Esempio n. 1
1
// Sets up a security group based on it's ID.  Returns an error if it isn't able.
func setupSecurityGroup(name, desc, vpc string, ec2client *ec2.EC2) (string, error) {
	//Create the input struct with the appropriate settings, making sure to use the aws string pointer type
	sgReq := ec2.CreateSecurityGroupInput{
		GroupName:   aws.String(name),
		Description: aws.String(desc),
		VpcId:       aws.String(vpc),
	}

	//Attempt to create the security group
	sgResp, err := ec2client.CreateSecurityGroup(&sgReq)
	if err != nil {
		return "", err
	}

	authReq := ec2.AuthorizeSecurityGroupIngressInput{
		CidrIp:     aws.String("0.0.0.0/0"),
		FromPort:   aws.Int64(9443),
		ToPort:     aws.Int64(9443),
		IpProtocol: aws.String("tcp"),
		GroupId:    sgResp.GroupId,
	}
	_, err = ec2client.AuthorizeSecurityGroupIngress(&authReq)
	if err != nil {
		return "", err
	}

	return *sgResp.GroupId, nil
}
Esempio n. 2
0
func createSecurityGroups(c *ec2.EC2, config *Config) error {
	for j := range config.AllSecurityGroups {
		csgi := &ec2.CreateSecurityGroupInput{GroupName: &config.AllSecurityGroups[j].Name, VpcId: &config.VpcId, Description: &config.AllSecurityGroups[j].Name}
		csgo, err := c.CreateSecurityGroup(csgi)
		//fmt.Println(err)
		if err != nil {
			if !strings.Contains(fmt.Sprintf("%s", err), "InvalidGroup.Duplicate") {
				fmt.Println("Failed to create security group.")
				return err
			}
			continue
		}

		everywhere := "0.0.0.0/0"
		proto := "tcp"
		//var fromPort int64
		//fromPort = -1
		asgii := &ec2.AuthorizeSecurityGroupIngressInput{CidrIp: &everywhere, FromPort: &config.AllSecurityGroups[j].TcpPort, ToPort: &config.AllSecurityGroups[j].TcpPort, GroupId: csgo.GroupId, IpProtocol: &proto}
		_, err = c.AuthorizeSecurityGroupIngress(asgii)
		//fmt.Println("Adding security group", asgii)
		if err != nil {
			fmt.Println("Failed to add rule to security group: ", err)
			return err
		}
	}

	return nil

}