def test_security_group_ingress_separate_from_security_group_by_id(): ec2 = boto3.client("ec2", region_name="us-west-1") sg_name = str(uuid4()) ec2.create_security_group(GroupName=sg_name, Description="test security group") sg_2 = str(uuid4())[0:6] template = { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "test-security-group2": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "test security group", "Tags": [{ "Key": "sg-name", "Value": sg_2 }], }, }, "test-sg-ingress": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupName": sg_name, "IpProtocol": "tcp", "FromPort": "80", "ToPort": "8080", "SourceSecurityGroupId": { "Ref": "test-security-group2" }, }, }, }, } template_json = json.dumps(template) cf = boto3.client("cloudformation", region_name="us-west-1") cf.create_stack(StackName=str(uuid4())[0:6], TemplateBody=template_json) security_group1 = ec2.describe_security_groups( GroupNames=[sg_name])["SecurityGroups"][0] security_group2 = get_secgroup_by_tag(ec2, sg_2) security_group1["IpPermissions"].should.have.length_of(1) security_group1["IpPermissions"][0][ "UserIdGroupPairs"].should.have.length_of(1) security_group1["IpPermissions"][0]["UserIdGroupPairs"][0][ "GroupId"].should.equal(security_group2["GroupId"]) security_group1["IpPermissions"][0]["IpProtocol"].should.equal("tcp") security_group1["IpPermissions"][0]["FromPort"].should.equal(80) security_group1["IpPermissions"][0]["ToPort"].should.equal(8080)
def get_secgroup_by_tag(ec2, sg_): return ec2.describe_security_groups(Filters=[{ "Name": "tag:sg-name", "Values": [sg_] }])["SecurityGroups"][0]
def test_vpc_single_instance_in_subnet(): template_json = json.dumps(vpc_single_instance_in_subnet.template) cf = boto3.client("cloudformation", region_name="us-west-1") stack_name = str(uuid4())[0:6] cf.create_stack( StackName=stack_name, TemplateBody=template_json, Parameters=[{ "ParameterKey": "KeyName", "ParameterValue": "my_key" }], ) ec2 = boto3.client("ec2", region_name="us-west-1") stack = cf.describe_stacks(StackName=stack_name)["Stacks"][0] resources = cf.list_stack_resources( StackName=stack_name)["StackResourceSummaries"] vpc_id = [ resource for resource in resources if resource["ResourceType"] == "AWS::EC2::VPC" ][0]["PhysicalResourceId"] vpc = ec2.describe_vpcs(VpcIds=[vpc_id])["Vpcs"][0] vpc["CidrBlock"].should.equal("10.0.0.0/16") vpc["Tags"].should.contain({ "Key": "Application", "Value": stack["StackId"] }) security_group = ec2.describe_security_groups( Filters=[{ "Name": "vpc-id", "Values": [vpc["VpcId"]] }])["SecurityGroups"][0] security_group["VpcId"].should.equal(vpc["VpcId"]) subnet_id = [ resource for resource in resources if resource["ResourceType"] == "AWS::EC2::Subnet" ][0]["PhysicalResourceId"] subnet = ec2.describe_subnets(SubnetIds=[subnet_id])["Subnets"][0] subnet["VpcId"].should.equal(vpc["VpcId"]) instance_id = [ resource for resource in resources if resource["ResourceType"] == "AWS::EC2::Instance" ][0]["PhysicalResourceId"] res = ec2.describe_instances(InstanceIds=[instance_id])["Reservations"][0] instance = res["Instances"][0] instance["Tags"].should.contain({"Key": "Foo", "Value": "Bar"}) eip_id = [ resource for resource in resources if resource["ResourceType"] == "AWS::EC2::EIP" ][0]["PhysicalResourceId"] eip = ec2.describe_addresses(PublicIps=[eip_id])["Addresses"][0] eip["Domain"].should.equal("vpc") eip["InstanceId"].should.equal(instance["InstanceId"])