// convert group names to ids, which are needed for vpcs
func getGroupIds(client *ec2.EC2, names []string) []*string {
// get names as array of aws.String objects
values := make([]*string, len(names))
for i, name := range names {
values[i] = aws.String(name)
}
// request params as filter for names
params := &ec2.DescribeSecurityGroupsInput{
Filters: []*ec2.Filter{
{
Name: aws.String("group-name"),
Values: values,
},
},
}
// send request
resp, err := client.DescribeSecurityGroups(params)
check(err)
// return ids
for i, group := range resp.SecurityGroups {
values[i] = group.GroupId
}
return values
}
// revoke permission from security group
func revokeGroup(client *ec2.EC2, id *string, protocol *string, port *int, cidr *string) {
// make the request
params := &ec2.RevokeSecurityGroupIngressInput{
GroupId: aws.String(*id),
IpProtocol: aws.String(*protocol),
FromPort: aws.Int64(int64(*port)),
ToPort: aws.Int64(int64(*port)),
CidrIp: aws.String(*cidr),
}
_, err := client.RevokeSecurityGroupIngress(params)
// be idempotent, i.e. skip error if this permission does not exist in group
if err != nil {
if err.(awserr.Error).Code() != "InvalidPermission.NotFound" {
panic(err)
}
}
}