def create_consul_sg(self):
     # see https://www.consul.io/docs/agent/options.html#ports-used
     ingress_rules = [net.sg_rule(self.vpc_cidr, port, net.TCP) for port in (53, (8300, 8302), 8400, 8500, 8600)] + [
         net.sg_rule(self.vpc_cidr, port, net.UDP) for port in ((8301, 8302), 8600)
     ]
     self.consul_sg = ec2.SecurityGroup(
         "ConsulAgentSecurityGroup",
         GroupDescription="Security group for Cosul Agents",
         SecurityGroupIngress=ingress_rules,
         VpcId=self.vpc_id,
         Tags=self.default_tags,
     )
     self.add_resource(self.consul_sg)
     self.output_ref("ConsulAgentSG", self.consul_sg)
 def create_ui_sg(self):
     ingress_rules = [net.sg_rule(net.CIDR_ANY, port, net.TCP) for port in [net.HTTP, net.HTTPS]] + [
         net.sg_rule(self.vpc_cidr, net.SSH, net.TCP)
     ]
     # egress_rules = []  # TODO: egress should only talk to private subnets over specified ports,
     #                            and to everyone over ephemeral ports
     sg = ec2.SecurityGroup(
         "ConsulUISecurityGroup",
         GroupDescription="Consul UI Server Security Group",
         SecurityGroupIngress=ingress_rules,
         VpcId=self.vpc_id,
         Tags=self.default_tags,
     )
     self.add_resource(sg)
     return sg
示例#3
0
 def create_nat_sg(self):
     rules = [net.sg_rule(self.vpc_cidr, net.ANY_PORT, net.ANY_PROTOCOL)]
     sg = ec2.SecurityGroup('NATSecurityGroup',
                            GroupDescription='NAT Instance Security Group',
                            SecurityGroupIngress=rules,
                            VpcId=self.vpc_id,
                            Tags=self.default_tags)
     self.add_resource(sg)
     return sg
示例#4
0
 def create_bastion_sg(self):
     rules = [net.sg_rule(net.CIDR_ANY, net.SSH, net.TCP)]
     sg = ec2.SecurityGroup('BastionSecurityGroup',
                            GroupDescription='Bastion Instance Security Group',
                            SecurityGroupIngress=rules,
                            VpcId=self.vpc_id,
                            Tags=self.default_tags)
     self.add_resource(sg)
     return sg
    def create_server_sg(self):
        rules = [net.sg_rule(self.vpc_cidr, net.SSH, net.TCP)]

        sg = ec2.SecurityGroup(
            "ConsulServerSecurityGroup",
            GroupDescription="Consul Server Instance Security Group",
            SecurityGroupIngress=rules,
            VpcId=self.vpc_id,
            Tags=self.default_tags,
        )
        self.add_resource(sg)
        return sg