Class: Serverspec::Type::AWS::EC2::SecurityGroup

Inherits:
Base
  • Object
show all
Defined in:
lib/resources/ec2/security_group.rb

Overview

The SecurityGroup class exposes the EC2::SecurityGroup resources

Instance Method Summary collapse

Constructor Details

#initialize(sg_id, instance = nil) ⇒ SecurityGroup

AWS SDK for Ruby v2 Aws::EC2::Client wrapper for initializing a SecurityGroup resource

Parameters:

  • sg_id (String)

    The ID of the SecurityGroup

  • instance (Class) (defaults to: nil)

    Aws::EC2::Client instance

Raises:

  • (RuntimeError)

    if sgs.nil?

  • (RuntimeError)

    if sgs.length == 0

  • (RuntimeError)

    if sgs.length > 1



17
18
19
20
21
22
 
# File 'lib/resources/ec2/security_group.rb', line 17

def initialize(sg_id, instance = nil)
  check_init_arg 'sg_id', 'EC2::SecurityGroup', sg_id
  @sg_id = sg_id
  @aws = instance.nil? ? Aws::EC2::Client.new : instance
  get_security_group sg_id
end

Instance Method Details

#accessible_from?(cidr_s) ⇒ Boolean

Do the security group rules permit connections from the given CIDR range? Returns true iff there is an ingress rule with a source that contains the given CIDR range.

Parameters:

  • cidr_s (String)

    The CIDR range to test

Returns:

  • (Boolean)

    True if this SG allows access from the given CIDR



79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/resources/ec2/security_group.rb', line 79

def accessible_from?(cidr_s)
  return false if ingress_permissions.empty?

  cidr = NetAddr::CIDR.create(cidr_s)
  allowed_cidrs = ingress_permissions.map(&:ip_ranges)
                                     .flatten.map(&:cidr_ip)
  matching_rules = allowed_cidrs.map do |source_cidr|
    cidr == source_cidr || cidr.is_contained?(source_cidr)
  end
  matching_rules.include? true
end

#descriptionString

A description of the security group

Returns:

  • (String) 


44
45
46
 
# File 'lib/resources/ec2/security_group.rb', line 44

def description
  @sg.description
end

#egress_permissionsArray(Hash)

EC2-VPC

One or more outbound rules associated with the security

group

Returns:

  • (Array(Hash)) 


57
58
59
 
# File 'lib/resources/ec2/security_group.rb', line 57

def egress_permissions
  @sg.ip_permissions_egress
end

#group_nameString

The name of the security group

Returns:

  • (String) 


38
39
40
 
# File 'lib/resources/ec2/security_group.rb', line 38

def group_name
  @sg.group_name
end

#ingress_permissionsArray(Hash)

One or more inbound rules associated with the security group

Returns:

  • (Array(Hash)) 


50
51
52
 
# File 'lib/resources/ec2/security_group.rb', line 50

def ingress_permissions
  @sg.ip_permissions
end

#owner_idString

The AWS account ID of the owner of the security group

Returns:

  • (String) 


32
33
34
 
# File 'lib/resources/ec2/security_group.rb', line 32

def owner_id
  @sg.owner_id
end

#tagsArray(Hash)

Any tags assigned to the security group

Returns:

  • (Array(Hash)) 


69
70
71
 
# File 'lib/resources/ec2/security_group.rb', line 69

def tags
  @sg.tags
end

#to_sString

Returns the string representation of EC2::SecurityGroup

Returns:

  • (String) 


26
27
28
 
# File 'lib/resources/ec2/security_group.rb', line 26

def to_s
  "EC2 SecurityGroup: #{@sg_id}"
end

#vpc_idString

EC2-VPC

The ID of the VPC for the security group

Returns:

  • (String) 


63
64
65
 
# File 'lib/resources/ec2/security_group.rb', line 63

def vpc_id
  @sg.vpc_id
end