cookbook 'aws_security', '~> 0.1.9'
aws_security (6) Versions 0.1.9 Follow11
Installs/Configures aws_security_group
cookbook 'aws_security', '~> 0.1.9', :supermarket
knife supermarket install aws_security
knife supermarket download aws_security
aws_security
Description
This cookbook provides libraries, resource and providers to config and manage Amazon EC2 Security Groups
Requirements
Testing Gems
- berkshelf
- test-kitchen
- kitchen-vagrant
- chefspec
- rspec_junit_formatter
AWS Credentials
The default recipe will look for a encrypted data bag defined by node['aws_security']['encrypted_data_bag'] with the following keys
- aws_access_key_id
- aws_secret_access_key
E.G.
{
"id": "aws",
"aws_access_key_id": "YOUR_ACCESS_KEY",
"aws_secret_access_key": "YOUR_SECRET_ACCESS_KEY"
}
Recipes
default
This recipe contains no resources as the fog-aws gem is now automatically installed by the resources as necessary.
Attributes
default['build-essential']['compile_time'] = true This must be set to true to ensure development tools are installed before the chef_gem 'fog-aws' is installed
default['aws_security']['encrypted_data_bag'] = nil Name of the data bag to search for your AWS credentials
default['aws_security']['aws_access_key_id'] = nil default['aws_security']['aws_secret_access_key'] = nil If these are defined, they will be used by default for the LWRPs
LWRPs
aws_security_group
Description: Creates and destroys security groups
Actions:
-
create_if_missing- Creates a new security group if it doesn't already exist (default action) -
create_and_attach- Creates a new security group if it doesn't already exist and adds the instance to it -
remove- Removes an existing security group -
attach- Attaches the instance where Chef is running to an existing security group -
detach- Detaches the instance where Chef is running from an existing security group
Attribute Parameters:
-
groupname- Name attribute -
aws_access_key_id- optional (falls back to IAM roles if not provided) -
aws_secret_access_key- required if aws_access_key_id is specified -
description- required -
vpcid- optional -
region- optional (defaults to 'us-east-1')
Usage
aws_security_group 'Example' do
description "Example Security Group"
aws_access_key_id node['aws_security']['aws_access_key_id']
aws_secret_access_key node['aws_security']['aws_secret_access_key']
region 'us-west-2'
end
aws_security_group_rule
Description: Creates and destroys rules in an existing security group
Actions:
-
add- Adds new rule to existing security group (default action) -
remove- Removes an existing rule from a security group
Attribute Parameters:
-
name- Name attribute -
aws_access_key_id- required -
aws_secret_access_key- required -
groupname- optional -
description- optional -
vpcid- optional -
region- optional (defaults to 'us-east-1') -
groupid- optional -
groupname- optional -
cidr_ip- optional -
group- optional -
owner- optional -
ip_protocol- optional, (must be one of the following [-1,udp,tcp,icmp]) -
port_range- optional (port..port) -
from_port- optional -
to_port- optional
Usage
The following will create a rule in security group Example in region us-west-2 to allow 192.168.1.1 access to port 80
aws_security_group_rule 'example1' do description "Example Rule 1" aws_access_key_id node['aws_security']['aws_access_key_id'] aws_secret_access_key node['aws_security']['aws_secret_access_key'] cidr_ip "192.168.1.1/32" groupname "Example" region 'us-west-2' port_range "80..80" ip_protocol 'tcp' end
The following will create a rule in security group Example in region us-west-2 to allow a security group with the id of sg-3b5a6ffe to allow access to port 80
aws_security_group_rule 'exmaple2' do description "Example Rule 2" aws_access_key_id node['aws_security']['aws_access_key_id'] aws_secret_access_key node['aws_security']['aws_secret_access_key'] group "sg-3b5a6ffe" groupname "Example" region 'us-west-2' port_range "80..80" ip_protocol 'tcp' end
The following will create a rule in security group Example in region us-east-1 to allow 10.0.0.0/24 all access
aws_security_group_rule 'example3' do description "Example Rule 3" aws_access_key_id node['aws_security']['aws_access_key_id'] aws_secret_access_key node['aws_security']['aws_secret_access_key'] cidr_ip "10.0.0.0/24" groupname "Example" ip_protocol '-1' end
TODO
- Egress rules
- Apply security groups to instances, elbs, vpcs, etc
License and Author
- Author:: Greg Hellings (greg@thesub.net)
Copyright 2014, B7 Interactive, LLC.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
0.1.9 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.9 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Cookstyle Metric
0.1.9 failed this metric
Chef/Deprecations/FoodcriticFile: Do not include the `.foodcritic` config file for the deprecated Foodcritic cookbook linter. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_foodcriticfile): aws_security/.foodcritic: 1
Chef/Deprecations/FoodcriticTesting: The Foodcritic cookbook linter has been deprecated and should no longer be used for validating cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_foodcritictesting): aws_security/Gemfile: 6
