// SGStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch
// a security group.
func SGStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc {
	return func() (interface{}, string, error) {
		req := &ec2.DescribeSecurityGroupsInput{
			GroupIds: []*string{aws.String(id)},
		}
		resp, err := conn.DescribeSecurityGroups(req)
		if err != nil {
			if ec2err, ok := err.(awserr.Error); ok {
				if ec2err.Code() == "InvalidSecurityGroupID.NotFound" ||
					ec2err.Code() == "InvalidGroup.NotFound" {
					resp = nil
					err = nil
				}
			}

			if err != nil {
				log.Printf("Error on SGStateRefresh: %s", err)
				return nil, "", err
			}
		}

		if resp == nil {
			return nil, "", nil
		}

		group := resp.SecurityGroups[0]
		return group, "exists", nil
	}
}
Ejemplo n.º 2
0
func getSecurityGroupIds(c *ec2.EC2, config *Config, secgroups []string) []*string {

	//secgroups := make([]*string,0)
	secgroupids := make([]*string, 0)
	for i := range secgroups {
		filters := make([]*ec2.Filter, 0)

		keyname := "group-name"
		keyname2 := "vpc-id"
		filter := ec2.Filter{
			Name: &keyname, Values: []*string{&secgroups[i]}}
		filter2 := ec2.Filter{
			Name: &keyname2, Values: []*string{&config.VpcId}}
		filters = append(filters, &filter)
		filters = append(filters, &filter2)

		//fmt.Println("Filters ", filters)

		dsgi := &ec2.DescribeSecurityGroupsInput{Filters: filters}
		dsgo, err := c.DescribeSecurityGroups(dsgi)
		if err != nil {
			fmt.Println("Describe security groups failed.")
			panic(err)
		}

		for i := range dsgo.SecurityGroups {
			secgroupids = append(secgroupids, dsgo.SecurityGroups[i].GroupId)
		}

	}

	//fmt.Println("Security Groups!", secgroupids)
	return secgroupids

}
Ejemplo n.º 3
0
func getSecurityGroupIdsByVPC(c *ec2.EC2, vpcid string) []*string {
	secgroupids := make([]*string, 0)
	filters := make([]*ec2.Filter, 0)
	keyname := "vpc-id"
	filter := ec2.Filter{
		Name: &keyname, Values: []*string{&vpcid}}
	filters = append(filters, &filter)

	dsgi := &ec2.DescribeSecurityGroupsInput{Filters: filters}
	dsgo, err := c.DescribeSecurityGroups(dsgi)
	if err != nil {
		fmt.Println("Describe security groups failed.")
		panic(err)
	}

	for i := range dsgo.SecurityGroups {
		if *dsgo.SecurityGroups[i].GroupName == "default" {
			continue
		} else {
			secgroupids = append(secgroupids, dsgo.SecurityGroups[i].GroupId)
		}
	}

	return secgroupids

}
Ejemplo n.º 4
0
// Get all security groups from the environment
func getAllSecurityGroups(ec2client *ec2.EC2) ([]*ec2.SecurityGroup, error) {
	//Connect to aws and attempt to get all security groups
	dsgResp, err := ec2client.DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{})

	// If we got an error while gathering all of the groups, return it.
	if err != nil {
		return []*ec2.SecurityGroup{}, err
	}

	return dsgResp.SecurityGroups, nil
}
Ejemplo n.º 5
0
func WaitUntilSecurityGroupExists(c *ec2.EC2, input *ec2.DescribeSecurityGroupsInput) error {
	for i := 0; i < 40; i++ {
		_, err := c.DescribeSecurityGroups(input)
		if err != nil {
			log.Printf("[DEBUG] Error querying security group %v: %s", input.GroupIds, err)
			time.Sleep(15 * time.Second)
			continue
		}
		return nil
	}
	return fmt.Errorf("timed out")
}
Ejemplo n.º 6
0
// EC2 functions that should be libraried
func resolveSg(secGroup string, client *ec2.EC2) string {
	// takes sg-xxxxxxx and client, then returns the name of the security group
	resp, err := client.DescribeSecurityGroups(nil)
	utils.HandleErr(err)
	for x := 0; x < len(resp.SecurityGroups); x++ {
		if *resp.SecurityGroups[x].GroupID == secGroup {
			secGroup = *resp.SecurityGroups[x].GroupName
			break
		}
	}
	return secGroup
}
Ejemplo n.º 7
0
func processSecurityGroups(svc *ec2.EC2, pageSize int64, apply func([]*string)) {
	securityGroups, err := svc.DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{})

