How to use the troposphere.ec2.SecurityGroupRule function in troposphere

To help you get started, we’ve selected a few troposphere examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github cloudtools / troposphere / examples / ElastiCacheRedis.py View on Github external
'WebServerInstanceProfile',
        Path='/',
        Roles=[Ref(webserverrole)],
    ))

    webserversg = template.add_resource(ec2.SecurityGroup(
        'WebServerSecurityGroup',
        GroupDescription='Enable HTTP and SSH access',
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(
                IpProtocol='tcp',
                FromPort='22',
                ToPort='22',
                CidrIp=Ref(sshlocation),
                ),
            ec2.SecurityGroupRule(
                IpProtocol='tcp',
                FromPort='80',
                ToPort='80',
                CidrIp='0.0.0.0/0',
                )
            ]
        ))

    webserverinstance = template.add_resource(ec2.Instance(
        'WebServerInstance',
        Metadata=cloudformation.Metadata(
            cloudformation.Init({
                'config': cloudformation.InitConfig(
                    packages={
                        'yum': {
                            'httpd':     [],
github elifesciences / builder / src / buildercore / trop.py View on Github external
def _port_to_dict(port, configuration):
        return ec2.SecurityGroupRule(**{
            'FromPort': port,
            'ToPort': configuration.get('guest', port),
            'IpProtocol': configuration.get('protocol', 'tcp'),
            'CidrIp': configuration.get('cidr-ip', '0.0.0.0/0'),
        })
github cloudtools / stacker / stacker / blueprints / vpc.py View on Github external
def create_nat_security_groups(self):
        t = self.template
        # First setup the NAT Security Group Rules
        nat_private_in_all_rule = ec2.SecurityGroupRule(
            IpProtocol='-1', FromPort='-1', ToPort='-1',
            SourceSecurityGroupId=Ref(DEFAULT_SG))

        nat_public_out_all_rule = ec2.SecurityGroupRule(
            IpProtocol='-1', FromPort='-1', ToPort='-1', CidrIp='0.0.0.0/0')

        return t.add_resource(ec2.SecurityGroup(
            NAT_SG,
            VpcId=VPC_ID,
            GroupDescription='NAT Instance Security Group',
            SecurityGroupIngress=[nat_private_in_all_rule],
            SecurityGroupEgress=[nat_public_out_all_rule, ]))
github streamlit / streamlit / scripts / create_streamlit_cloudformation_template.py View on Github external
def setup_security_group(self):
        self._resources.update({
            'Ec2InstanceSecurityGroup': ec2.SecurityGroup(
                'Ec2InstanceSecurityGroup',
                GroupDescription='Enable Streamlit access via port 8501 and SSH access via port 22',
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
                        IpProtocol='tcp',
                        FromPort='22',
                        ToPort='22',
                        CidrIp=Ref(self._parameters['SshLocation'])),
                    ec2.SecurityGroupRule(
                        IpProtocol='tcp',
                        FromPort='8501',
                        ToPort='8501',
                        CidrIp=Ref(self._parameters['SshLocation'])),
                ],
                VpcId=Ref(self._parameters['VpcId']),
                Tags=Tags(
                    Application=self._stack_id,
                    Name=Sub('Streamlit Security Group (${AWS::StackName})'),
                ),
                DependsOn='StackDeletorRole',
            ),
github WikiWatershed / model-my-watershed / deployment / cfn / application.py View on Github external
IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p
                )
                for p in [HTTP]
            ],
            Tags=self.get_tags(Name=app_server_lb_security_group_name)
        ))

        app_server_security_group_name = 'sgAppServer'

        app_server_security_group = self.add_resource(ec2.SecurityGroup(
            app_server_security_group_name,
            DependsOn='sgAppServerLoadBalancer',
            GroupDescription='Enables access to application servers',
            VpcId=Ref(self.vpc_id),
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p
                )
                for p in [SSH, HTTP]
            ] + [
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', SourceSecurityGroupId=Ref(sg),
                    FromPort=HTTP, ToPort=HTTP
                )
                for sg in [app_server_lb_security_group]
            ],
            SecurityGroupEgress=[
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p
                )
                for p in [POSTGRESQL, REDIS]
            ] + [
github ClusterHQ / flocker / admin / installer / cloudformation.py View on Github external
# Select a random AvailabilityZone within given AWS Region.
zone = Select(0, GetAZs(""))

# S3 bucket to hold {Flocker, Docker, Swarm} configuration for distribution
# between nodes.
s3bucket = Bucket('ClusterConfig',
                  DeletionPolicy='Retain')
template.add_resource(s3bucket)

# Create SecurityGroup for cluster instances.
instance_sg = template.add_resource(
    ec2.SecurityGroup(
        "InstanceSecurityGroup",
        GroupDescription="Enable ingress access on all protocols and ports.",
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(
                IpProtocol=protocol,
                FromPort="0",
                ToPort="65535",
                CidrIp="0.0.0.0/0",
            ) for protocol in ('tcp', 'udp')
        ]
    )
)