Chef/Deprecations/ResourceWithoutUnifiedTrue: Set `unified_mode true` in Chef Infra Client 15.3+ custom resources to ensure they work correctly in Chef Infra Client 18 (April 2022) when Unified Mode becomes the default. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_resourcewithoutunifiedtrue): aws_security/resources/group.rb: 1
Chef/Deprecations/ResourceWithoutUnifiedTrue: Set `unified_mode true` in Chef Infra Client 15.3+ custom resources to ensure they work correctly in Chef Infra Client 18 (April 2022) when Unified Mode becomes the default. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_resourcewithoutunifiedtrue): aws_security/resources/group_rule.rb: 1
Chef/Deprecations/UseInlineResourcesDefined: use_inline_resources is now the default for resources in Chef Infra Client 13+ and does not need to be specified. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_useinlineresourcesdefined): aws_security/providers/group.rb: 7
Chef/Deprecations/UseInlineResourcesDefined: use_inline_resources is now the default for resources in Chef Infra Client 13+ and does not need to be specified. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_useinlineresourcesdefined): aws_security/providers/group_rule.rb: 7
Chef/Modernize/DefinesChefSpecMatchers: ChefSpec matchers are now auto generated by ChefSpec 7.1+ and do not need to be defined in a cookbook (https://docs.chef.io/workstation/cookstyle/chef_modernize_defineschefspecmatchers): aws_security/libraries/matchers.rb: 1
Chef/Modernize/RespondToCompileTime: There is no need to check if the chef_gem resource supports compile_time as Chef Infra Client 12.1 and later support the compile_time property. (https://docs.chef.io/workstation/cookstyle/chef_modernize_resondtocompiletime): aws_security/libraries/ec2.rb: 31
Chef/Modernize/WhyRunSupportedTrue: whyrun_supported? no longer needs to be set to true as it is the default in Chef Infra Client 13+ (https://docs.chef.io/workstation/cookstyle/chef_modernize_whyrunsupportedtrue): aws_security/providers/group.rb: 3
Chef/Modernize/WhyRunSupportedTrue: whyrun_supported? no longer needs to be set to true as it is the default in Chef Infra Client 13+ (https://docs.chef.io/workstation/cookstyle/chef_modernize_whyrunsupportedtrue): aws_security/providers/group_rule.rb: 3
Chef/RedundantCode/LongDescriptionMetadata: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata): aws_security/metadata.rb: 6
Chef/RedundantCode/NamePropertyIsRequired: Resource properties marked as name properties should not also be required properties (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_namepropertyisrequired): aws_security/resources/group.rb: 5
Chef/Sharing/InvalidLicenseString: Cookbook metadata.rb does not use a SPDX compliant license string or "all rights reserved". See https://spdx.org/licenses/ for a complete list of license identifiers. (https://docs.chef.io/workstation/cookstyle/chef_sharing_invalidlicensestring): aws_security/metadata.rb: 4
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
No Binaries Metric
0.1.9 passed this metric
Testing File Metric
0.1.9 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.9 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.9 failed this metric
0.1.9 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Cookstyle Metric
0.1.9 failed this metric
Chef/Deprecations/FoodcriticFile: Do not include the `.foodcritic` config file for the deprecated Foodcritic cookbook linter. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_foodcriticfile): aws_security/.foodcritic: 1
Chef/Deprecations/FoodcriticTesting: The Foodcritic cookbook linter has been deprecated and should no longer be used for validating cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_foodcritictesting): aws_security/Gemfile: 6
Chef/Deprecations/ResourceWithoutUnifiedTrue: Set `unified_mode true` in Chef Infra Client 15.3+ custom resources to ensure they work correctly in Chef Infra Client 18 (April 2022) when Unified Mode becomes the default. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_resourcewithoutunifiedtrue): aws_security/resources/group.rb: 1
Chef/Deprecations/ResourceWithoutUnifiedTrue: Set `unified_mode true` in Chef Infra Client 15.3+ custom resources to ensure they work correctly in Chef Infra Client 18 (April 2022) when Unified Mode becomes the default. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_resourcewithoutunifiedtrue): aws_security/resources/group_rule.rb: 1
Chef/Deprecations/UseInlineResourcesDefined: use_inline_resources is now the default for resources in Chef Infra Client 13+ and does not need to be specified. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_useinlineresourcesdefined): aws_security/providers/group.rb: 7
Chef/Deprecations/UseInlineResourcesDefined: use_inline_resources is now the default for resources in Chef Infra Client 13+ and does not need to be specified. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_useinlineresourcesdefined): aws_security/providers/group_rule.rb: 7
Chef/Modernize/DefinesChefSpecMatchers: ChefSpec matchers are now auto generated by ChefSpec 7.1+ and do not need to be defined in a cookbook (https://docs.chef.io/workstation/cookstyle/chef_modernize_defineschefspecmatchers): aws_security/libraries/matchers.rb: 1
