# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 # Purpose: # ec2-ruby-example-create-security-group.rb demonstrates how to # create an Amazon Elastic Compute Cloud (Amazon EC2) security group and # then adds an outbound rule to that security group. # snippet-start:[ec2.Ruby.createSecurityGroup] require "aws-sdk-ec2" # Prerequisites: # # - A VPC in Amazon Virtual Private Cloud (Amazon VPC). # # @param ec2_resource [Aws::EC2::Resource] An initialized # Amazon EC2 resource object. # @param group_name [String] A name for the security group. # @param description [String] A description for the security group. # @param vpc_id [String] The ID of the VPC for the security group. # @param protocol [String] The network protocol for the outbound rule. # @param from_port [String] The originating port for the outbound rule. # @param to_port [String] The destination port for the outbound rule. # @param cidr_ip_range [String] The CIDR IP range for the outbound rule. # @return [Boolean] true if the security group was created and the outbound # rule was added; otherwise, false. # @example # exit 1 unless security_group_created_with_egress?( # Aws::EC2::Resource.new(region: 'us-west-2'), # 'my-security-group', # 'This is my security group.', # 'vpc-6713dfEX', # 'tcp', # '22', # '22', # '0.0.0.0/0' # ) def security_group_created_with_egress?( ec2_resource, group_name, description, vpc_id, ip_protocol, from_port, to_port, cidr_ip_range ) security_group = ec2_resource.create_security_group( group_name: group_name, description: description, vpc_id: vpc_id ) puts "Created security group '#{group_name}' with ID " \ "'#{security_group.id}' in VPC with ID '#{vpc_id}'." security_group.authorize_egress( ip_permissions: [ { ip_protocol: ip_protocol, from_port: from_port, to_port: to_port, ip_ranges: [ { cidr_ip: cidr_ip_range } ] } ] ) puts "Granted egress to security group '#{group_name}' for protocol " \ "'#{ip_protocol}' from port '#{from_port}' to port '#{to_port}' " \ "with CIDR IP range '#{cidr_ip_range}'." return true rescue StandardError => e puts "Error creating security group or granting egress: #{e.message}" return false end # Full example call: def run_me group_name = "" description = "" vpc_id = "" ip_protocol = "" from_port = "" to_port = "" cidr_ip_range = "" region = "" # Print usage information and then stop. if ARGV[0] == "--help" || ARGV[0] == "-h" puts "Usage: ruby ec2-ruby-example-create-security-group.rb " \ "GROUP_NAME DESCRIPTION VPC_ID IP_PROTOCOL FROM_PORT TO_PORT " \ "CIDR_IP_RANGE REGION" # Replace us-west-2 with the AWS Region you're using for Amazon EC2. puts "Example: ruby ec2-ruby-example-create-security-group.rb " \ "my-security-group 'This is my security group.' vpc-6713dfEX " \ "tcp 22 22 '0.0.0.0/0' us-west-2" exit 1 # If no values are specified at the command prompt, use these default values. elsif ARGV.count.zero? group_name = "my-security-group" description = "This is my security group." vpc_id = "vpc-6713dfEX" ip_protocol = "tcp" from_port = "22" to_port = "22" cidr_ip_range = "0.0.0.0/0" # Replace us-west-2 with the AWS Region you're using for Amazon EC2. region = "us-west-2" # Otherwise, use the values as specified at the command prompt. else group_name = ARGV[0] description = ARGV[1] vpc_id = ARGV[2] ip_protocol = ARGV[3] from_port = ARGV[4] to_port = ARGV[5] cidr_ip_range = ARGV[6] region = ARGV[7] end ec2_resource = Aws::EC2::Resource.new(region: region) if security_group_created_with_egress?( ec2_resource, group_name, description, vpc_id, ip_protocol, from_port, to_port, cidr_ip_range ) puts "Security group created and egress granted." else puts "Security group not created or egress not granted." end end run_me if $PROGRAM_NAME == __FILE__ # snippet-end:[ec2.Ruby.createSecurityGroup]