Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 | 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x | "use strict"
/* eslint no-unused-vars: 0 */
import async from 'async';
import aws from 'aws-sdk';
import util from 'util';
/**
* class Aws
*/
class Aws {
constructor(region, opts) {
this.opts = opts || {};
aws.config.update({region: region });
this.ec2 = new aws.EC2({ apiVersion: '2016-11-15' });
}
/**
* Add public IP address to AWS security group inbound rules.
*
* @param {Function} cb: standard cb(err, result) callback
*/
addIpToSecGroup(protocol, ip, port, secGroupId, name, cb) {
const self = this;
function describeSecurityGroupsCb(err, secGroups) {
if (err) {
console.error('Unable to find security group');
cb(err);
} else {
let secGroup = secGroups.SecurityGroups[0];
console.log(util.format('Found security group %s', secGroup.GroupName));
const tasks = [
createRevokeSecurityGroupIngressTask(secGroup),
createAuthorizeSecurityGroupIngressTask(secGroup)
];
async.series(tasks, cb);
}
}
function createRevokeSecurityGroupIngressTask(secGroup) {
function task(cb) {
function taskCb(err, data) {
if (err) {
console.error('Unable to delete existing inbound rule');
} else {
console.log(util.format('Succesfully deleted existing inbound rule named %s for IP %s on port %d with protocol %s', name, ingressMatch[0].ipRange.CidrIp, ingressMatch[0].fromPort, ingressMatch[0].ipProtocol));
}
cb(err);
}
let ingressMatch = [];
secGroup.IpPermissions.forEach(function (ipPermission) {
ipPermission.IpRanges.forEach(function (ipRange) {
if (ipRange.Description === name) {
ingressMatch.push({
fromPort: ipPermission.FromPort,
toPort: ipPermission.ToPort,
ipProtocol: ipPermission.IpProtocol,
ipRange: ipRange
});
}
});
});
if (ingressMatch.length === 0) {
cb();
} else {
const existingIngress = {
DryRun: self.opts.dryRun,
GroupId: secGroup.GroupId,
IpPermissions: [
{
FromPort: ingressMatch[0].fromPort,
ToPort: ingressMatch[0].toPort,
IpProtocol: ingressMatch[0].ipProtocol,
IpRanges: [ingressMatch[0].ipRange]
}
]
};
console.log('--\nDeleting an existing inbound rule named %s...', name);
self.ec2.revokeSecurityGroupIngress(existingIngress, taskCb);
}
}
return task;
}
function createAuthorizeSecurityGroupIngressTask(secGroup) {
function task(cb) {
function taskCb(err, data) {
if (err) {
console.error('Unable to add new inbound rule');
} else {
console.log(util.format('Succesfully added new inbound rule named %s for IP %s on port %d with protocol %s', name, ip, port, protocol));
}
cb(err);
}
const newIngress = {
DryRun: self.opts.dryRun,
GroupId: secGroup.GroupId,
IpPermissions: [
{
FromPort: port,
ToPort: port,
IpProtocol: protocol,
IpRanges: [
{
CidrIp: ip + '/32',
Description: name
}
]
}
]
};
console.log('--\nAdding a new inbound rule named %s...', name);
self.ec2.authorizeSecurityGroupIngress(newIngress, taskCb);
}
return task;
}
console.log(util.format('--\nRetrieving security group %s ...', secGroupId));
this.ec2.describeSecurityGroups({
GroupIds: [secGroupId]
}, describeSecurityGroupsCb);
}
}
export {
Aws as default
};
|