# Base for post-boot {Flocker, Docker, Swarm} configuration on the nodes.
base_user_data = [
    '#!/bin/bash\n',
    'aws_region="', Ref("AWS::Region"), '"\n',
    'aws_zone="', zone, '"\n',
    'access_key_id="', Ref(access_key_id_param), '"\n',
    'secret_access_key="', Ref(secret_access_key_param), '"\n',
github carlsborg / dust / dustcluster / commands / clusterops.py View on Github external
def configure_security_groups(vpc_subnet, vpc_id):

    node_sec_group = ec2.SecurityGroup('DustNodeSG')
    node_sec_group.GroupDescription = "Allow incoming ssh and icmp and all intracluster tcp"
    if vpc_subnet:
        node_sec_group.VpcId = vpc_id

    ssh_in_rule = ec2.SecurityGroupRule()
    ssh_in_rule.FromPort = 22
    ssh_in_rule.ToPort = 22
    ssh_in_rule.CidrIp = "0.0.0.0/0"
    ssh_in_rule.IpProtocol = 'tcp'

    icmp_in_rule = ec2.SecurityGroupRule()
    icmp_in_rule.FromPort = -1
    icmp_in_rule.ToPort = -1
    icmp_in_rule.CidrIp = "0.0.0.0/0"
    icmp_in_rule.IpProtocol = 'icmp'

    node_sec_group.SecurityGroupIngress = [ssh_in_rule, icmp_in_rule]

    intracluster_sec_group = ec2.SecurityGroupIngress('DustIntraClusterSG')
    if vpc_subnet:
        intracluster_sec_group.GroupId = Ref(node_sec_group)
github DualSpark / cloudformation-environmentbase / src / environmentbase / patterns / base_network.py View on Github external
def construct_network(self):
        """
        Main function to construct VPC, subnets, security groups, NAT instances, etc
        """
        network_config = self.network_config
        nat_config = self.nat_config
        az_count = self.az_count

        self.add_network_cidr_mapping(network_config=network_config)
        self._prepare_subnets(self._subnet_configs)
        self.create_network_components(network_config=network_config, nat_config=nat_config)

        self._common_security_group = self.add_resource(ec2.SecurityGroup('commonSecurityGroup',
            GroupDescription='Security Group allows ingress and egress for common usage patterns throughout this deployed infrastructure.',
            VpcId=self.vpc_id,
            SecurityGroupEgress=[ec2.SecurityGroupRule(
                        FromPort='80',
                        ToPort='80',
                        IpProtocol='tcp',
                        CidrIp='0.0.0.0/0'),
                    ec2.SecurityGroupRule(
                        FromPort='443',
                        ToPort='443',
                        IpProtocol='tcp',
                        CidrIp='0.0.0.0/0'),
                    ec2.SecurityGroupRule(
                        FromPort='123',
                        ToPort='123',
                        IpProtocol='udp',
                        CidrIp='0.0.0.0/0')],
            SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
github WikiWatershed / model-my-watershed / deployment / cfn / worker.py View on Github external
)
                for p in [SSH, HTTP]
            ] + [
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', SourceSecurityGroupId=Ref(sg),
                    FromPort=HTTP, ToPort=HTTP
                )
                for sg in [worker_lb_security_group]
            ],
            SecurityGroupEgress=[
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p
                )
                for p in [POSTGRESQL, REDIS]
            ] + [
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=ALLOW_ALL_CIDR, FromPort=p,
                    ToPort=p
                )
                for p in [HTTP, HTTPS]
            ],
            Tags=self.get_tags(Name=worker_security_group_name)
        ))

        return worker_lb_security_group, worker_security_group
github WikiWatershed / model-my-watershed / deployment / cfn / application.py View on Github external
))

        app_server_security_group_name = 'sgAppServer'

        app_server_security_group = self.add_resource(ec2.SecurityGroup(
            app_server_security_group_name,
            DependsOn='sgAppServerLoadBalancer',
            GroupDescription='Enables access to application servers',
            VpcId=Ref(self.vpc_id),
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p
                )
                for p in [SSH, HTTP]
            ] + [
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', SourceSecurityGroupId=Ref(sg),
                    FromPort=HTTP, ToPort=HTTP
                )
                for sg in [app_server_lb_security_group]
            ],
            SecurityGroupEgress=[
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=VPC_CIDR, FromPort=p, ToPort=p
                )
                for p in [POSTGRESQL, REDIS]
            ] + [
                ec2.SecurityGroupRule(
                    IpProtocol='tcp', CidrIp=ALLOW_ALL_CIDR, FromPort=p,
                    ToPort=p
                )
                for p in [HTTP, HTTPS]