Documentation
¶
Index ¶
- func FindPreExistingNetworkACLRule(conn *ec2.EC2, acl, cidr string, start, end int, egress bool) (int, error)
- func FindPreExistingSecurityGroupRule(conn *ec2.EC2, group, cidr string, start, end int, egress bool) (bool, error)
- func FindVacantNetworkACLRule(conn *ec2.EC2, acl string) (int, error)
- func LocateImage(conn *ec2.EC2) (string, error)
- type Instance
- type KeyPair
- type NetworkACLRule
- type SecurityGroup
- type SecurityGroupRule
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FindPreExistingNetworkACLRule ¶
func FindPreExistingNetworkACLRule(conn *ec2.EC2, acl, cidr string, start, end int, egress bool) (int, error)
FindPreExistingNetworkACLRule will check to see if a rule already exists in an ACL for a specific direction and port range. If the rule exists, the rule number is returned, otherwise the result is -1.
Note that error needs to be checked for errors, as the zero value returned during errors could be interpreted as rule number 0 as well.
func FindPreExistingSecurityGroupRule ¶
func FindPreExistingSecurityGroupRule(conn *ec2.EC2, group, cidr string, start, end int, egress bool) (bool, error)
FindPreExistingSecurityGroupRule will check to see if a rule already exists in the security group for a specific direction and port range.
func FindVacantNetworkACLRule ¶
FindVacantNetworkACLRule will find the highest priority entry (that is, the lowest rule number) available in a network ACL to use to add the bastion allow rule to.
Types ¶
type Instance ¶
type Instance struct {
// true if the instance has been created.
Created bool `json:"created"`
// The ID of the AMI used to launch the instance.
ImageID string `json:"image_id"`
// The ID of the instance.
InstanceID string `json:"instance_id"`
// The instance type.
InstanceType string `json:"instance_type"`
// The subnet for the instance.
SubnetID string `json:"subnet_id"`
// The key pair name for SSH access.
KeyPairName string `json:"key_pair_name"`
// The security group ID the instance is being launched in.
SecurityGroupID string `json:"security_group_id"`
// The public IP address.
PublicIPAddress string `json:"public_ip_address"`
// The private IP address.
PrivateIPAddress string `json:"private_ip_address"`
// The SSH user to connect to the instance with.
SSHUser string `json:"ssh_user"`
// contains filtered or unexported fields
}
Instance describes an AWS EC2 instance.
func CreateInstance ¶
CreateInstance creates an Amazon EC2 insatnce, and returns an Instance struct.
type KeyPair ¶
type KeyPair struct {
// true if the network ACL rule has been created, or is accounted for (ie: the
// PreExisting flag is set).
Created bool `json:"created"`
// The SHA-1 digest of the DER encoded private key.
Fingerprint string `json:"fingerprint"`
// The unique name for the key pair.
KeyName string `json:"key_name"`
// The private key, in PEM format.
PrivateKeyPEM string `json:"private_key_pem"`
// contains filtered or unexported fields
}
KeyPair describes an AWS EC2 key pair.
func CreateKeyPair ¶
CreateKeyPair creates an AWS EC2 key pair.
Note that in the event of errors, KeyPair will be in an inconsistent state and should not be used.
type NetworkACLRule ¶
type NetworkACLRule struct {
// The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24).
CidrBlock string `json:"cidr_block"`
// true if the network ACL rule has been created, or is accounted for (ie: the
// PreExisting flag is set).
Created bool `json:"created"`
// Indicates whether this is an egress rule (rule is applied to traffic leaving
// the subnet).
Egress bool `json:"egress"`
// The ID of the network ACL the rule is being inserted into.
NetworkAclID string `json:"network_acl_id"`
// The starting port in the range that this rule applies to. Normally this
// will be the same as EndPort, with the exception of ephemeral rules.
StartPort int `json:"start_port"`
// The starting port in the range that this rule applies to. Normally this
// will be the same as StartPort, with the exception of ephemeral rules.
