You are viewing documentation for version 3 of the AWS SDK for Ruby. Version 2 documentation can be found here.

Class: Aws::EC2::SecurityGroup

Inherits:
Object
  • Object
show all
Defined in:
gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb

Defined Under Namespace

Classes: Collection

Actions collapse

Read-Only Attributes collapse

Instance Method Summary collapse

Constructor Details

#initialize(id, options = {}) ⇒ SecurityGroup #initialize(options = {}) ⇒ SecurityGroup

Returns a new instance of SecurityGroup

Overloads:

  • #initialize(id, options = {}) ⇒ SecurityGroup

    Parameters:

    • id (String)

    Options Hash (options):

  • #initialize(options = {}) ⇒ SecurityGroup

    Options Hash (options):

    • :id (required, String)
    • :client (Client)


19
20
21
22
23
24
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 19

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @id = extract_id(args, options)
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
end

Instance Method Details

#authorize_egress(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


security_group.authorize_egress({
  dry_run: false,
  ip_permissions: [
    {
      from_port: 1,
      ip_protocol: "String",
      ip_ranges: [
        {
          cidr_ip: "String",
          description: "String",
        },
      ],
      ipv_6_ranges: [
        {
          cidr_ipv_6: "String",
          description: "String",
        },
      ],
      prefix_list_ids: [
        {
          description: "String",
          prefix_list_id: "String",
        },
      ],
      to_port: 1,
      user_id_group_pairs: [
        {
          description: "String",
          group_id: "String",
          group_name: "String",
          peering_status: "String",
          user_id: "String",
          vpc_id: "String",
          vpc_peering_connection_id: "String",
        },
      ],
    },
  ],
  cidr_ip: "String",
  from_port: 1,
  ip_protocol: "String",
  to_port: 1,
  source_security_group_name: "String",
  source_security_group_owner_id: "String",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :dry_run (Boolean)

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

  • :ip_permissions (Array<Types::IpPermission>)

    One or more sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions.

  • :cidr_ip (String)

    Not supported. Use a set of IP permissions to specify the CIDR.

  • :from_port (Integer)

    Not supported. Use a set of IP permissions to specify the port.

  • :ip_protocol (String)

    Not supported. Use a set of IP permissions to specify the protocol name or number.

  • :to_port (Integer)

    Not supported. Use a set of IP permissions to specify the port.

  • :source_security_group_name (String)

    Not supported. Use a set of IP permissions to specify a destination security group.

  • :source_security_group_owner_id (String)

    Not supported. Use a set of IP permissions to specify a destination security group.

Returns:

  • (EmptyStructure)


282
283
284
285
286
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 282

def authorize_egress(options = {})
  options = options.merge(group_id: @id)
  resp = @client.authorize_security_group_egress(options)
  resp.data
end

#authorize_ingress(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


security_group.authorize_ingress({
  cidr_ip: "String",
  from_port: 1,
  group_name: "String",
  ip_permissions: [
    {
      from_port: 1,
      ip_protocol: "String",
      ip_ranges: [
        {
          cidr_ip: "String",
          description: "String",
        },
      ],
      ipv_6_ranges: [
        {
          cidr_ipv_6: "String",
          description: "String",
        },
      ],
      prefix_list_ids: [
        {
          description: "String",
          prefix_list_id: "String",
        },
      ],
      to_port: 1,
      user_id_group_pairs: [
        {
          description: "String",
          group_id: "String",
          group_name: "String",
          peering_status: "String",
          user_id: "String",
          vpc_id: "String",
          vpc_peering_connection_id: "String",
        },
      ],
    },
  ],
  ip_protocol: "String",
  source_security_group_name: "String",
  source_security_group_owner_id: "String",
  to_port: 1,
  dry_run: false,
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :cidr_ip (String)

    The CIDR IPv4 address range. You can't specify this parameter when specifying a source security group.

  • :from_port (Integer)

    The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. For the ICMP/ICMPv6 type number, use -1 to specify all types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

  • :group_name (String)

    [EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.

  • :ip_permissions (Array<Types::IpPermission>)

    One or more sets of IP permissions. Can be used to specify multiple rules in a single command.

  • :ip_protocol (String)

    The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). (VPC only) Use -1 to specify all protocols. If you specify -1, or a protocol number other than tcp, udp, icmp, or 58 (ICMPv6), traffic on all ports is allowed, regardless of any ports you specify. For tcp, udp, and icmp, you must specify a port range. For protocol 58 (ICMPv6), you can optionally specify a port range; if you don't, traffic for all types and codes is allowed.

  • :source_security_group_name (String)

    [EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.

  • :source_security_group_owner_id (String)

    [EC2-Classic] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.

