security_group#

State module for managing EC2 Security Groups.

hub.exec.boto3.client.ec2.create_security_group hub.exec.boto3.client.ec2.delete_security_group hub.exec.boto3.client.ec2.describe_security_groups hub.tool.boto3.resource.exec(resource, authorize_egress, *args, **kwargs) hub.tool.boto3.resource.exec(resource, authorize_ingress, *args, **kwargs) hub.tool.boto3.resource.exec(resource, create_tags, *args, **kwargs) hub.tool.boto3.resource.exec(resource, delete, *args, **kwargs) hub.tool.boto3.resource.exec(resource, revoke_egress, *args, **kwargs) hub.tool.boto3.resource.exec(resource, revoke_ingress, *args, **kwargs)

async idem_aws.states.aws.ec2.security_group.present(hub, ctx, name: str, description: str, vpc_id: str, resource_id: str = None, tags: Dict[str, Any] = None) Dict[str, Any][source]#

Creates a security group.

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide. When you create a security group, you specify a friendly name of your choice. You can have a security group for use in EC2-Classic with the same name as a security group for use in a VPC. However, you can’t have two security groups for use in EC2-Classic with the same name or two security groups for use in a VPC with the same name. You have a default security group for use in EC2-Classic and a default security group for use in your VPC. If you don’t specify a security group when you launch an instance, the instance is launched into the appropriate default security group. A default security group includes a default rule that grants instances unrestricted network access to each other. You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress, AuthorizeSecurityGroupEgress, RevokeSecurityGroupIngress, and RevokeSecurityGroupEgress. For more information about VPC security group limits, see Amazon VPC Limits.

Parameters:

  • name (str) – The security group name as set on AWS.

  • description (str) – Description of the security group.

  • vpc_id (str) – Id of the VPC security group should be attached to.

  • resource_id (str, Optional) – AWS Security Group ID.

  • tags (Dict or List, Optional) –

    Dict in the format of {tag-key: tag-value} or List of tags in the format of [{"Key": tag-key, "Value": tag-value}] to associate with the security group. Each tag consists of a key name and an associated value. Defaults to None.

    • (Key, Optional):

      The key of the tag. Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

    • (Value, Optional):

      The value of the tag. Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

Request Syntax:
[security_group_id]:
  aws.ec2.security_group.present:
    - resource_id: 'string'
    - name: 'string'
    - vpc_id: 'string'
    - tags:
          - Key: 'string'
            Value: 'string'
Returns:

Dict[str, Any]

Examples

isolation-securitygroup-84c9a893-844b-40ab-86e8-b565dea88b5d:
  aws.ec2.security_group.present:
    - resource_id: sg-0008bd25b7867b5cf
    - name: isolation-securitygroup-84c9a893-844b-40ab-86e8-b565dea88b5d
    - vpc_id: vpc-247e9a5d
    - description: sg-description
    - tags:
        - Key: Name
          Value: sg-name
        - Key: sg-tag-key-2
          Value: sg-tag-value-2
async idem_aws.states.aws.ec2.security_group.absent(hub, ctx, name: str, resource_id: str = None) Dict[str, Any][source]#

Deletes a security group.

If you attempt to delete a security group that is associated with an instance, or is referenced by another security group, the operation fails with InvalidGroup.InUse in EC2-Classic or DependencyViolation in EC2-VPC.

Parameters:

  • name (str) – An Idem name to identify the security group resource.

  • resource_id (str, Optional) – AWS Security Group ID. Idem automatically considers this resource being absent if this field is not specified.

Request Syntax:
[security_group-resource-id]:
  aws.ec2.security_group.absent:
    - name: "string"
    - resource_id: "string"
Returns:

Dict[str, Any]

Examples

sg-0008bd25b7867b5cf:
  aws.ec2.security_group.absent:
    - name: isolation-securitygroup-84c9a893-844b-40ab-86e8-b565dea88b5d
    - resource_id: id: sg-0008bd25b7867b5cf
async idem_aws.states.aws.ec2.security_group.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function

Describes the specified security groups or all of your security groups. A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see Amazon EC2 security groups in the Amazon Elastic Compute Cloud User Guide and Security groups for your VPC in the Amazon Virtual Private Cloud User Guide.

Returns:

Dict[str, Any]

Examples

$ idem describe aws.ec2.security_group