EndPort int `json:"end_port"`
// "true" if the rule was pre-existing in the exact form that it was going
// to be created in (ie: direction and port). This is necessary to prevent
// API errors for duplicate ACL entries. Pre-existing rules are not deleted.
PreExisting bool `json:"pre_existing"`
// The rule number for the entry (for example, 100). ACL entries are processed
// in ascending order by rule number.
//
// Constraints: Positive integer from 1 to 32766. The range 32767 to 65535
// is reserved for internal use.
RuleNumber int `json:"rule_number"`
// contains filtered or unexported fields
}
NetworkACLRule describes an AWS VPC network ACL rule.
func CreateNetworkACLRule ¶
func CreateNetworkACLRule(conn *ec2.EC2, acl, cidr string, start, end int, egress bool) (NetworkACLRule, error)
CreateNetworkACLRule creates a network ACL rule, and returns a NetworkACLRule struct.
If the rule already exists, the struct wiil still be populated, however the PreExisting flag will be set to true.
Note that in the event of errors, NetworkACLRule will be in an inconsistent state and should not be used.
func DeleteNetworkACLRule ¶
func DeleteNetworkACLRule(conn *ec2.EC2, rule NetworkACLRule) (NetworkACLRule, error)
DeleteNetworkACLRule deletes a newtork ACL rule, if it was not pre-existing.
type SecurityGroup ¶
type SecurityGroup struct {
// true if the security group has been created
Created bool `json:"created"`
// The ID of the security group, generated by AWS on creation.
GroupID string `json:"group_id"`
// The name of the security group. This is automatically generated by
// bastion.
GroupName string `json:"group_name"`
// The ID of the VPC the security group resides in, derived from the public
// subnet supplied to bastion.
VpcID string `json:"vpc_id"`
// contains filtered or unexported fields
}
SecurityGroup describes an AWS VPC security group.
func CreateSecurityGroup ¶
func CreateSecurityGroup(conn *ec2.EC2, subnet string) (SecurityGroup, error)
CreateSecurityGroup creates the security group, and returns a SecurityGroup struct.
Note that in the event of errors, SecurityGroup will be in an inconsistent state and should not be used.
func DeleteSecurityGroup ¶
func DeleteSecurityGroup(conn *ec2.EC2, group SecurityGroup) (SecurityGroup, error)
DeleteSecurityGroup deletes the security group.
type SecurityGroupRule ¶
type SecurityGroupRule struct {
// The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24).
CidrBlock string `json:"cidr_block"`
// true if the security group rule has been created, or is accounted for (ie: the
// PreExisting flag is set).
Created bool `json:"created"`
// Indicates whether this is an egress rule (rule is applied to traffic leaving
// the subnet).
Egress bool `json:"egress"`
// The ID of the security group the rule is being inserted into.
GroupID string `json:"security_group_id"`
// The starting port in the range that this rule applies to.
StartPort int `json:"start_port"`
// The starting port in the range that this rule applies to.
EndPort int `json:"end_port"`
// "true" if the rule was pre-existing in the exact form that it was going
// to be created in (ie: direction and port). This is necessary to prevent
// API errors for duplicate rule entries. Pre-existing rules are not deleted.
PreExisting bool `json:"pre_existing"`
// contains filtered or unexported fields
}
SecurityGroupRule describes an AWS VPC security group rule.
func CreateSecurityGroupRule ¶
func CreateSecurityGroupRule(conn *ec2.EC2, group, cidr string, start, end int, egress bool) (SecurityGroupRule, error)
CreateSecurityGroupRule creates a network ACL rule, and returns a NetworkACLRule struct.
If the rule already exists, the struct wiil still be populated, however the PreExisting flag will be set to true.
Note that in the event of errors, SecurityGroupRule will be in an inconsistent state and should not be used.
func DeleteSecurityGroupRule ¶
func DeleteSecurityGroupRule(conn *ec2.EC2, rule SecurityGroupRule) (SecurityGroupRule, error)
DeleteSecurityGroupRule deletes a security group rule, if it was not pre-existing.
Source Files