	kingpin.FatalIfError(err, "Could not retrieve EC2 security groups")

	var sgIds []*string
	for _, sg := range securityGroups.SecurityGroups {
		sgIds = append(sgIds, sg.GroupId)
	}

	apply(sgIds)
}
func findResourceSecurityGroup(conn *ec2.EC2, id string) (*ec2.SecurityGroup, error) {
	req := &ec2.DescribeSecurityGroupsInput{
		GroupIDs: []*string{aws.String(id)},
	}
	resp, err := conn.DescribeSecurityGroups(req)
	if err != nil {
		return nil, err
	}
	if resp == nil || len(resp.SecurityGroups) != 1 || resp.SecurityGroups[0] == nil {
		return nil, fmt.Errorf(
			"Expected to find one security group with ID %q, got: %#v",
			id, resp.SecurityGroups)
	}

	return resp.SecurityGroups[0], nil
}
Ejemplo n.º 9
0
//func describeSecurityGroups(svc *ec2.EC2, groupId []*ec2.GroupIdentifier) {
func describeSecurityGroups(svc *ec2.EC2, instance *Instance) {
	//groupId []*ec2.GroupIdentifier) {
	//func describeSecurityGroups(svc string, groupId []string) {
	//fmt.Printf("%+v\n", groupId)
	for _, sgGroupId := range instance.securityGroups {
		params := &ec2.DescribeSecurityGroupsInput{
			GroupIds: []*string{
				aws.String(*sgGroupId.GroupId),
			},
		}
		//resp, err := svc.DescribeSecurityGroups(params)
		resp, err := svc.DescribeSecurityGroups(params)
		if err != nil {
			panic(err)
		}
		//fmt.Printf("%+v\n", resp)
		for _, openPorts := range resp.SecurityGroups[0].IpPermissions {
			//openPort := OpenPort{Protocol: ports.Protocol, Port: ports.PortId, Type: ports.Service.Name}
			//instance.NmapOpenPorts = append(instance.NmapOpenPorts, openPort)
			//if openPorts.FromPort != nil {
			//	fmt.Println(*openPorts.FromPort)
			//}
			//if openPorts.ToPort != nil {
			//	fmt.Println(*openPorts.ToPort)
			//}
			//if openPorts.IpProtocol != nil {
			//	fmt.Println(*openPorts.IpProtocol)
			//}
			if openPorts.IpRanges != nil {
				//fmt.Println("Ranges open for ports ", *openPorts.FromPort, "to", *openPorts.ToPort)
				for _, ranges := range openPorts.IpRanges {
					if *ranges.CidrIp == "0.0.0.0/0" {
						fmt.Println("Found open SG, comparing...")
						var port int
						if openPorts.FromPort != nil {
							port = *openPorts.FromPort
						}
					}
					//fmt.Println(ranges)
				}
			}
			// compare

		}
	}
}
func findResourceSecurityGroup(conn *ec2.EC2, id string) (*ec2.SecurityGroup, error) {
	req := &ec2.DescribeSecurityGroupsInput{
		GroupIds: []*string{aws.String(id)},
	}
	resp, err := conn.DescribeSecurityGroups(req)
	if err, ok := err.(awserr.Error); ok && err.Code() == "InvalidGroup.NotFound" {
		return nil, securityGroupNotFound{id, nil}
	}
	if err != nil {
		return nil, err
	}
	if resp == nil {
		return nil, securityGroupNotFound{id, nil}
	}
	if len(resp.SecurityGroups) != 1 || resp.SecurityGroups[0] == nil {
		return nil, securityGroupNotFound{id, resp.SecurityGroups}
	}

	return resp.SecurityGroups[0], nil
}
Ejemplo n.º 11
0
func resourceAwsVpcSetDefaultSecurityGroup(conn *ec2.EC2, d *schema.ResourceData) error {
	filter1 := &ec2.Filter{
		Name:   aws.String("group-name"),
		Values: []*string{aws.String("default")},
	}
	filter2 := &ec2.Filter{
		Name:   aws.String("vpc-id"),
		Values: []*string{aws.String(d.Id())},
	}
	DescribeSgOpts := &ec2.DescribeSecurityGroupsInput{
		Filters: []*ec2.Filter{filter1, filter2},
	}
	securityGroupResp, err := conn.DescribeSecurityGroups(DescribeSgOpts)

	if err != nil {
		return err
	}
	if v := securityGroupResp.SecurityGroups; len(v) > 0 {
		d.Set("default_security_group_id", v[0].GroupID)
	}

	return nil
}