  • :to_port (Integer)

    The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code number. For the ICMP/ICMPv6 code number, use -1 to specify all codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

  • :dry_run (Boolean)

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns:

  • (EmptyStructure)


391
392
393
394
395
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 391

def authorize_ingress(options = {})
  options = options.merge(group_id: @id)
  resp = @client.authorize_security_group_ingress(options)
  resp.data
end

#clientClient

Returns:



80
81
82
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 80

def client
  @client
end

#create_tags(options = {}) ⇒ Tag::Collection

Examples:

Request syntax with placeholder values


tag = security_group.create_tags({
  dry_run: false,
  tags: [ # required
    {
      key: "String",
      value: "String",
    },
  ],
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :dry_run (Boolean)

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

  • :tags (required, Array<Types::Tag>)

    One or more tags. The value parameter is required, but if you don't want the tag to have a value, specify the parameter with no value, and we set the value to an empty string.

Returns:



419
420
421
422
423
424
425
426
427
428
429
430
431
432
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 419

def create_tags(options = {})
  batch = []
  options = Aws::Util.deep_merge(options, resources: [@id])
  resp = @client.create_tags(options)
  options[:tags].each do |t|
    batch << Tag.new(
      resource_id: @id,
      key: t[:key],
      value: t[:value],
      client: @client
    )
  end
  Tag::Collection.new([batch], size: batch.size)
end

#dataTypes::SecurityGroup

Returns the data for this Aws::EC2::SecurityGroup. Calls Client#describe_security_groups if #data_loaded? is false.

Returns:



100
101
102
103
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 100

def data
  load unless @data
  @data
end

#data_loaded?Boolean

Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

  • (Boolean)

    Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.



108
109
110
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 108

def data_loaded?
  !!@data
end

#delete(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


security_group.delete({
  group_name: "String",
  dry_run: false,
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :group_name (String)

    [EC2-Classic, default VPC] The name of the security group. You can specify either the security group name or the security group ID.

  • :dry_run (Boolean)

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns:

  • (EmptyStructure)


450
451
452
453
454
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 450

def delete(options = {})
  options = options.merge(group_id: @id)
  resp = @client.delete_security_group(options)
  resp.data
end

#descriptionString

A description of the security group.

Returns:

  • (String)


36
37
38
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 36

def description
  data[:description]
end

#group_nameString

The name of the security group.

Returns:

  • (String)


42
43
44
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 42

def group_name
  data[:group_name]
end

#idString Also known as: group_id

Returns:

  • (String)


29
30
31
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 29

def id
  @id
end

#ip_permissionsArray<Types::IpPermission>

One or more inbound rules associated with the security group.

Returns:



48
49
50
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 48

def ip_permissions
  data[:ip_permissions]
end

#ip_permissions_egressArray<Types::IpPermission>

[EC2-VPC] One or more outbound rules associated with the security group.

Returns:



61
62
63
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 61

def ip_permissions_egress
  data[:ip_permissions_egress]
end

#loadself Also known as: reload

Loads, or reloads #data for the current Aws::EC2::SecurityGroup. Returns self making it possible to chain methods.

security_group.reload.data

Returns:

  • (self)


90
91
92
93
94
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 90

def load
  resp = @client.describe_security_groups(group_ids: [@id])
  @data = resp.security_groups[0]
  self
end

#owner_idString

The AWS account ID of the owner of the security group.

Returns:

  • (String)


54
55
56
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 54

def owner_id
  data[:owner_id]
end

#revoke_egress(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


security_group.revoke_egress({
  dry_run: false,
  ip_permissions: [
    {
      from_port: 1,
      ip_protocol: "String",
      ip_ranges: [
        {
          cidr_ip: "String",
          description: "String",
        },
      ],
      ipv_6_ranges: [
        {
          cidr_ipv_6: "String",
          description: "String",
        },
      ],
      prefix_list_ids: [
        {
          description: "String",
          prefix_list_id: "String",
        },
      ],
      to_port: 1,
      user_id_group_pairs: [
        {
          description: "String",
          group_id: "String",
          group_name: "String",
          peering_status: "String",
          user_id: "String",
          vpc_id: "String",
          vpc_peering_connection_id: "String",
        },
      ],
    },
  ],
  cidr_ip: "String",
  from_port: 1,
  ip_protocol: "String",
  to_port: 1,
  source_security_group_name: "String",
  source_security_group_owner_id: "String",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :dry_run (Boolean)

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

  • :ip_permissions (Array<Types::IpPermission>)

    One or more sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions.

  • :cidr_ip (String)

    Not supported. Use a set of IP permissions to specify the CIDR.

  • :from_port (Integer)

    Not supported. Use a set of IP permissions to specify the port.

  • :ip_protocol (String)

    Not supported. Use a set of IP permissions to specify the protocol name or number.

