// SGStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch // a security group. func SGStateRefreshFunc(conn *ec2.EC2, id string) resource.StateRefreshFunc { return func() (interface{}, string, error) { req := &ec2.DescribeSecurityGroupsInput{ GroupIds: []*string{aws.String(id)}, } resp, err := conn.DescribeSecurityGroups(req) if err != nil { if ec2err, ok := err.(awserr.Error); ok { if ec2err.Code() == "InvalidSecurityGroupID.NotFound" || ec2err.Code() == "InvalidGroup.NotFound" { resp = nil err = nil } } if err != nil { log.Printf("Error on SGStateRefresh: %s", err) return nil, "", err } } if resp == nil { return nil, "", nil } group := resp.SecurityGroups[0] return group, "exists", nil } }
func getSecurityGroupIds(c *ec2.EC2, config *Config, secgroups []string) []*string { //secgroups := make([]*string,0) secgroupids := make([]*string, 0) for i := range secgroups { filters := make([]*ec2.Filter, 0) keyname := "group-name" keyname2 := "vpc-id" filter := ec2.Filter{ Name: &keyname, Values: []*string{&secgroups[i]}} filter2 := ec2.Filter{ Name: &keyname2, Values: []*string{&config.VpcId}} filters = append(filters, &filter) filters = append(filters, &filter2) //fmt.Println("Filters ", filters) dsgi := &ec2.DescribeSecurityGroupsInput{Filters: filters} dsgo, err := c.DescribeSecurityGroups(dsgi) if err != nil { fmt.Println("Describe security groups failed.") panic(err) } for i := range dsgo.SecurityGroups { secgroupids = append(secgroupids, dsgo.SecurityGroups[i].GroupId) } } //fmt.Println("Security Groups!", secgroupids) return secgroupids }
func getSecurityGroupIdsByVPC(c *ec2.EC2, vpcid string) []*string { secgroupids := make([]*string, 0) filters := make([]*ec2.Filter, 0) keyname := "vpc-id" filter := ec2.Filter{ Name: &keyname, Values: []*string{&vpcid}} filters = append(filters, &filter) dsgi := &ec2.DescribeSecurityGroupsInput{Filters: filters} dsgo, err := c.DescribeSecurityGroups(dsgi) if err != nil { fmt.Println("Describe security groups failed.") panic(err) } for i := range dsgo.SecurityGroups { if *dsgo.SecurityGroups[i].GroupName == "default" { continue } else { secgroupids = append(secgroupids, dsgo.SecurityGroups[i].GroupId) } } return secgroupids }
// Get all security groups from the environment func getAllSecurityGroups(ec2client *ec2.EC2) ([]*ec2.SecurityGroup, error) { //Connect to aws and attempt to get all security groups dsgResp, err := ec2client.DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{}) // If we got an error while gathering all of the groups, return it. if err != nil { return []*ec2.SecurityGroup{}, err } return dsgResp.SecurityGroups, nil }
func WaitUntilSecurityGroupExists(c *ec2.EC2, input *ec2.DescribeSecurityGroupsInput) error { for i := 0; i < 40; i++ { _, err := c.DescribeSecurityGroups(input) if err != nil { log.Printf("[DEBUG] Error querying security group %v: %s", input.GroupIds, err) time.Sleep(15 * time.Second) continue } return nil } return fmt.Errorf("timed out") }
// EC2 functions that should be libraried func resolveSg(secGroup string, client *ec2.EC2) string { // takes sg-xxxxxxx and client, then returns the name of the security group resp, err := client.DescribeSecurityGroups(nil) utils.HandleErr(err) for x := 0; x < len(resp.SecurityGroups); x++ { if *resp.SecurityGroups[x].GroupID == secGroup { secGroup = *resp.SecurityGroups[x].GroupName break } } return secGroup }
