salt.modules.boto_secgroup¶

Connection module for Amazon Security Groups

2014.7.0 新版功能.

configuration:

configuration:	This module accepts explicit ec2 credentials but can also utilize IAM roles assigned to the instance trough Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html If IAM roles are not used you need to specify them either in a pillar or in the minion's config file: secgroup.keyid: GKTADJGHEIQSXMKKRBJ08H secgroup.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs A region may also be specified in the configuration: secgroup.region: us-east-1 If a region is not specified, the default is us-east-1. It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config: myprofile: keyid: GKTADJGHEIQSXMKKRBJ08H key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs region: us-east-1
depends:	boto

This module accepts explicit ec2 credentials but can also utilize IAM roles assigned to the instance trough Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More Information available at:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

If IAM roles are not used you need to specify them either in a pillar or in the minion's config file:

secgroup.keyid: GKTADJGHEIQSXMKKRBJ08H
secgroup.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs

A region may also be specified in the configuration:

secgroup.region: us-east-1

If a region is not specified, the default is us-east-1.

It's also possible to specify key, keyid and region via a profile, either as a passed in dict, or as a string to pull from pillars or minion config:

myprofile:
    keyid: GKTADJGHEIQSXMKKRBJ08H
    key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    region: us-east-1

depends:

boto

salt.modules.boto_secgroup.authorize(name=None, source_group_name=None, source_group_owner_id=None, ip_protocol=None, from_port=None, to_port=None, cidr_ip=None, group_id=None, source_group_group_id=None, region=None, key=None, keyid=None, profile=None, vpc_id=None, vpc_name=None, egress=False)¶

Add a new rule to an existing security group.

CLI example:

salt myminion boto_secgroup.authorize mysecgroup ip_protocol=tcp from_port=80 to_port=80 cidr_ip='['10.0.0.0/8', '192.168.0.0/24']'

salt.modules.boto_secgroup.convert_to_group_ids(groups, vpc_id, vpc_name=None, region=None, key=None, keyid=None, profile=None)¶

Given a list of security groups and a vpc_id, convert_to_group_ids will convert all list items in the given list to security group ids.

CLI example:

salt myminion boto_secgroup.convert_to_group_ids mysecgroup vpc-89yhh7h

salt.modules.boto_secgroup.create(name, description, vpc_id=None, vpc_name=None, region=None, key=None, keyid=None, profile=None)¶

Create a security group.

CLI example:

salt myminion boto_secgroup.create mysecgroup 'My Security Group'

salt.modules.boto_secgroup.delete(name=None, group_id=None, region=None, key=None, keyid=None, profile=None, vpc_id=None, vpc_name=None)¶

Delete a security group.

CLI example:

salt myminion boto_secgroup.delete mysecgroup

salt.modules.boto_secgroup.delete_tags(tags, name=None, group_id=None, vpc_name=None, vpc_id=None, region=None, key=None, keyid=None, profile=None)¶

deletes tags from a security group

2016.3.0 新版功能.

tags: a list of tags to remove
name: the name of the security group
group_id: the group id of the security group (in lie of a name/vpc combo)
vpc_name: the name of the vpc to search the named group for
vpc_id: the id of the vpc, in lieu of the vpc_name
region: the amazon region
key: amazon key
keyid: amazon keyid
profile: amazon profile

CLI example:

salt myminion boto_secgroup.delete_tags ['TAG_TO_DELETE1','TAG_TO_DELETE2'] security_group_name vpc_id=vpc-13435 profile=my_aws_profile

salt.modules.boto_secgroup.exists(name=None, region=None, key=None, keyid=None, profile=None, vpc_id=None, vpc_name=None, group_id=None)¶

Check to see if a security group exists.

CLI example:

salt myminion boto_secgroup.exists mysecgroup

salt.modules.boto_secgroup.get_config(name=None, group_id=None, region=None, key=None, keyid=None, profile=None, vpc_id=None, vpc_name=None)¶

Get the configuration for a security group.

CLI example:

salt myminion boto_secgroup.get_config mysecgroup

salt.modules.boto_secgroup.get_group_id(name, vpc_id=None, vpc_name=None, region=None, key=None, keyid=None, profile=None)¶

Get a Group ID given a Group Name or Group Name and VPC ID

CLI example:

salt myminion boto_secgroup.get_group_id mysecgroup

salt.modules.boto_secgroup.revoke(name=None, source_group_name=None, source_group_owner_id=None, ip_protocol=None, from_port=None, to_port=None, cidr_ip=None, group_id=None, source_group_group_id=None, region=None, key=None, keyid=None, profile=None, vpc_id=None, vpc_name=None, egress=False)¶

Remove a rule from an existing security group.

CLI example:

salt myminion boto_secgroup.revoke mysecgroup ip_protocol=tcp from_port=80 to_port=80 cidr_ip='10.0.0.0/8'

salt.modules.boto_secgroup.set_tags(tags, name=None, group_id=None, vpc_name=None, vpc_id=None, region=None, key=None, keyid=None, profile=None)¶

sets tags on a security group

2016.3.0 新版功能.

tags: a dict of key:value pair of tags to set on the security group
name: the name of the security gruop
group_id: the group id of the security group (in lie of a name/vpc combo)
vpc_name: the name of the vpc to search the named group for
vpc_id: the id of the vpc, in lieu of the vpc_name
region: the amazon region
key: amazon key
keyid: amazon keyid
profile: amazon profile

CLI example:

salt myminion boto_secgroup.set_tags "{'TAG1': 'Value1', 'TAG2': 'Value2'}" security_group_name vpc_id=vpc-13435 profile=my_aws_profile