Skip to content

PSComputer/grouper

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
lib
lib
 
 
.gitignore
.gitignore
 
 
Readme.markdown
Readme.markdown
 
 
example-vpc.rb
example-vpc.rb
 
 
example.rb
example.rb
 
 
grouper.gemspec
grouper.gemspec
 
 

Repository files navigation

#Simple AWS Security Group Management

Grouper makes it easy to manage AWS Security Groups programatically,

It aims to be simple and to overcome some of the limitations and pain of managing security groups via the AWS management console.

  • It makes it easy to understand what a rule or group of rules does
  • It makes easy to reuse rules across security rules
  • It makes applying a set of rules to a new security group much faster

##Installation

gem install 'grouper'

You will need a yml file containing your AWS credentials in the form

access_key_id: ACCESS_KEY_ID
secret_access_key: SECRET_ACCESS_KEY_ID

Examples

You want your new intranet server hosted on EC2 to be monitored by worm.ly, connect to github and receive ubuntu updates....

See example.rb and example-vpc.rb

#example.rb
require 'aws-sdk'
require 'grouper'
include Grouper 

AWS.config(YAML.load(File.read('path/to/credentials/aws.yml'))) #your AWS credentials

wormly_ips = ['178.79.181.14/32', '103.1.185.241/32', '184.72.226.23/32', '66.246.75.38/32', '74.82.3.54/32', '74.207.230.51/32', '69.164.195.159/32', '184.73.218.144/32']

github_ips = ['207.97.227.224/27', '173.203.140.192/27', '204.232.175.64/27', '72.4.117.96/27']

wormly = [Rule.new(:tcp, 443, wormly_ips, :in)]

github = [ Rule.new(:tcp, 22, github_ips, :in),
           Rule.new(:tcp, 80, github_ips, :in),
           Rule.new(:tcp, 443, github_ips, :in)]
           

ec2 = AWS::EC2.new(:ec2_endpoint => "ec2.eu-west-1.amazonaws.com")
intranet_server = find_or_create(ec2, 'intranet_server')
rules = wormly + github
apply_rules(intranet_server, rules)

Now simply add the "intranet_server" security group to your EC2 instance(s)

Port range for echo requests

When defining rules for echo requests the value for :ports should be in the format 0..-1 where 0 is the ICMP code type.

E.g.

  #Allow echo requests from Wormly
  Rule.new(:icmp, 8..-1, wormly_ips, :in)

Creating Security Groups in a VPC

Pass the VPC where you want to create / modify a security group in to te find_or_create method instead on an ec2 instance

E.g.

  ec2 = AWS::EC2.new(:ec2_endpoint => "ec2.eu-west-1.amazonaws.com")
  vpc = ec2.vpcs.first
  intranet_server = find_or_create(vpc, 'intranet_server')

Updating rules

Make changes to your grouper script and rerun it - rules that are no longer defined in the rules array passed to apply_rules() will be be removed.

License

Grouper is released under the MIT license:

About

Super Easy AWS Security Group Management

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • Ruby 100.0%