Chef/Modernize/RespondToCompileTime: There is no need to check if the chef_gem resource supports compile_time as Chef Infra Client 12.1 and later support the compile_time property. (https://docs.chef.io/workstation/cookstyle/chef_modernize_resondtocompiletime): aws_security/libraries/ec2.rb: 31
Chef/Modernize/WhyRunSupportedTrue: whyrun_supported? no longer needs to be set to true as it is the default in Chef Infra Client 13+ (https://docs.chef.io/workstation/cookstyle/chef_modernize_whyrunsupportedtrue): aws_security/providers/group.rb: 3
Chef/Modernize/WhyRunSupportedTrue: whyrun_supported? no longer needs to be set to true as it is the default in Chef Infra Client 13+ (https://docs.chef.io/workstation/cookstyle/chef_modernize_whyrunsupportedtrue): aws_security/providers/group_rule.rb: 3
Chef/RedundantCode/LongDescriptionMetadata: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata): aws_security/metadata.rb: 6
Chef/RedundantCode/NamePropertyIsRequired: Resource properties marked as name properties should not also be required properties (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_namepropertyisrequired): aws_security/resources/group.rb: 5
Chef/Sharing/InvalidLicenseString: Cookbook metadata.rb does not use a SPDX compliant license string or "all rights reserved". See https://spdx.org/licenses/ for a complete list of license identifiers. (https://docs.chef.io/workstation/cookstyle/chef_sharing_invalidlicensestring): aws_security/metadata.rb: 4
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
No Binaries Metric
0.1.9 passed this metric
Testing File Metric
0.1.9 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.9 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.9 failed this metric
Chef/Deprecations/FoodcriticTesting: The Foodcritic cookbook linter has been deprecated and should no longer be used for validating cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_foodcritictesting): aws_security/Gemfile: 6
Chef/Deprecations/ResourceWithoutUnifiedTrue: Set `unified_mode true` in Chef Infra Client 15.3+ custom resources to ensure they work correctly in Chef Infra Client 18 (April 2022) when Unified Mode becomes the default. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_resourcewithoutunifiedtrue): aws_security/resources/group.rb: 1
Chef/Deprecations/ResourceWithoutUnifiedTrue: Set `unified_mode true` in Chef Infra Client 15.3+ custom resources to ensure they work correctly in Chef Infra Client 18 (April 2022) when Unified Mode becomes the default. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_resourcewithoutunifiedtrue): aws_security/resources/group_rule.rb: 1
Chef/Deprecations/UseInlineResourcesDefined: use_inline_resources is now the default for resources in Chef Infra Client 13+ and does not need to be specified. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_useinlineresourcesdefined): aws_security/providers/group.rb: 7
Chef/Deprecations/UseInlineResourcesDefined: use_inline_resources is now the default for resources in Chef Infra Client 13+ and does not need to be specified. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_useinlineresourcesdefined): aws_security/providers/group_rule.rb: 7
Chef/Modernize/DefinesChefSpecMatchers: ChefSpec matchers are now auto generated by ChefSpec 7.1+ and do not need to be defined in a cookbook (https://docs.chef.io/workstation/cookstyle/chef_modernize_defineschefspecmatchers): aws_security/libraries/matchers.rb: 1
Chef/Modernize/RespondToCompileTime: There is no need to check if the chef_gem resource supports compile_time as Chef Infra Client 12.1 and later support the compile_time property. (https://docs.chef.io/workstation/cookstyle/chef_modernize_resondtocompiletime): aws_security/libraries/ec2.rb: 31
Chef/Modernize/WhyRunSupportedTrue: whyrun_supported? no longer needs to be set to true as it is the default in Chef Infra Client 13+ (https://docs.chef.io/workstation/cookstyle/chef_modernize_whyrunsupportedtrue): aws_security/providers/group.rb: 3
Chef/Modernize/WhyRunSupportedTrue: whyrun_supported? no longer needs to be set to true as it is the default in Chef Infra Client 13+ (https://docs.chef.io/workstation/cookstyle/chef_modernize_whyrunsupportedtrue): aws_security/providers/group_rule.rb: 3
Chef/RedundantCode/LongDescriptionMetadata: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata): aws_security/metadata.rb: 6
Chef/RedundantCode/NamePropertyIsRequired: Resource properties marked as name properties should not also be required properties (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_namepropertyisrequired): aws_security/resources/group.rb: 5
Chef/Sharing/InvalidLicenseString: Cookbook metadata.rb does not use a SPDX compliant license string or "all rights reserved". See https://spdx.org/licenses/ for a complete list of license identifiers. (https://docs.chef.io/workstation/cookstyle/chef_sharing_invalidlicensestring): aws_security/metadata.rb: 4
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
0.1.9 passed this metric
Testing File Metric
0.1.9 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.9 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.9 failed this metric
0.1.9 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
