["PhysicalResourceId"]
res = ec2.describe_instances(InstanceIds=[instance_id])["Reservations"][0]
instance = res["Instances"][0]
instance["Tags"].should.contain({"Key": "Foo", "Value": "Bar"})
eip_id = [
resource for resource in resources
if resource["ResourceType"] == "AWS::EC2::EIP"
][0]["PhysicalResourceId"]
eip = ec2.describe_addresses(PublicIps=[eip_id])["Addresses"][0]
eip["Domain"].should.equal("vpc")
eip["InstanceId"].should.equal(instance["InstanceId"])