salt.states.boto_secgroup

Manage Security Groups

New in version 2014.7.0.

Create and destroy Security Groups. Be aware that this interacts with Amazon's services, and so may incur charges.

This module uses boto, which can be installed via package, or pip.

This module accepts explicit EC2 credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More information available here.

If IAM roles are not used you need to specify them either in a pillar file or in the minion's config file:

secgroup.keyid: GKTADJGHEIQSXMKKRBJ08H
secgroup.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

It's also possible to specify key, keyid and region via a profile, either passed in as a dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1

Ensure mysecgroup exists:
    boto_secgroup.present:
        - name: mysecgroup
        - description: My security group
        - vpc_name: myvpc
        - rules:
            - ip_protocol: tcp
              from_port: 80
              to_port: 80
              cidr_ip:
                - 10.0.0.0/8
                - 192.168.0.0/16
            - ip_protocol: tcp
              from_port: 8080
              to_port: 8090
              cidr_ip:
                - 10.0.0.0/8
                - 192.168.0.0/16
            - ip_protocol: icmp
              from_port: -1
              to_port: -1
              source_group_name: mysecgroup
            - ip_protocol: tcp
              from_port: 8080
              to_port: 8080
              source_group_name: MyOtherSecGroup
              source_group_name_vpc: MyPeeredVPC
        - rules_egress:
            - ip_protocol: all
              from_port: -1
              to_port: -1
              cidr_ip:
                - 10.0.0.0/8
                - 192.168.0.0/16
        - tags:
            SomeTag: 'My Tag Value'
            SomeOtherTag: 'Other Tag Value'
        - region: us-east-1
        - keyid: GKTADJGHEIQSXMKKRBJ08H
        - key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

# Using a profile from pillars
Ensure mysecgroup exists:
    boto_secgroup.present:
        - name: mysecgroup
        - description: My security group
        - profile: myprofile

# Passing in a profile
Ensure mysecgroup exists:
    boto_secgroup.present:
        - name: mysecgroup
        - description: My security group
        - profile:
            keyid: GKTADJGHEIQSXMKKRBJ08H
            key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
            region: us-east-1

Note

When using the profile parameter and region is set outside of the profile group, region is ignored and a default region will be used.

If region is missing from the profile data set, us-east-1 will be used as the default region.

salt.states.boto_secgroup.absent(name, vpc_id=None, vpc_name=None, region=None, key=None, keyid=None, profile=None)

Ensure a security group with the specified name does not exist.

name

Name of the security group.

vpc_id

The ID of the VPC to remove the security group from, if any. Exclusive with vpc_name.

vpc_name

The name of the VPC to remove the security group from, if any. Exclusive with vpc_name.

New in version 2016.3.0.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key and keyid.

New in version 2016.3.0.

salt.states.boto_secgroup.present(name, description, vpc_id=None, vpc_name=None, rules=None, rules_egress=None, delete_ingress_rules=True, delete_egress_rules=True, region=None, key=None, keyid=None, profile=None, tags=None)

Ensure the security group exists with the specified rules.

name

Name of the security group.

description

A description of this security group.

vpc_id

The ID of the VPC to create the security group in, if any. Exclusive with vpc_name.

vpc_name

The name of the VPC to create the security group in, if any. Exclusive with vpc_id.

New in version 2016.3.0.

New in version 2015.8.2.

rules

A list of ingress rule dicts. If not specified, rules=None, the ingress rules will be unmanaged. If set to an empty list, [], then all ingress rules will be removed.

rules_egress

A list of egress rule dicts. If not specified, rules_egress=None, the egress rules will be unmanaged. If set to an empty list, [], then all egress rules will be removed.

delete_ingress_rules

Some tools (EMR comes to mind) insist on adding rules on-the-fly, which salt will happily remove on the next run. Set this param to False to avoid deleting rules which were added outside of salt.

delete_egress_rules

Some tools (EMR comes to mind) insist on adding rules on-the-fly, which salt will happily remove on the next run. Set this param to False to avoid deleting rules which were added outside of salt.

region

Region to connect to.

key

Secret key to be used.

keyid

Access key to be used.

profile

A dict with region, key and keyid, or a pillar key (string) that contains a dict with region, key, and keyid.

tags

List of key:value pairs of tags to set on the security group

New in version 2016.3.0.

Generated on October 23, 2024 at 09:02:06 UTC.

You are viewing docs for the latest stable release, 3007.1. Switch to docs for the previous stable release, 3006.9, or to a recent doc build from the master branch.


saltproject.io

© 2024 VMware, Inc. | Privacy Policy