[python]Creating security group and inbound rule

This is the extension of Functions of aws automation.I have added some methods to create security groups and apply rules.

In addition to the functions/methods describe here, I have created 4 more methods to accomplish these:

  • Security group creation
  • Inbound rule creation to the security group.

    Demonstration

    create_security_group method
    This method create a security group which allows me to do inbound and outbound rules.

    def create_security_group(client, group_name, description, vpc_id):
        return client.create_security_group(GroupName=group_name, Description=description, VpcId=vpc_id)
    

    cidrip_list_collector method
    This method gets the list of ip address or subnet from user’s input, the user needs to specify the number of source addresses that are expected. The return result is type list.

    def cidrip_list_collector():
        results = []
        process_results = []
        stop = int(input("How many source ip address you want"))
        print("Press enter with empty response to quit.")
        for i in range(0,stop):
            ip = input("Source address:")
            if ip is not "":
                try:
                    ip_network(ip)
                    results.append(ip)
                except ValueError as e:
                    print(e)
            else:
                break
        # collecting the dictionary / dictionaries in a list
        for result in results:
            results_dict = {'CidrIp': result}
            process_results.append(results_dict)
        return process_results
    

    rule_form method
    This method gets these information from user:

    • protocol type either tcp or udp
    • port range, if it is only one port then the start and end ports are the same number. The port is integer type, hence need to use int() so that the list is converted from string to integer.
    • source ip range.This is a list of dictionary or dictionaries of ip addresses.

    The return type is list.

    def rule_form():
        port_list = []
        protocol_response = input("Protocol (tcp/udp)?:")
        if protocol_response.lower() == 'tcp':
            protocol = protocol_response.lower()
        elif protocol_response.lower() == 'udp':
            protocol = protocol_response.lower()
        else:
            print("Invalid choice, this field cannot be empty, hence default to tcp")
            protocol = 'tcp'
        port_range_response = input("Enter your port range, if only one port example 80, write 80,80, \r\n"
                                    "if it is a range like 90-100 write 90,100:").split(',')
        for index in port_range_response:
            port_list.append(index)
        ip_ranges_list = cidrip_list_collector()
        return [
            {
                'IpProtocol': protocol,
                'FromPort': int(port_list[0]),
                'ToPort': int(port_list[1]),
                'IpRanges': ip_ranges_list
            }
        ]
    

    create_inbound_rule method
    This method calls boto3’s authorize_security_group_ingress method.

    Test codes

    if __name__ == '__main__':
        ec2 = get_client('ec2')
        """:type : pyboto3.ec2"""
        vpc_ids = get_attribute_from_vpc('VpcId', ec2.describe_vpcs(Filters=filter)['Vpcs'])
        vpc_ids_menu = resource_menu(vpc_ids)
        while True:
            print(vpc_ids_menu)
            vpc_ids_choice = int(input("Choose a VPC:"))
            if vpc_ids_choice not in vpc_ids_menu.keys():
                print("Invalid choice")
                break
            else:
                if(input("Do you want to create security group?:").lower()) == 'y':
                    group_name = input("Security Group name?:")
                    description = input("Description:")
                    create_sc_response = create_security_group(ec2, group_name, description, vpc_ids_menu[vpc_ids_choice])
                    print("The security group {} is created for {}".format(create_sc_response['GroupId'],
                                                                           vpc_ids_menu[vpc_ids_choice]))
                    create_inbound_rule_response = create_inbound_rule(ec2, create_sc_response['GroupId'], rule_form())
                    print("Security group {} is updated with inbound rule.".format(create_sc_response['GroupId']))
                else:
                    print("Bye..")
                break
    

    A note about is and ==
    == comparison of its value whereas “is” comparison if two objects from the same instance if they are then the boolean is true.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s