{ "info": { "author": "Nicholas Johns", "author_email": "nick.johns@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: GNU Library or Lesser General Public License (LGPL)", "Operating System :: OS Independent", "Programming Language :: Python", "Topic :: Internet", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: System :: Systems Administration" ], "description": "Simple Security Groups\r\n======================\r\nOverview\r\n--------\r\n\r\nManaging your Amazon Web Services (AWS) Security groups through Cloudformation templates is a great way of handling the creation & updating of all your rules.\r\nBut it's a horribly longwinded way of writing out your rules, and get's a bit unwieldy once you hit a certain number.\r\n\r\nThere are great api's out there (like boto), that let you programatically create your security group objects, but then you then have the headache of writing code to apply them and update tehm, and the inevitable debugging that ensues. Not to mention the horror you face when you hit the maximum API requests/s.\r\n\r\nsimplesecuritygroups aim to give you the power and flexibility of python when defining your rules, but rather than directly setting them up, output a familiar Cloudformation template you can use to apply your rules.\r\n\r\n1. Define your security groups using simplesecurity groups\r\n2. Output the Cloudformation template\r\n3. Apply using your normal methods!\r\n\r\nInstallation\r\n------------\r\nUsing pip::\r\n\r\n $ pip install simplesecuritygroups\r\n\r\nGeneral Things You should Know\r\n------------------------------\r\n\r\n1. Most methods support chaining. i.e. they return the class instance when they're called. This allows for method chaining like you'll see in the methods below.\r\n2. When adding a rule, most parameters can be lists. This includes ports, protocols, targets.\r\n3. When adding ingress / egress rules outside of a security group, you can suggest a name for the rule. I say suggest, because if you provide any of the parameters as lists, it's going to ignore it and output a horribly descriptive name :)\r\n4. Port syntax. simplesecuritygroups don't care if you pass the port as a string or an integer. It'll still get output as a string in the template. You can specify a from and to range using the syntax: \"8000..8005\"\r\n\r\nExample Usage\r\n-------------\r\nThese examples all assume you're using VPC security groups. Some old accounts may be using old style EC2 security groups, in which case I'm not sure if this library will work for you! I hope to test at some point...\r\n\r\n**Create a basic security group template with a webserver security group that allows incomming access on http / https ports**\r\n\r\n.. code-block:: python\r\n\r\n from simplesecuritygroups.template import SecurityGroups, SecurityGroup\r\n\r\n mytemplate = (\r\n SecurityGroups(\"Example Security Group Template\")\r\n .add_resource(\r\n SecurityGroup(\"WebserverSecurityGroup\", \"My Webserver Security Group\", \"[MyAWSVPCID]\")\r\n .ingress(\"tcp\", [80, 443])\r\n )\r\n )\r\n\r\n print mytemplate\r\n\r\nResult:\r\n\r\n::\r\n\r\n {\r\n \"AWSTemplateFormatVersion\": \"2010-09-09\",\r\n \"Description\": \"Example Security Group Template\",\r\n \"Parameters\": {},\r\n \"Resources\": {\r\n \"WebserverSecurityGroup\": {\r\n \"Type\": \"AWS::EC2::SecurityGroup\",\r\n \"Properties\": {\r\n \"GroupDescription\": \"My Webserver Security Group\",\r\n \"VpcId\": \"[MyAWSVPCID]\",\r\n \"SecurityGroupIngress\": [\r\n {\r\n \"IpProtocol\": \"tcp\",\r\n \"FromPort\": \"80\",\r\n \"ToPort\": \"80\",\r\n \"CidrIp\": \"0.0.0.0/0\"\r\n },\r\n {\r\n \"IpProtocol\": \"tcp\",\r\n \"FromPort\": \"443\",\r\n \"ToPort\": \"443\",\r\n \"CidrIp\": \"0.0.0.0/0\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n\r\n**Use a Cloudformation template parameter so the template can be re-used for multiple environments**\r\n\r\n.. code-block:: python\r\n\r\n from simplesecuritygroups.template import SecurityGroups, SecurityGroup\r\n\r\n mytemplate = (\r\n SecurityGroups(\"Example Security Group Template\")\r\n .add_parameter(\"VPCID\", \"The ID of your VPC\")\r\n .add_resource(\r\n SecurityGroup(\"WebserverSecurityGroup\", \"My Webserver Security Group\", {\"Ref\": \"VPCID\"})\r\n .ingress(\"tcp\", [80, 443])\r\n )\r\n )\r\n\r\n print mytemplate\r\n\r\n**Add a rule outside of a Security Group**\r\n(This is often necessary to avoid cirucular dependencies)\r\n\r\n.. code-block:: python\r\n\r\n from simplesecuritygroups.template import SecurityGroups, SecurityGroup\r\n\r\n mytemplate = (\r\n SecurityGroups(\"Example Security