func processSecurityGroups(svc *ec2.EC2, pageSize int64, apply func([]*string)) { securityGroups, err := svc.DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{}) kingpin.FatalIfError(err, "Could not retrieve EC2 security groups") var sgIds []*string for _, sg := range securityGroups.SecurityGroups { sgIds = append(sgIds, sg.GroupId) } apply(sgIds) }
func findResourceSecurityGroup(conn *ec2.EC2, id string) (*ec2.SecurityGroup, error) { req := &ec2.DescribeSecurityGroupsInput{ GroupIDs: []*string{aws.String(id)}, } resp, err := conn.DescribeSecurityGroups(req) if err != nil { return nil, err } if resp == nil || len(resp.SecurityGroups) != 1 || resp.SecurityGroups[0] == nil { return nil, fmt.Errorf( "Expected to find one security group with ID %q, got: %#v", id, resp.SecurityGroups) } return resp.SecurityGroups[0], nil }
//func describeSecurityGroups(svc *ec2.EC2, groupId []*ec2.GroupIdentifier) { func describeSecurityGroups(svc *ec2.EC2, instance *Instance) { //groupId []*ec2.GroupIdentifier) { //func describeSecurityGroups(svc string, groupId []string) { //fmt.Printf("%+v\n", groupId) for _, sgGroupId := range instance.securityGroups { params := &ec2.DescribeSecurityGroupsInput{ GroupIds: []*string{ aws.String(*sgGroupId.GroupId), }, } //resp, err := svc.DescribeSecurityGroups(params) resp, err := svc.DescribeSecurityGroups(params) if err != nil { panic(err) } //fmt.Printf("%+v\n", resp) for _, openPorts := range resp.SecurityGroups[0].IpPermissions { //openPort := OpenPort{Protocol: ports.Protocol, Port: ports.PortId, Type: ports.Service.Name} //instance.NmapOpenPorts = append(instance.NmapOpenPorts, openPort) //if openPorts.FromPort != nil { // fmt.Println(*openPorts.FromPort) //} //if openPorts.ToPort != nil { // fmt.Println(*openPorts.ToPort) //} //if openPorts.IpProtocol != nil { // fmt.Println(*openPorts.IpProtocol) //} if openPorts.IpRanges != nil { //fmt.Println("Ranges open for ports ", *openPorts.FromPort, "to", *openPorts.ToPort) for _, ranges := range openPorts.IpRanges { if *ranges.CidrIp == "0.0.0.0/0" { fmt.Println("Found open SG, comparing...") var port int if openPorts.FromPort != nil { port = *openPorts.FromPort } } //fmt.Println(ranges) } } // compare } } }
func findResourceSecurityGroup(conn *ec2.EC2, id string) (*ec2.SecurityGroup, error) { req := &ec2.DescribeSecurityGroupsInput{ GroupIds: []*string{aws.String(id)}, } resp, err := conn.DescribeSecurityGroups(req) if err, ok := err.(awserr.Error); ok && err.Code() == "InvalidGroup.NotFound" { return nil, securityGroupNotFound{id, nil} } if err != nil { return nil, err } if resp == nil { return nil, securityGroupNotFound{id, nil} } if len(resp.SecurityGroups) != 1 || resp.SecurityGroups[0] == nil { return nil, securityGroupNotFound{id, resp.SecurityGroups} } return resp.SecurityGroups[0], nil }
func resourceAwsVpcSetDefaultSecurityGroup(conn *ec2.EC2, d *schema.ResourceData) error { filter1 := &ec2.Filter{ Name: aws.String("group-name"), Values: []*string{aws.String("default")}, } filter2 := &ec2.Filter{ Name: aws.String("vpc-id"), Values: []*string{aws.String(d.Id())}, } DescribeSgOpts := &ec2.DescribeSecurityGroupsInput{ Filters: []*ec2.Filter{filter1, filter2}, } securityGroupResp, err := conn.DescribeSecurityGroups(DescribeSgOpts) if err != nil { return err } if v := securityGroupResp.SecurityGroups; len(v) > 0 { d.Set("default_security_group_id", v[0].GroupID) } return nil }