def create_rds_security_groups(db_identifier): instance_sec_grp_name, database_sec_grp_name = get_rds_security_group_names(db_identifier) # create the security group that we will then allow for the database instance_sec_grp = create_security_group(instance_sec_grp_name, instance_database_sec_group_description % db_identifier) # construct the rule that will allow access from anything with the above security group ingress_rule = create_sec_grp_rule_parameters_allowing_traffic_from_another_security_group( POSTGRES_PORT, instance_sec_grp["GroupId"] ) # and create the new security group create_security_group(database_sec_grp_name, database_sec_group_description % instance_sec_grp_name, list_of_dicts_of_ingress_kwargs=[ingress_rule])
def get_or_create_rabbit_mq_security_group(eb_environment_name): rabbit_mq_sec_grp_name = construct_rabbit_mq_security_group_name(eb_environment_name) # we assume that the group was created correctly, don't attempt to add rules if we find it try: return get_security_group_by_name(rabbit_mq_sec_grp_name) except InvalidSecurityGroupNameException: log.info("Did not find a security group named '%s,' creating it." % rabbit_mq_sec_grp_name) instance_sec_grp_id = get_rds_security_groups_by_eb_name(eb_environment_name)["instance_sec_grp"]['GroupId'] ingress_params = create_sec_grp_rule_parameters_allowing_traffic_from_another_security_group( tcp_port=RABBIT_MQ_PORT, sec_grp_id=instance_sec_grp_id ) sec_grp = create_security_group( rabbit_mq_sec_grp_name, RABBIT_MQ_SEC_GRP_DESCRIPTION % instance_sec_grp_id, list_of_dicts_of_ingress_kwargs=[ingress_params] ) open_tcp_port(sec_grp['GroupId'], 22) return get_security_group_by_id(sec_grp['GroupId'])