Group Template\")\r\n .add_parameter(\"VPCID\", \"The ID of your VPC\")\r\n .add_resource(\r\n SecurityGroup(\"WebserverSecurityGroup\", \"My Webserver Security Group\", {\"Ref\": \"VPCID\"})\r\n .ingress(\"tcp\", [80, 443])\r\n )\r\n .add_resource(\r\n SecurityGroup(\"LogserverSecurityGroup\", \"My Logserver Security Group, {\"Ref\": \"VPCID\"})\r\n )\r\n .pair(\"WebserverSecurityGroup\", \"tcp\", 20154, \"LogServerSecurityGroup\", \"WebserverLogserverLogging\")\r\n )\r\n\r\n print mytemplate\r\n\r\nNOTE: the .pair is just a timesaver method, equivilent to doing:\r\n\r\n.. code-block:: python\r\n\r\n .ingress(\"LogserverSecurityGroup\", \"tcp\", 20154, \"WebserverSecurityGroup\")\r\n .egress(\"WebserverSecurityGroup\", \"tcp\", 20154, \"LogserverSecurityGroup\")\r\n\r\nResult:\r\n\r\n::\r\n\r\n {\r\n \"AWSTemplateFormatVersion\": \"2010-09-09\",\r\n \"Description\": \"Example Security Group Template\",\r\n \"Parameters\": {\r\n \"VPCID\": {\r\n \"Description\": \"The ID of your VPC\",\r\n \"Type\": \"String\"\r\n }\r\n },\r\n \"Resources\": {\r\n \"WebserverSecurityGroup\": {\r\n \"Type\": \"AWS::EC2::SecurityGroup\",\r\n \"Properties\": {\r\n \"GroupDescription\": \"My Webserver Security Group\",\r\n \"VpcId\": {\r\n \"Ref\": \"VPCID\"\r\n },\r\n \"SecurityGroupIngress\": [\r\n {\r\n \"IpProtocol\": \"tcp\",\r\n \"FromPort\": \"80\",\r\n \"ToPort\": \"80\",\r\n \"CidrIp\": \"0.0.0.0/0\"\r\n },\r\n {\r\n \"IpProtocol\": \"tcp\",\r\n \"FromPort\": \"443\",\r\n \"ToPort\": \"443\",\r\n \"CidrIp\": \"0.0.0.0/0\"\r\n }\r\n ]\r\n }\r\n },\r\n \"WebserverLogserverLoggingIngress\": {\r\n \"Type\": \"AWS::EC2::SecurityGroupIngress\",\r\n \"Properties\": {\r\n \"GroupId\": {\r\n \"Ref\": \"LogServerSecurityGroup\"\r\n },\r\n \"IpProtocol\": \"tcp\",\r\n \"FromPort\": \"20154\",\r\n \"ToPort\": \"20154\",\r\n \"SourceSecurityGroupId\": {\r\n \"Ref\": \"WebserverSecurityGroup\"\r\n }\r\n }\r\n },\r\n \"WebserverLogserverLoggingEgress\": {\r\n \"Type\": \"AWS::EC2::SecurityGroupEgress\",\r\n \"Properties\": {\r\n \"GroupId\": {\r\n \"Ref\": \"WebserverSecurityGroup\"\r\n },\r\n \"IpProtocol\": \"tcp\",\r\n \"FromPort\": \"20154\",\r\n \"ToPort\": \"20154\",\r\n \"DestinationSecurityGroupId\": {\r\n \"Ref\": \"LogServerSecurityGroup\"\r\n }\r\n }\r\n }\r\n }\r\n }", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/ninjaMog/simplesecuritygroups", "keywords": "", "license": "UNKNOWN", "maintainer": "", "maintainer_email": "", "name": "simplesecuritygroups", "package_url": "https://pypi.org/project/simplesecuritygroups/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/simplesecuritygroups/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/ninjaMog/simplesecuritygroups" }, "release_url": "https://pypi.org/project/simplesecuritygroups/0.0.2/", "requires_dist": null, "requires_python": null, "summary": "Programatic way of creating Cloudformation SecurityGroup Templates", "version": "0.0.2" }, "last_serial": 1111457, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "9aa560fed5419640888b7f47d70c2fc3", "sha256": "647e1abeaea2d96effded1b382ec414df3a9ce69a2bb48ecaf7dace5b9f92d06" }, "downloads": -1, "filename": "simplesecuritygroups-0.0.1.tar.gz", "has_sig": false, "md5_digest": "9aa560fed5419640888b7f47d70c2fc3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3013, "upload_time": "2014-06-02T12:49:37", "url": "https://files.pythonhosted.org/packages/78/9c/35f000604779ef2b6a92a94c64dfb1eb629df75ee7d816ffa50e09ce06d9/simplesecuritygroups-0.0.1.tar.gz" } ], "0.0.2": [ { "comment_text": "", "digests": { "md5": "008b6010500c387ac2dd0426f2cc295a", "sha256": "ef2e8d95ad7bd83bd8d2fd506491b29d6bb05515f3aa765b311c78262c14290c" }, "downloads": -1, "filename": "simplesecuritygroups-0.0.2.tar.gz", "has_sig": false, "md5_digest": "008b6010500c387ac2dd0426f2cc295a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7193, "upload_time": "2014-06-02T14:11:01", "url": "https://files.pythonhosted.org/packages/d6/52/b39627f42d3b7d7833af01b99b56d4fd307fb838db4f7d9b682d46aa099d/simplesecuritygroups-0.0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "008b6010500c387ac2dd0426f2cc295a", "sha256": "ef2e8d95ad7bd83bd8d2fd506491b29d6bb05515f3aa765b311c78262c14290c" }, "downloads": -1, "filename": "simplesecuritygroups-0.0.2.tar.gz", "has_sig": false, "md5_digest": "008b6010500c387ac2dd0426f2cc295a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7193, "upload_time": "2014-06-02T14:11:01", "url": "https://files.pythonhosted.org/packages/d6/52/b39627f42d3b7d7833af01b99b56d4fd307fb838db4f7d9b682d46aa099d/simplesecuritygroups-0.0.2.tar.gz" } ] }