| OLD | NEW |
|---|
| (Empty) | |
| 1 .. _security_groups: |
| 2 |
| 3 =================== |
| 4 EC2 Security Groups |
| 5 =================== |
| 6 |
| 7 Amazon defines a security group as: |
| 8 |
| 9 "A security group is a named collection of access rules. These access rules |
| 10 specify which ingress, i.e. incoming, network traffic should be delivered |
| 11 to your instance." |
| 12 |
| 13 To get a listing of all currently defined security groups:: |
| 14 |
| 15 >>> rs = conn.get_all_security_groups() |
| 16 >>> print rs |
| 17 [SecurityGroup:appserver, SecurityGroup:default, SecurityGroup:vnc, Security
Group:webserver] |
| 18 |
| 19 Each security group can have an arbitrary number of rules which represent |
| 20 different network ports which are being enabled. To find the rules for a |
| 21 particular security group, use the rules attribute:: |
| 22 |
| 23 >>> sg = rs[1] |
| 24 >>> sg.name |
| 25 u'default' |
| 26 >>> sg.rules |
| 27 [IPPermissions:tcp(0-65535), |
| 28 IPPermissions:udp(0-65535), |
| 29 IPPermissions:icmp(-1--1), |
| 30 IPPermissions:tcp(22-22), |
| 31 IPPermissions:tcp(80-80)] |
| 32 |
| 33 In addition to listing the available security groups you can also create |
| 34 a new security group. I'll follow through the "Three Tier Web Service" |
| 35 example included in the EC2 Developer's Guide for an example of how to |
| 36 create security groups and add rules to them. |
| 37 |
| 38 First, let's create a group for our Apache web servers that allows HTTP |
| 39 access to the world:: |
| 40 |
| 41 >>> web = conn.create_security_group('apache', 'Our Apache Group') |
| 42 >>> web |
| 43 SecurityGroup:apache |
| 44 >>> web.authorize('tcp', 80, 80, '0.0.0.0/0') |
| 45 True |
| 46 |
| 47 The first argument is the ip protocol which can be one of; tcp, udp or icmp. |
| 48 The second argument is the FromPort or the beginning port in the range, the |
| 49 third argument is the ToPort or the ending port in the range and the last |
| 50 argument is the CIDR IP range to authorize access to. |
| 51 |
| 52 Next we create another group for the app servers:: |
| 53 |
| 54 >>> app = conn.create_security_group('appserver', 'The application tier') |
| 55 |
| 56 We then want to grant access between the web server group and the app |
| 57 server group. So, rather than specifying an IP address as we did in the |
| 58 last example, this time we will specify another SecurityGroup object.: |
| 59 |
| 60 >>> app.authorize(src_group=web) |
| 61 True |
| 62 |
| 63 Now, to verify that the web group now has access to the app servers, we want to |
| 64 temporarily allow SSH access to the web servers from our computer. Let's |
| 65 say that our IP address is 192.168.1.130 as it is in the EC2 Developer |
| 66 Guide. To enable that access:: |
| 67 |
| 68 >>> web.authorize(ip_protocol='tcp', from_port=22, to_port=22, cidr_ip='192.
168.1.130/32') |
| 69 True |
| 70 |
| 71 Now that this access is authorized, we could ssh into an instance running in |
| 72 the web group and then try to telnet to specific ports on servers in the |
| 73 appserver group, as shown in the EC2 Developer's Guide. When this testing is |
| 74 complete, we would want to revoke SSH access to the web server group, like this:
: |
| 75 |
| 76 >>> web.rules |
| 77 [IPPermissions:tcp(80-80), |
| 78 IPPermissions:tcp(22-22)] |
| 79 >>> web.revoke('tcp', 22, 22, cidr_ip='192.168.1.130/32') |
| 80 True |
| 81 >>> web.rules |
| 82 [IPPermissions:tcp(80-80)] |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12317103:
Added gsutil to depot tools (Closed)
Base URL: https://chromium.googlesource.com/chromium/tools/depot_tools.git@master