  • :to_port (Integer)

    Not supported. Use a set of IP permissions to specify the port.

  • :source_security_group_name (String)

    Not supported. Use a set of IP permissions to specify a destination security group.

  • :source_security_group_owner_id (String)

    Not supported. Use a set of IP permissions to specify a destination security group.

Returns:

  • (EmptyStructure)


529
530
531
532
533
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 529

def revoke_egress(options = {})
  options = options.merge(group_id: @id)
  resp = @client.revoke_security_group_egress(options)
  resp.data
end

#revoke_ingress(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


security_group.revoke_ingress({
  cidr_ip: "String",
  from_port: 1,
  group_name: "String",
  ip_permissions: [
    {
      from_port: 1,
      ip_protocol: "String",
      ip_ranges: [
        {
          cidr_ip: "String",
          description: "String",
        },
      ],
      ipv_6_ranges: [
        {
          cidr_ipv_6: "String",
          description: "String",
        },
      ],
      prefix_list_ids: [
        {
          description: "String",
          prefix_list_id: "String",
        },
      ],
      to_port: 1,
      user_id_group_pairs: [
        {
          description: "String",
          group_id: "String",
          group_name: "String",
          peering_status: "String",
          user_id: "String",
          vpc_id: "String",
          vpc_peering_connection_id: "String",
        },
      ],
    },
  ],
  ip_protocol: "String",
  source_security_group_name: "String",
  source_security_group_owner_id: "String",
  to_port: 1,
  dry_run: false,
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :cidr_ip (String)

    The CIDR IP address range. You can't specify this parameter when specifying a source security group.

  • :from_port (Integer)

    The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all ICMP types.

  • :group_name (String)

    [EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.

  • :ip_permissions (Array<Types::IpPermission>)

    One or more sets of IP permissions. You can't specify a source security group and a CIDR IP address range in the same set of permissions.

  • :ip_protocol (String)

    The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). Use -1 to specify all.

  • :source_security_group_name (String)

    [EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. For EC2-VPC, the source security group must be in the same VPC. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.

  • :source_security_group_owner_id (String)

    [EC2-Classic] The AWS account ID of the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.

  • :to_port (Integer)

    The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all ICMP codes for the ICMP type.

  • :dry_run (Boolean)

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Returns:

  • (EmptyStructure)


630
631
632
633
634
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 630

def revoke_ingress(options = {})
  options = options.merge(group_id: @id)
  resp = @client.revoke_security_group_ingress(options)
  resp.data
end

#tagsArray<Types::Tag>

Any tags assigned to the security group.

Returns:



67
68
69
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 67

def tags
  data[:tags]
end

#vpc_idString

[EC2-VPC] The ID of the VPC for the security group.

Returns:

  • (String)


73
74
75
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 73

def vpc_id
  data[:vpc_id]
end

#wait_until(options = {}, &block) ⇒ Resource

Deprecated.

Use [Aws::EC2::Client] #wait_until instead

Note:

The waiting operation is performed on a copy. The original resource remains unchanged

Waiter polls an API operation until a resource enters a desired state.

Basic Usage

Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop until condition is true
resource.wait_until(options) {|resource| condition}

Example

instance.wait_until(max_attempts:10, delay:5) {|instance| instance.state.name == 'running' }

Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:

# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}

Callbacks

You can be notified before each polling attempt and before each delay. If you throw :success or :failure from these callbacks, it will terminate the waiter.

started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
  throw :failure if Time.now - started_at > 3600
end

  # disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}

Handling Errors

When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.

begin
  resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

attempts attempt in seconds invoked before each attempt invoked before each wait

Parameters:

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :max_attempts (Integer) — default: 10

    Maximum number of

  • :delay (Integer) — default: 10

    Delay between each

  • :before_attempt (Proc) — default: nil

    Callback

  • :before_wait (Proc) — default: nil

    Callback

Returns:

  • (Resource)

    if the waiter was successful

Raises:

  • (Aws::Waiters::Errors::FailureStateError)

    Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

    yet successful.

  • (Aws::Waiters::Errors::UnexpectedError)

    Raised when an error is encountered while polling for a resource that is not expected.

  • (NotImplementedError)

    Raised when the resource does not



190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
# File 'gems/aws-sdk-ec2/lib/aws-sdk-ec2/security_group.rb', line 190

def wait_until(options = {}, &block)
  self_copy = self.dup
  attempts = 0
  options[:max_attempts] = 10 unless options.key?(:max_attempts)
  options[:delay] ||= 10
  options[:poller] = Proc.new do
    attempts += 1
    if block.call(self_copy)
      [:success, self_copy]
    else
      self_copy.reload unless attempts == options[:max_attempts]
      :retry
    end
  end
  Aws::Waiters::Waiter.new(options).wait({})
end