Working with Security Groups in Amazon EC2 - AWS SDK for JavaScript
The ScenarioPrerequisite TasksDescribing Your Security GroupsCreating a Security Group and RulesDeleting a Security Group

We announced the upcoming end-of-support for AWS SDK for JavaScript v2. We recommend that you migrate to AWS SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Working with Security Groups in Amazon EC2

JavaScript code example that applies to Node.js execution

This Node.js code example shows:

  • How to retrieve information about your security groups.

  • How to create a security group to access an Amazon EC2 instance.

  • How to delete an existing security group.

The Scenario

An Amazon EC2 security group acts as a virtual firewall that controls the traffic for one or more instances. You add rules to each security group to allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.

In this example, you use a series of Node.js modules to perform several Amazon EC2 operations involving security groups. The Node.js modules use the SDK for JavaScript to manage instances by using the following methods of the Amazon EC2 client class:

For more information about the Amazon EC2 security groups, see Amazon EC2 Amazon Security Groups for Linux Instances in the Amazon EC2 User Guide for Linux Instances or Amazon EC2 Security Groups for Windows Instances in the Amazon EC2 User Guide for Windows Instances.

Prerequisite Tasks

To set up and run this example, first complete these tasks:

Describing Your Security Groups

Create a Node.js module with the file name ec2_describesecuritygroups.js. Be sure to configure the SDK as previously shown. To access Amazon EC2, create an AWS.EC2 service object. Create a JSON object to pass as parameters, including the group IDs for the security groups you want to describe. Then call the describeSecurityGroups method of the Amazon EC2 service object.

// Load the AWS SDK for Node.js
var AWS = require("aws-sdk");
// Set the region
AWS.config.update({ region: "REGION" });

// Create EC2 service object
var ec2 = new AWS.EC2({ apiVersion: "2016-11-15" });

var params = {
  GroupIds: ["SECURITY_GROUP_ID"],
};

// Retrieve security group descriptions
ec2.describeSecurityGroups(params, function (err, data) {
  if (err) {
    console.log("Error", err);
  } else {
    console.log("Success", JSON.stringify(data.SecurityGroups));
  }
});

To run the example, type the following at the command line.

node ec2_describesecuritygroups.js

This sample code can be found here on GitHub.

Creating a Security Group and Rules

Create a Node.js module with the file name ec2_createsecuritygroup.js. Be sure to configure the SDK as previously shown. To access Amazon EC2, create an AWS.EC2 service object. Create a JSON object for the parameters that specify the name of the security group, a description, and the ID for the VPC. Pass the parameters to the createSecurityGroup method.

After you successfully create the security group, you can define rules for allowing inbound traffic. Create a JSON object for parameters that specify the IP protocol and inbound ports on which the Amazon EC2 instance will receive traffic. Pass the parameters to the authorizeSecurityGroupIngress method.

// Load the AWS SDK for Node.js
var AWS = require("aws-sdk");
// Load credentials and set region from JSON file
AWS.config.update({ region: "REGION" });

// Create EC2 service object
var ec2 = new AWS.EC2({ apiVersion: "2016-11-15" });

// Variable to hold a ID of a VPC
var vpc = null;

// Retrieve the ID of a VPC
ec2.describeVpcs(function (err, data) {
  if (err) {
    console.log("Cannot retrieve a VPC", err);
  } else {
    vpc = data.Vpcs[0].VpcId;
    var paramsSecurityGroup = {
      Description: "DESCRIPTION",
      GroupName: "SECURITY_GROUP_NAME",
      VpcId: vpc,
    };
    // Create the instance
    ec2.createSecurityGroup(paramsSecurityGroup, function (err, data) {
      if (err) {
        console.log("Error", err);
      } else {
        var SecurityGroupId = data.GroupId;
        console.log("Success", SecurityGroupId);
        var paramsIngress = {
          GroupId: "SECURITY_GROUP_ID",
          IpPermissions: [
            {
              IpProtocol: "tcp",
              FromPort: 80,
              ToPort: 80,
              IpRanges: [{ CidrIp: "0.0.0.0/0" }],
            },
            {
              IpProtocol: "tcp",
              FromPort: 22,
              ToPort: 22,
              IpRanges: [{ CidrIp: "0.0.0.0/0" }],
            },
          ],
        };
        ec2.authorizeSecurityGroupIngress(paramsIngress, function (err, data) {
          if (err) {
            console.log("Error", err);
          } else {
            console.log("Ingress Successfully Set", data);
          }
        });
      }
    });
  }
});

To run the example, type the following at the command line.

node ec2_createsecuritygroup.js

This sample code can be found here on GitHub.

Deleting a Security Group

Create a Node.js module with the file name ec2_deletesecuritygroup.js. Be sure to configure the SDK as previously shown. To access Amazon EC2, create an AWS.EC2 service object. Create the JSON parameters to specify the name of the security group to delete. Then call the deleteSecurityGroup method.

// Load the AWS SDK for Node.js
var AWS = require("aws-sdk");
// Set the region
AWS.config.update({ region: "REGION" });

// Create EC2 service object
var ec2 = new AWS.EC2({ apiVersion: "2016-11-15" });

var params = {
  GroupId: "SECURITY_GROUP_ID",
};

// Delete the security group
ec2.deleteSecurityGroup(params, function (err, data) {
  if (err) {
    console.log("Error", err);
  } else {
    console.log("Security Group Deleted");
  }
});

To run the example, type the following at the command line.

node ec2_deletesecuritygroup.js

This sample code can be found here on GitHub.