salt.modules.boto_secgroup

Connection module for Amazon Security Groups

New in version 2014.7.0.

configuration

This module accepts explicit ec2 credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:

secgroup.keyid: GKTADJGHEIQSXMKKRBJ08H
secgroup.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be specified in the configuration:

secgroup.region: us-east-1

If a region is not specified, the default is us-east-1.

It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1
depends

boto

salt.modules.boto_secgroup.authorize(name=None, source_group_name=None, source_group_owner_id=None, ip_protocol=None, from_port=None, to_port=None, cidr_ip=None, group_id=None, source_group_group_id=None, region=None, key=None, keyid=None, profile=None, vpc_id=None, vpc_name=None, egress=False)

Add a new rule to an existing security group.

CLI example:

salt myminion boto_secgroup.authorize mysecgroup ip_protocol=tcp from_port=80 to_port=80 cidr_ip='['10.0.0.0/8', '192.168.0.0/24']'
salt.modules.boto_secgroup.convert_to_group_ids(groups, vpc_id=None, vpc_name=None, region=None, key=None, keyid=None, profile=None)

Given a list of security groups and a vpc_id, convert_to_group_ids will convert all list items in the given list to security group ids.

CLI example:

salt myminion boto_secgroup.convert_to_group_ids mysecgroup vpc-89yhh7h
salt.modules.boto_secgroup.create(name, description, vpc_id=None, vpc_name=None, region=None, key=None, keyid=None, profile=None)

Create a security group.

CLI example:

salt myminion boto_secgroup.create mysecgroup 'My Security Group'
salt.modules.boto_secgroup.delete(name=None, group_id=None, region=None, key=None, keyid=None, profile=None, vpc_id=None, vpc_name=None)

Delete a security group.

CLI example:

salt myminion boto_secgroup.delete mysecgroup
salt.modules.boto_secgroup.delete_tags(tags, name=None, group_id=None, vpc_name=None, vpc_id=None, region=None, key=None, keyid=None, profile=None)

deletes tags from a security group

New in version 2016.3.0.

tags

a list of tags to remove

name

the name of the security group

group_id

the group id of the security group (in lie of a name/vpc combo)

vpc_name

the name of the vpc to search the named group for

vpc_id

the id of the vpc, in lieu of the vpc_name

region

the amazon region

key

amazon key

keyid

amazon keyid

profile

amazon profile

CLI example:

salt myminion boto_secgroup.delete_tags ['TAG_TO_DELETE1','TAG_TO_DELETE2'] security_group_name vpc_id=vpc-13435 profile=my_aws_profile
salt.modules.boto_secgroup.exists(name=None, region=None, key=None, keyid=None, profile=None, vpc_id=None, vpc_name=None, group_id=None)

Check to see if a security group exists.

CLI example:

salt myminion boto_secgroup.exists mysecgroup
salt.modules.boto_secgroup.get_all_security_groups(groupnames=None, group_ids=None, filters=None, region=None, key=None, keyid=None, profile=None)

Return a list of all Security Groups matching the given criteria and filters.

Note that the 'groupnames' argument only functions correctly for EC2 Classic and default VPC Security Groups. To find groups by name in other VPCs you'll want to use the 'group-name' filter instead.

Valid keys for the filters argument are:

description - The description of the security group. egress.ip-permission.prefix-list-id - The ID (prefix) of the AWS service to which the security group allows access. group-id - The ID of the security group. group-name - The name of the security group. ip-permission.cidr - A CIDR range that has been granted permission. ip-permission.from-port - The start of port range for the TCP and UDP protocols, or an ICMP type number. ip-permission.group-id - The ID of a security group that has been granted permission. ip-permission.group-name - The name of a security group that has been granted permission. ip-permission.protocol - The IP protocol for the permission (tcp | udp | icmp or a protocol number). ip-permission.to-port - The end of port range for the TCP and UDP protocols, or an ICMP code. ip-permission.user-id - The ID of an AWS account that has been granted permission. owner-id - The AWS account ID of the owner of the security group. tag-key - The key of a tag assigned to the security group. tag-value - The value of a tag assigned to the security group. vpc-id - The ID of the VPC specified when the security group was created.

CLI example:

salt myminion boto_secgroup.get_all_security_groups filters='{group-name: mygroup}'
salt.modules.boto_secgroup.get_config(name=None, group_id=None, region=None, key=None, keyid=None, profile=None, vpc_id=None, vpc_name=None)

Get the configuration for a security group.

CLI example:

salt myminion boto_secgroup.get_config mysecgroup
salt.modules.boto_secgroup.get_group_id(name, vpc_id=None, vpc_name=None, region=None, key=None, keyid=None, profile=None)

Get a Group ID given a Group Name or Group Name and VPC ID

CLI example:

salt myminion boto_secgroup.get_group_id mysecgroup
salt.modules.boto_secgroup.revoke(name=None, source_group_name=None, source_group_owner_id=None, ip_protocol=None, from_port=None, to_port=None, cidr_ip=None, group_id=None, source_group_group_id=None, region=None, key=None, keyid=None, profile=None, vpc_id=None, vpc_name=None, egress=False)

Remove a rule from an existing security group.

CLI example:

salt myminion boto_secgroup.revoke mysecgroup ip_protocol=tcp from_port=80 to_port=80 cidr_ip='10.0.0.0/8'
salt.modules.boto_secgroup.set_tags(tags, name=None, group_id=None, vpc_name=None, vpc_id=None, region=None, key=None, keyid=None, profile=None)

sets tags on a security group

New in version 2016.3.0.

tags

a dict of key:value pair of tags to set on the security group

name

the name of the security group

group_id

the group id of the security group (in lie of a name/vpc combo)

vpc_name

the name of the vpc to search the named group for

vpc_id

the id of the vpc, in lieu of the vpc_name

region

the amazon region

key

amazon key

keyid

amazon keyid

profile

amazon profile

CLI example:

salt myminion boto_secgroup.set_tags "{'TAG1': 'Value1', 'TAG2': 'Value2'}" security_group_name vpc_id=vpc-13435 profile=my_aws_profile