akira345 · April 18, 2016 15:24
diff --git a/aws_security_group.rb b/aws_security_group.rb
 # -*- coding: utf-8 -*-
 #

 require 'aws-sdk-core'
 require 'yaml'
 require 'pp'

 config=YAML.load(File.read("config.yml"))
 Aws.config[:credentials] = Aws::Credentials.new(config['access_key_id'],config['secret_access_key'])
 ec2=Aws::EC2::Client.new(region:config['region'])

 SECURITY_GROUP_NAME = "sample-sg"
 VPC_ID = "vpc-xxxxxxxx"

 accept_cidrs = [
              {
                cidr_ip: "192.168.0.0/24",
                port: "80",
                protocol: "TCP"
              },
              {
                cidr_ip: "192.168.1.0/24",
                port: "80",
                protocol: "TCP"
              },
              ]
 accept_sg = [
            {
              sg: "sg-zzzzzzzz",
              port: "80",
              protocol: "TCP"
            }
            ]

 # セキュリティグループを作成

 ret = ec2.create_security_group({
  group_name: SECURITY_GROUP_NAME, # required
  description: SECURITY_GROUP_NAME, # required
  vpc_id: VPC_ID,
 })

 security_group_id = ret.group_id


 # インバウンドの設定
 # CIDR形式での設定
 accept_cidrs.each do | net |
  ec2.authorize_security_group_ingress({
    group_id: security_group_id,
    cidr_ip: net[:cidr_ip],
    from_port: net[:port],
    to_port: net[:port],
    ip_protocol: net[:protocol],
  })
 end
 # セキュリティグループでの設定
 accept_sg.each do | net |
  ec2.authorize_security_group_ingress({
    group_id: security_group_id,
    ip_permissions: [
      {
        ip_protocol: net[:protocol],
        from_port: net[:port],
        to_port: net[:port],
        user_id_group_pairs: [
          {
            group_id: net[:sg],
            vpc_id: VPC_ID,
          }
        ]
      }
    ]
  })
 end

 # debug
 pp ec2.describe_security_groups({ group_ids: [security_group_id]})

 # 削除
 pp "削除"

 # CIDR形式での設定
 accept_cidrs.each do | net |
  ec2.revoke_security_group_ingress({
    group_id: security_group_id,
    cidr_ip: net[:cidr_ip],
    from_port: net[:port],
    to_port: net[:port],
    ip_protocol: net[:protocol],
  })
 end
 # セキュリティグループでの設定
 accept_sg.each do | net |
  ec2.revoke_security_group_ingress({
    group_id: security_group_id,
    ip_permissions: [
      {
        ip_protocol: net[:protocol],
        from_port: net[:port],
        to_port: net[:port],
        user_id_group_pairs: [
          {
            group_id: net[:sg],
            vpc_id: VPC_ID,
          }
        ]
      }
    ]
  })
 end
 pp ec2.describe_security_groups({ group_ids: [security_group_id]})

 # セキュリティグループを削除
 ret = ec2.delete_security_group({
  group_id: security_group_id
 })
	# -- coding: utf-8 --
	#

	require 'aws-sdk-core'
	require 'yaml'
	require 'pp'

	config=YAML.load(File.read("config.yml"))
	Aws.config[:credentials] = Aws::Credentials.new(config['access_key_id'],config['secret_access_key'])
	ec2=Aws::EC2::Client.new(region:config['region'])

	SECURITY_GROUP_NAME = "sample-sg"
	VPC_ID = "vpc-xxxxxxxx"

	accept_cidrs = [
	{
	cidr_ip: "192.168.0.0/24",
	port: "80",
	protocol: "TCP"
	},
	{
	cidr_ip: "192.168.1.0/24",
	port: "80",
	protocol: "TCP"
	},
	]
	accept_sg = [
	{
	sg: "sg-zzzzzzzz",
	port: "80",
	protocol: "TCP"
	}
	]

	# セキュリティグループを作成

	ret = ec2.create_security_group({
	group_name: SECURITY_GROUP_NAME, # required
	description: SECURITY_GROUP_NAME, # required
	vpc_id: VPC_ID,
	})

	security_group_id = ret.group_id


	# インバウンドの設定
	# CIDR形式での設定
	accept_cidrs.each do \| net \|
	ec2.authorize_security_group_ingress({
	group_id: security_group_id,
	cidr_ip: net[:cidr_ip],
	from_port: net[:port],
	to_port: net[:port],
	ip_protocol: net[:protocol],
	})
	end
	# セキュリティグループでの設定
	accept_sg.each do \| net \|
	ec2.authorize_security_group_ingress({
	group_id: security_group_id,
	ip_permissions: [
	{
	ip_protocol: net[:protocol],
	from_port: net[:port],
	to_port: net[:port],
	user_id_group_pairs: [
	{
	group_id: net[:sg],
	vpc_id: VPC_ID,
	}
	]
	}
	]
	})
	end

	# debug
	pp ec2.describe_security_groups({ group_ids: [security_group_id]})

	# 削除
	pp "削除"

	# CIDR形式での設定
	accept_cidrs.each do \| net \|
	ec2.revoke_security_group_ingress({
	group_id: security_group_id,
	cidr_ip: net[:cidr_ip],
	from_port: net[:port],
	to_port: net[:port],
	ip_protocol: net[:protocol],
	})
	end
	# セキュリティグループでの設定
	accept_sg.each do \| net \|
	ec2.revoke_security_group_ingress({
	group_id: security_group_id,
	ip_permissions: [
	{
	ip_protocol: net[:protocol],
	from_port: net[:port],
	to_port: net[:port],
	user_id_group_pairs: [
	{
	group_id: net[:sg],
	vpc_id: VPC_ID,
	}
	]
	}
	]
	})
	end
	pp ec2.describe_security_groups({ group_ids: [security_group_id]})

	# セキュリティグループを削除
	ret = ec2.delete_security_group({
	group_id: security_group_id
	})