def get_vdcm_management_security_group(template, vpc, sg_name='vdcmmanagementsecuritygroup', cidr=CISCO_CIDR): """Get a vdcm security group containing the vdcm rules for management :param name: unique name of the security group. :param template: the template to add this subnet too. :param vpc: the vpc to add this subnet too. :param cidr: the cidr to use to create this security group rule. Defaults to the CISCO_CIDR. :return: security_group """ sg = SecurityGroup(sg_name, template=template) sg.Tags = Tags(Name=aws_name(sg.title)) sg.GroupDescription = 'vdcm security group for management' sg.VpcId = Ref(vpc) rules = Rules() rs = [ rules.ssh, rules.http, rules.https, rules.influxdb, rules.vnc, rules.rest, rules.graphana, rules.all_icmp, rules.abr2ts ] if cidr: rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs] rs.append(rules.all_sn) sg.SecurityGroupIngress = rs return sg
def get_private_security_group(template, vpc, cidr, desc): """Get a security group containing the rules to allow all protocol on all ports from "CIDR-subnet". only to be used behind bastion :param template: the template to add this subnet too. :param vpc: the vpc to add this subnet too. :return: security_goup """ sg = SecurityGroup('{}securitygroup'.format(desc), template=template) sg.Tags = Tags(Name=aws_name(sg.title)) sg.GroupDescription = 'security group for {} subnet'.format(desc) sg.VpcId = Ref(vpc) rules = Rules() rs = [rules.all] if cidr: rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs] sg.SecurityGroupIngress = rs return sg
def get_vdcm_video_security_group(template, vpc, cidr=None): """Get a vdcm security group containing the default vdcm rules for video. :param template: the template to add this subnet too. :param vpc: the vpc to add this subnet too. :param cidr: the cidr to use to create this security group rule. :return: security_goup """ sg = SecurityGroup('vdcmvideosecuritygroup', template=template) sg.Tags = Tags(Name=aws_name(sg.title)) sg.GroupDescription = 'vdcm security group for video' sg.VpcId = Ref(vpc) rules = Rules() rs = [rules.all_udp, rules.all_icmp, rules.all_sn] if cidr: rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs] sg.SecurityGroupIngress = rs return sg
def get_http_security_group(template, vpc, sg_name='httpsecuritygroup', cidr=ALL_CISCO_CIDRS): """Get a securty group that fits for plain http""" sg = SecurityGroup(title=sg_name, template=template) sg.Tags = Tags(Name=aws_name(sg.title)) sg.GroupDescription = 'security group for http' sg.VpcId = Ref(vpc) rules = Rules() rs = [rules.http] if cidr: if not isinstance(cidr, list): cidr = [cidr] rs = [ rules.override_cidr(rule=r, cidr=cidr_item) for r in rs for cidr_item in cidr ] sg.SecurityGroupIngress = rs return sg
def get_elb_security_group(template, vpc, sg_name='elbsecuritygroup', cidr="10.0.0.0/16"): """Get elb security group containing the elb rules for management :param template: the template to add this subnet too. :param vpc: the vpc to add this subnet too. :param cidr: the cidr to use to create this security group rule. Defaults to the CISCO_CIDR. :return: security_group """ sg = SecurityGroup(sg_name, template=template) sg.Tags = Tags(Name=aws_name(sg.title)) sg.GroupDescription = 'security group for elb' sg.VpcId = Ref(vpc) rules = Rules() rs = [rules.rest, rules.https] if cidr: rs = [rules.override_cidr(rule=r, cidr=cidr) for r in rs] sg.SecurityGroupIngress = rs return sg