How to use the troposphere.ec2.SecurityGroup function in troposphere
To help you get started, we’ve selected a few troposphere examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
couchbaselabs / mobile-testkit / libraries / provision / cloudformation_template.py View on Github 
def createCouchbaseSecurityGroups(t):
# Couchbase security group
secGrpCouchbase = ec2.SecurityGroup('CouchbaseSecurityGroup')
secGrpCouchbase.GroupDescription = "Allow access to Couchbase Server"
secGrpCouchbase.SecurityGroupIngress = [
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="8091",
ToPort="8096",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",Policies=[
assets_management_policy,
logging_policy,
]
)
# EC2 instance profile
instance_profile = iam.InstanceProfile(
"ContainerInstanceProfile",
template=template,
Path="/",
Roles=[Ref(instance_role)],
)
# EC2 security group
security_group = template.add_resource(ec2.SecurityGroup(
'SecurityGroup',
GroupDescription='Allows SSH access from SshCidr and HTTP/HTTPS access from anywhere.',
VpcId=Ref(vpc),
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol='tcp',
FromPort=22,
ToPort=22,
CidrIp=Ref(ssh_cidr),
),
ec2.SecurityGroupRule(
IpProtocol='tcp',
FromPort=80,
ToPort=80,
CidrIp='0.0.0.0/0',
),def create_security_group(self):
t = self.template
sg = t.add_resource(
ec2.SecurityGroup(
SECURITY_GROUP,
GroupDescription="%s security group" % self.name,
VpcId=self.get_variables()["VpcId"]))
t.add_output(Output("SecurityGroup", Value=Ref(sg)))t.add_output(
Output('EmpireMinionSG', Value=Ref(CLUSTER_SG_NAME)))
# Allow all ports within cluster
t.add_resource(
ec2.SecurityGroupIngress(
"EmpireMinionAllTCPAccess",
IpProtocol='-1', FromPort='-1', ToPort='-1',
SourceSecurityGroupId=Ref(CLUSTER_SG_NAME),
GroupId=Ref(CLUSTER_SG_NAME)))
# Application ELB Security Groups
# Internal
for elb in ('public', 'private'):
group_name = "Empire%sAppELBSG" % elb.capitalize()
t.add_resource(
ec2.SecurityGroup(
group_name,
GroupDescription=group_name,
VpcId=Ref("VpcId"),
Tags=Tags(Name='%s-app-elb-sg' % elb)))
t.add_output(
Output("%sEmpireAppELBSG" % elb.capitalize(),
Value=Ref(group_name)))
# Allow ELB to talk to cluster on 9000-10000
t.add_resource(
ec2.SecurityGroupIngress(
"Empire%sAppPort9000To10000" % elb.capitalize(),
IpProtocol="tcp", FromPort=9000, ToPort=10000,
SourceSecurityGroupId=Ref(group_name),
GroupId=Ref(CLUSTER_SG_NAME)))def create_security_group(self):
t = self.template
sg_name = RDS_SG_NAME % self.name
sg = t.add_resource(
ec2.SecurityGroup(
sg_name,
GroupDescription='%s RDS security group' % sg_name,
VpcId=Ref("VpcId")))
t.add_output(Output("SecurityGroup", Value=Ref(sg)))t = self.template
variables = self.get_variables()
# Only create security group if NAT Instances are being used.
if not variables["UseNatGateway"]:
nat_private_in_all_rule = ec2.SecurityGroupRule(
IpProtocol='-1', FromPort='-1', ToPort='-1',
SourceSecurityGroupId=Ref(DEFAULT_SG)
)
nat_public_out_all_rule = ec2.SecurityGroupRule(
IpProtocol='-1', FromPort='-1', ToPort='-1', CidrIp='0.0.0.0/0'
)
return t.add_resource(
ec2.SecurityGroup(
NAT_SG,
VpcId=VPC_ID,
GroupDescription='NAT Instance Security Group',
SecurityGroupIngress=[nat_private_in_all_rule],
SecurityGroupEgress=[nat_public_out_all_rule, ]
)Description='Physical resource ID of an AWS::IAM::Role for the leader'
), source='MesosLeaderInstanceProfile')
mesos_leader_instance_type_param = self.add_parameter(Parameter(
'MesosLeaderInstanceType', Type='String', Default='r3.large',
Description='Leader EC2 instance type',
AllowedValues=utils.EC2_INSTANCE_TYPES,
ConstraintDescription='must be a valid EC2 instance type.'
