// Sets up a security group based on it's ID. Returns an error if it isn't able.
func setupSecurityGroup(name, desc, vpc string, ec2client *ec2.EC2) (string, error) {
//Create the input struct with the appropriate settings, making sure to use the aws string pointer type
sgReq := ec2.CreateSecurityGroupInput{
GroupName: aws.String(name),
Description: aws.String(desc),
VpcId: aws.String(vpc),
}
//Attempt to create the security group
sgResp, err := ec2client.CreateSecurityGroup(&sgReq)
if err != nil {
return "", err
}
authReq := ec2.AuthorizeSecurityGroupIngressInput{
CidrIp: aws.String("0.0.0.0/0"),
FromPort: aws.Int64(9443),
ToPort: aws.Int64(9443),
IpProtocol: aws.String("tcp"),
GroupId: sgResp.GroupId,
}
_, err = ec2client.AuthorizeSecurityGroupIngress(&authReq)
if err != nil {
return "", err
}
return *sgResp.GroupId, nil
}
func createSecurityGroups(c *ec2.EC2, config *Config) error {
for j := range config.AllSecurityGroups {
csgi := &ec2.CreateSecurityGroupInput{GroupName: &config.AllSecurityGroups[j].Name, VpcId: &config.VpcId, Description: &config.AllSecurityGroups[j].Name}
csgo, err := c.CreateSecurityGroup(csgi)
//fmt.Println(err)
if err != nil {
if !strings.Contains(fmt.Sprintf("%s", err), "InvalidGroup.Duplicate") {
fmt.Println("Failed to create security group.")
return err
}
continue
}
everywhere := "0.0.0.0/0"
proto := "tcp"
//var fromPort int64
//fromPort = -1
asgii := &ec2.AuthorizeSecurityGroupIngressInput{CidrIp: &everywhere, FromPort: &config.AllSecurityGroups[j].TcpPort, ToPort: &config.AllSecurityGroups[j].TcpPort, GroupId: csgo.GroupId, IpProtocol: &proto}
_, err = c.AuthorizeSecurityGroupIngress(asgii)
//fmt.Println("Adding security group", asgii)
if err != nil {
fmt.Println("Failed to add rule to security group: ", err)
return err
}
}
return nil
}