This is the extension of Functions of aws automation.I have added some methods to create security groups and apply rules.
In addition to the functions/methods describe here, I have created 4 more methods to accomplish these:
- Security group creation
- Inbound rule creation to the security group.
Demonstration
create_security_group method
This method create a security group which allows me to do inbound and outbound rules.def create_security_group(client, group_name, description, vpc_id): return client.create_security_group(GroupName=group_name, Description=description, VpcId=vpc_id)cidrip_list_collector method
This method gets the list of ip address or subnet from user’s input, the user needs to specify the number of source addresses that are expected. The return result is type list.def cidrip_list_collector(): results = [] process_results = [] stop = int(input("How many source ip address you want")) print("Press enter with empty response to quit.") for i in range(0,stop): ip = input("Source address:") if ip is not "": try: ip_network(ip) results.append(ip) except ValueError as e: print(e) else: break # collecting the dictionary / dictionaries in a list for result in results: results_dict = {'CidrIp': result} process_results.append(results_dict) return process_resultsrule_form method
This method gets these information from user:- protocol type either tcp or udp
- port range, if it is only one port then the start and end ports are the same number. The port is integer type, hence need to use
int()so that the list is converted from string to integer. - source ip range.This is a list of dictionary or dictionaries of ip addresses.
The return type is list.
def rule_form(): port_list = [] protocol_response = input("Protocol (tcp/udp)?:") if protocol_response.lower() == 'tcp': protocol = protocol_response.lower() elif protocol_response.lower() == 'udp': protocol = protocol_response.lower() else: print("Invalid choice, this field cannot be empty, hence default to tcp") protocol = 'tcp' port_range_response = input("Enter your port range, if only one port example 80, write 80,80, \r\n" "if it is a range like 90-100 write 90,100:").split(',') for index in port_range_response: port_list.append(index) ip_ranges_list = cidrip_list_collector() return [ { 'IpProtocol': protocol, 'FromPort': int(port_list[0]), 'ToPort': int(port_list[1]), 'IpRanges': ip_ranges_list } ]create_inbound_rule method
This method calls boto3’s authorize_security_group_ingress method.Test codes
if __name__ == '__main__': ec2 = get_client('ec2') """:type : pyboto3.ec2""" vpc_ids = get_attribute_from_vpc('VpcId', ec2.describe_vpcs(Filters=filter)['Vpcs']) vpc_ids_menu = resource_menu(vpc_ids) while True: print(vpc_ids_menu) vpc_ids_choice = int(input("Choose a VPC:")) if vpc_ids_choice not in vpc_ids_menu.keys(): print("Invalid choice") break else: if(input("Do you want to create security group?:").lower()) == 'y': group_name = input("Security Group name?:") description = input("Description:") create_sc_response = create_security_group(ec2, group_name, description, vpc_ids_menu[vpc_ids_choice]) print("The security group {} is created for {}".format(create_sc_response['GroupId'], vpc_ids_menu[vpc_ids_choice])) create_inbound_rule_response = create_inbound_rule(ec2, create_sc_response['GroupId'], rule_form()) print("Security group {} is updated with inbound rule.".format(create_sc_response['GroupId'])) else: print("Bye..") breakA note about is and ==
==comparison of its value whereas “is” comparison if two objects from the same instance if they are then the boolean is true.
cyruslab 