def get_vdcm_management_security_group(template, vpc, sg_name='vdcmmanagementsecuritygroup', cidr=CISCO_CIDR): """Get a vdcm security group containing the vdcm rules for management :param name: unique name of the security group. :param template: the template to add this subnet too. :param vpc: the vpc to add this subnet too. :param cidr: the cidr to use to create this security group rule. Defaults to the CISCO_CIDR. :return: security_group """ sg = SecurityGroup(sg_name, template=template) sg.Tags = Tags(Name=aws_name(sg.title)) sg.GroupDescription = 'vdcm security group for management' sg.VpcId = Ref(vpc) rules = Rules() rs = [ rules.ssh, rules.http, rules.https, rules.influxdb, rules.vnc, rules.rest, rules.graphana, rules.all_icmp, rules.abr2ts ] if cidr: rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs] rs.append(rules.all_sn) sg.SecurityGroupIngress = rs return sg
def generate_env_template(app_env, env_dict): sg_name = env_dict['sg_name'] vpc_id = 'vpc-a1d187c4' # query for this! logger.debug('generating template for %s' % vpc_id) t = Template() t.add_version('2010-09-09') t.add_description('env template for %s' % app_env) app_sg = SecurityGroup('TestAppSecurityGroup') app_sg.VpcId = vpc_id app_sg.GroupDescription = 'testing' app_sg.Tags = name_tag(sg_name) t.add_resource(app_sg) return t.to_json()
def get_private_security_group(template, vpc, cidr, desc): """Get a security group containing the rules to allow all protocol on all ports from "CIDR-subnet". only to be used behind bastion :param template: the template to add this subnet too. :param vpc: the vpc to add this subnet too. :return: security_goup """ sg = SecurityGroup('{}securitygroup'.format(desc), template=template) sg.Tags = Tags(Name=aws_name(sg.title)) sg.GroupDescription = 'security group for {} subnet'.format(desc) sg.VpcId = Ref(vpc) rules = Rules() rs = [rules.all] if cidr: rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs] sg.SecurityGroupIngress = rs return sg
def get_vdcm_video_security_group(template, vpc, cidr=None): """Get a vdcm security group containing the default vdcm rules for video. :param template: the template to add this subnet too. :param vpc: the vpc to add this subnet too. :param cidr: the cidr to use to create this security group rule. :return: security_goup """ sg = SecurityGroup('vdcmvideosecuritygroup', template=template) sg.Tags = Tags(Name=aws_name(sg.title)) sg.GroupDescription = 'vdcm security group for video' sg.VpcId = Ref(vpc) rules = Rules() rs = [rules.all_udp, rules.all_icmp, rules.all_sn] if cidr: rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs] sg.SecurityGroupIngress = rs return sg
def get_http_security_group(template, vpc, sg_name='httpsecuritygroup', cidr=ALL_CISCO_CIDRS): """Get a securty group that fits for plain http""" sg = SecurityGroup(title=sg_name, template=template) sg.Tags = Tags(Name=aws_name(sg.title)) sg.GroupDescription = 'security group for http' sg.VpcId = Ref(vpc) rules = Rules() rs = [rules.http] if cidr: if not isinstance(cidr, list): cidr = [cidr] rs = [ rules.override_cidr(rule=r, cidr=cidr_item) for r in rs for cidr_item in cidr ] sg.SecurityGroupIngress = rs return sg
def get_elb_security_group(template, vpc, sg_name='elbsecuritygroup', cidr="10.0.0.0/16"): """Get elb security group containing the elb rules for management :param template: the template to add this subnet too. :param vpc: the vpc to add this subnet too. :param cidr: the cidr to use to create this security group rule. Defaults to the CISCO_CIDR. :return: security_group """ sg = SecurityGroup(sg_name, template=template) sg.Tags = Tags(Name=aws_name(sg.title)) sg.GroupDescription = 'security group for elb' sg.VpcId = Ref(vpc) rules = Rules() rs = [rules.rest, rules.https] if cidr: rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs] sg.SecurityGroupIngress = rs return sg
rta.RouteTableId = Ref(route_table) rta.SubnetId = Ref(sub) t.add_resource(rta) route_table_associations.append(rta) # security group addresses # list of tuples # [('cidr block', 'cloudformation resource name')] home_egress_ips = [ ('68.193.66.133/32', 'home') ] # security groups home_ssh = SecurityGroup(config['name'] + 'homeSsh') home_ssh.GroupDescription = 'home SSH in' home_ssh.VpcId = Ref(vpc) home_ssh.Tags = Tags(Name = config['name'] + '-home-ssh') t.add_resource(home_ssh) consul_sg = SecurityGroup('consul') consul_sg.GroupDescription = 'consul cluster' consul_sg.VpcId = Ref(vpc) consul_sg.Tags = Tags(Name = config['name'] + '-consul') t.add_resource(consul_sg) # consul ports consul_ports = [ 8300, 8301, 8302, 8400,