Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add SourcePrefixListId to SecurityGroupRule #1762

Merged
merged 1 commit into from
Aug 19, 2020
Merged

Add SourcePrefixListId to SecurityGroupRule #1762

merged 1 commit into from
Aug 19, 2020

Conversation

James-TR
Copy link
Contributor

Add SourcePrefixListId to combined SecurityGroupRule for consistency
with SecurityGroupIngress and SecurityGroupEgress

@James-TR @JamesTK-origin
Add SourcePrefixListId to SecurityGroupRule
33dd7c5 
Add SourcePrefixListId to combined SecurityGroupRule for consistency
with SecurityGroupIngress and SecurityGroupEgress
@James-TR James-TR force-pushed the fix/source_prefix_list_id branch from 39186a9 to 33dd7c5 Compare August 11, 2020 05:13
@PatMyron
Copy link
Contributor

Where is this SecurityGroupRule class used?

@James-TR
Copy link
Contributor Author

James-TR commented Aug 19, 2020
edited
Loading

I'm using it to inline security group rules into the SecurityGroupIngress and SecurityGroupEgress properties of a SecurityGroup by creating a list of SecurityGroupRule classes. This saves creating an ingress in the resultant CF template per-rule and allows everything to be nicely inlined.

In my case I have a number of locations which need the same set of ports alowed into an ingress rule on the security group, so I just throw these into an list and call a loop over it to populate my ingresses.

locations = [
    {'Network': 'pl-1234567890123456a', 'Location': 'VPN'},
    {'Network': 'pl-1234567890123456b', 'Location': 'Offices'}
]

sg_ingress = []
for config in locations:
    sg_ingress.append(
        SecurityGroupRule(
            SourcePrefixListId=config['Network'],
            Description=f"{config['Location']} - SSH",
            FromPort="22",
            ToPort="22",
            IpProtocol="tcp"
        )
    )
    sg_ingress.append(
        SecurityGroupRule(
            SourcePrefixListId=config['Network'],
            Description=f"{config['Location']} - RDP",
            FromPort="3389",
            ToPort="3389",
            IpProtocol="tcp"
        )
    )
    sg_ingress.append(
        SecurityGroupRule(
            SourcePrefixListId=config['Network'],
            Description=f"{config['Location']} - WinRM",
            FromPort="5986",
            ToPort="5986",
            IpProtocol="tcp"
        )
    )

t.add_resource(SecurityGroup(
    'AccessSg',
    SecurityGroupIngress=sg_ingress,
    VpcId=Ref("VPCId"),
    GroupDescription="Access Security Group",
    Tags=Tags(
        Name="Access SG"
    )
))

@PatMyron
Copy link
Contributor

Got it, used for these lists:

troposphere/troposphere/ec2.py

Lines 597 to 598 in 3fff834

'SecurityGroupEgress': (list, False),
'SecurityGroupIngress': (list, False),

AWS::EC2::SecurityGroup.Ingress.SourcePrefixListId

@PatMyron PatMyron merged commit 1c43a00 into cloudtools:master Aug 19, 2020
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@James-TR @PatMyron