Creating an Amazon EC2 Security Group
The following code example creates an Amazon EC2 security group and then adds an outbound rule to that security group.
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX - License - Identifier: Apache - 2.0 require 'aws-sdk-ec2' # Creates an Amazon Elastic Compute Cloud (Amazon EC2) security group and # then adds an outbound rule to that security group. # # Prerequisites: # # - A VPC in Amazon Virtual Private Cloud (Amazon VPC). # # @param ec2_resource [Aws::EC2::Resource] An initialized # Amazon EC2 resource object. # @param group_name [String] A name for the security group. # @param description [String] A description for the security group. # @param vpc_id [String] The ID of the VPC for the security group. # @param protocol [String] The network protocol for the outbound rule. # @param from_port [String] The originating port for the outbound rule. # @param to_port [String] The destination port for the outbound rule. # @param cidr_ip_range [String] The CIDR IP range for the outbound rule. # @return [Boolean] true if the security group was created and the outbound # rule was added; otherwise, false. # @example # exit 1 unless security_group_created_with_egress?( # Aws::EC2::Resource.new(region: 'us-east-1'), # 'my-security-group', # 'This is my security group.', # 'vpc-6713dfEX', # 'tcp', # '22', # '22', # '0.0.0.0/0' # ) def security_group_created_with_egress?( ec2_resource, group_name, description, vpc_id, ip_protocol, from_port, to_port, cidr_ip_range ) security_group = ec2_resource.create_security_group( group_name: group_name, description: description, vpc_id: vpc_id ) puts "Created security group '#{group_name}' with ID " \ "'#{security_group.id}' in VPC with ID '#{vpc_id}'." security_group.authorize_egress( ip_permissions: [ { ip_protocol: ip_protocol, from_port: from_port, to_port: to_port, ip_ranges: [ { cidr_ip: cidr_ip_range } ] } ] ) puts "Granted egress to security group '#{group_name}' for protocol " \ "'#{ip_protocol}' from port '#{from_port}' to port '#{to_port}' " \ "with CIDR IP range '#{cidr_ip_range}'." return true rescue StandardError => e puts "Error creating security group or granting egress: #{e.message}" return false end # Full example call: def run_me group_name = '' description = '' vpc_id = '' ip_protocol = '' from_port = '' to_port = '' cidr_ip_range = '' region = '' # Print usage information and then stop. if ARGV[0] == '--help' || ARGV[0] == '-h' puts 'Usage: ruby ec2-ruby-example-create-security-group.rb ' \ 'GROUP_NAME DESCRIPTION VPC_ID IP_PROTOCOL FROM_PORT TO_PORT ' \ 'CIDR_IP_RANGE REGION' puts 'Example: ruby ec2-ruby-example-create-security-group.rb ' \ 'my-security-group \'This is my security group.\' vpc-6713dfEX ' \ 'tcp 22 22 \'0.0.0.0/0\' us-east-1' exit 1 # If no values are specified at the command prompt, use these default values. elsif ARGV.count.zero? group_name = 'my-security-group' description = 'This is my security group.' vpc_id = 'vpc-6713dfEX' ip_protocol = 'tcp' from_port = '22' to_port = '22' cidr_ip_range = '0.0.0.0/0' region = 'us-east-1' # Otherwise, use the values as specified at the command prompt. else group_name = ARGV[0] description = ARGV[1] vpc_id = ARGV[2] ip_protocol = ARGV[3] from_port = ARGV[4] to_port = ARGV[5] cidr_ip_range = ARGV[6] region = ARGV[7] end ec2_resource = Aws::EC2::Resource.new(region: region) if security_group_created_with_egress?( ec2_resource, group_name, description, vpc_id, ip_protocol, from_port, to_port, cidr_ip_range ) puts 'Security group created and egress granted.' else puts 'Security group not created or egress not granted.' end end run_me if $PROGRAM_NAME == __FILE__
