Menu
AWS SDK for JavaScript
Developer Guide for SDK v2.154.0

Working with Security Groups in Amazon EC2

JavaScript code example that applies to Node.js execution

This Node.js code example shows:

  • How to retrieve information about your security groups.

  • How to create a security group to access an Amazon EC2 instance.

  • How to delete an existing security group.

The Scenario

An Amazon EC2 security group acts as a virtual firewall that controls the traffic for one or more instances. You add rules to each security group to allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.

In this example, you use a series of Node.js modules to perform several Amazon EC2 operations involving security groups. The Node.js modules use the SDK for JavaScript to manage instances by using the following methods of the Amazon EC2 client class:

For more information about the Amazon EC2 security groups, see Amazon EC2 Amazon Security Groups for Linux Instances in the Amazon EC2 User Guide for Linux Instances or Amazon EC2 Security Groups for Windows Instances in the Amazon EC2 User Guide for Windows Instances.

Prerequisite Tasks

To set up and run this example, first complete these tasks:

Configuring the SDK

Configure the SDK for JavaScript by creating a global configuration object then setting the region for your code. In this example, the region is set to us-west-2.

Copy
// Load the SDK for JavaScript var AWS = require('aws-sdk'); // Set the region AWS.config.update({region: 'us-west-2'});

Describing Your Security Groups

Create a Node.js module with the file name ec2_describesecuritygroups.js. Be sure to configure the SDK as previously shown. To access Amazon EC2, create an AWS.EC2 service object. Create a JSON object to pass as parameters, including the group IDs for the security groups you want to describe. Then call the describeSecurityGroups method of the Amazon EC2 service object.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Set the region AWS.config.update({region: 'REGION'}); // Create EC2 service object var ec2 = new AWS.EC2({apiVersion: '2016-11-15'}); var params = { GroupIds: ['SECURITY_GROUP_ID'] }; // Retrieve security group descriptions ec2.describeSecurityGroups(params, function(err, data) { if (err) { console.log("Error", err); } else { console.log("Success", JSON.stringify(data.SecurityGroups)); } });

To run the example, type the following at the command line.

Copy
node ec2_describesecuritygroups.js

This sample code can be found here on GitHub.

Creating a Security Group and Rules

Create a Node.js module with the file name ec2_createsecuritygroup.js. Be sure to configure the SDK as previously shown. To access Amazon EC2, create an AWS.EC2 service object. Create a JSON object for the parameters that specify the name of the security group, a description, and the ID for the VPC. Pass the parameters to the createSecurityGroup method.

After you successfully create the security group, you can define rules for allowing inbound traffic. Create a JSON object for parameters that specify the IP protocol and inbound ports on which the Amazon EC2 instance will receive traffic. Pass the parameters to the authorizeSecurityGroupIngress method.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Set the region AWS.config.update({region: 'REGION'}); // Create EC2 service object var ec2 = new AWS.EC2({apiVersion: '2016-11-15'}); // Variable to hold the ID of a VPC var vpc = null; // Retrieve the ID of a VPC ec2.describeVpcs(function(err, data) { if (err) { console.log("Cannot retrieve a VPC", err); } else { vpc = data.Vpcs[0].VpcId; } }); // Create JSON object parameters for creating the security group var paramsSecurityGroup = { Description: 'DESCRIPTION', GroupName: 'SECURITY_GROUP_NAME', VpcId: vpc }; // Create the security group ec2.createSecurityGroup(paramsSecurityGroup, function(err, data) { if (err) { console.log("Error Creating Security Group", err); } else { var SecurityGroupId = data.GroupId; console.log("Security Group Created", SecurityGroupId); var paramsIngress = { GroupName: 'SECURITY_GROUP_NAME', IpPermissions:[ { IpProtocol: "tcp", FromPort: 80, ToPort: 80, IpRanges: [{"CidrIp":"0.0.0.0/0"}]}, { IpProtocol: "tcp", FromPort: 22, ToPort: 22, IpRanges: [{"CidrIp":"0.0.0.0/0"}]} ] }; ec2.authorizeSecurityGroupIngress(paramsIngress, function(err, data) { if (err) { console.log("Error", err); } else { console.log("Ingress Successfully Set", data); } }); } });

To run the example, type the following at the command line.

Copy
node ec2_createsecuritygroup.js

This sample code can be found here on GitHub.

Deleting a Security Group

Create a Node.js module with the file name ec2_deletesecuritygroup.js. Be sure to configure the SDK as previously shown. To access Amazon EC2, create an AWS.EC2 service object. Create the JSON parameters to specify the name of the security group to delete. Then call the deleteSecurityGroup method.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Set the region AWS.config.update({region: 'REGION'}); // Create EC2 service object var ec2 = new AWS.EC2({apiVersion: '2016-11-15'}); var params = { GroupId: 'SECURITY_GROUP_ID' }; // Delete the security group ec2.deleteSecurityGroup(params, function(err, data) { if (err) { console.log("Error", err); } else { console.log("Security Group Deleted"); } });

To run the example, type the following at the command line.

Copy
node ec2_deletesecuritygroup.js

This sample code can be found here on GitHub.