), source='MesosLeaderInstanceType')
mesos_leader_subnet_param = self.add_parameter(Parameter(
'MesosSubnet', Type='CommaDelimitedList',
Description='A list of subnets to associate with the Mesos leaders'
), source='MesosSubnet')
mesos_leader_security_group = self.add_resource(ec2.SecurityGroup(
'sgMesosLeader',
GroupDescription='Enables access to the MesosLeader',
VpcId=Ref(vpc_param),
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol='tcp', CidrIp=Ref(office_cidr_param),
FromPort=p, ToPort=p)
for p in [
22, # SSH
1723, # PPTPD
2181, # Zookeeper
4040, # Spark
5050, # Mesos
8080, # Marathon
8081, # Graphite Web
8090, # Grafana
9200, # ElasticSearch{
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": {"Fn::Join":["", ["arn:aws:s3:::", {"Ref": "S3BucketName"},"/*"]]}
},
{
"Effect": "Allow",
"Action": [ "s3:ListBucket"],
"Resource": {"Fn::Join":["", ["arn:aws:s3:::", {"Ref": "S3BucketName"}]]}
}
],
},
Condition="Has_Bucket"
)),
NFSSecurityGroup = t.add_resource(SecurityGroup(
"NFSSecurityGroup",
VpcId = Ref(VPCId),
GroupDescription = "NFS Secuirty group",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="2049",
ToPort="2049",
CidrIp=Ref(NFSCidr),
),
]
))
SshSecurityGroup = t.add_resource(SecurityGroup(
"SshSecurityGroup",
VpcId = Ref(VPCId),def create_nat_security_groups(self):
t = self.template
# First setup the NAT Security Group Rules
nat_private_in_all_rule = ec2.SecurityGroupRule(
IpProtocol='-1', FromPort='-1', ToPort='-1',
SourceSecurityGroupId=Ref(DEFAULT_SG))
nat_public_out_all_rule = ec2.SecurityGroupRule(
IpProtocol='-1', FromPort='-1', ToPort='-1', CidrIp='0.0.0.0/0')
return t.add_resource(ec2.SecurityGroup(
NAT_SG,
VpcId=VPC_ID,
GroupDescription='NAT Instance Security Group',
SecurityGroupIngress=[nat_private_in_all_rule],
SecurityGroupEgress=[nat_public_out_all_rule, ]))ToPort=ALL,
)
)
# Allow unlimited traffic from router to backend servers
template.add_resource(
SecurityGroupIngress(
"RouterToBackendSecurityGroupIngressRule",
GroupId=Ref(backend_security_group),
IpProtocol=ALL,
SourceSecurityGroupId=Ref(router_security_group),
FromPort=ALL,
ToPort=ALL,
)
)
aws_elb_security_group = SecurityGroup(
"AwsElbSecurityGroup",
template=template,
GroupDescription="AWS elastic load balancer security group.",
VpcId=Ref(vpc),
SecurityGroupIngress=[
# allow incoming traffic from the public internet to the AWS ELB on ports 80 and 443
SecurityGroupRule(
IpProtocol="tcp", FromPort=port, ToPort=port, CidrIp="0.0.0.0/0"
)
for port in ["80", "443"]
],
)
web_security_group = SecurityGroup(
"WebServerSecurityGroup",
template=template,
Popular troposphere functions
- troposphere.AWSObject
- troposphere.AWSProperty
- troposphere.ec2
- troposphere.ec2.Instance
- troposphere.ec2.SecurityGroup
- troposphere.ec2.SecurityGroupRule
- troposphere.Equals
- troposphere.FindInMap
- troposphere.GetAtt
- troposphere.iam
- troposphere.iam.Policy
- troposphere.iam.Role
- troposphere.If
- troposphere.Join
- troposphere.Output
- troposphere.Parameter
- troposphere.Ref
- troposphere.Sub
- troposphere.Tags
- troposphere.Template