Working with Security Groups in Amazon EC2 (original) (raw)
This Node.js code example shows:
- How to retrieve information about your security groups.
- How to create a security group to access an Amazon EC2 instance.
- How to delete an existing security group.
The Scenario
An Amazon EC2 security group acts as a virtual firewall that controls the traffic for one or more instances. You add rules to each security group to allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.
In this example, you use a series of Node.js modules to perform several Amazon EC2 operations involving security groups. The Node.js modules use the SDK for JavaScript to manage instances by using the following methods of the Amazon EC2 client class:
- describeSecurityGroups
- authorizeSecurityGroupIngress
- createSecurityGroup
- describeVpcs
- deleteSecurityGroup
For more information about the Amazon EC2 security groups, see Amazon EC2 Amazon Security Groups for Linux Instances in the Amazon EC2 User Guide or Amazon EC2 Security Groups for Windows Instances in the Amazon EC2 User Guide.
Prerequisite Tasks
To set up and run this example, first complete these tasks:
- Install Node.js. For more information about installing Node.js, see the Node.js website.
- Create a shared configurations file with your user credentials. For more information about providing a shared credentials file, see Loading Credentials in Node.js from the Shared Credentials File.
Describing Your Security Groups
Create a Node.js module with the file nameec2_describesecuritygroups.js. Be sure to configure the SDK as previously shown. To access Amazon EC2, create an AWS.EC2 service object. Create a JSON object to pass as parameters, including the group IDs for the security groups you want to describe. Then call the describeSecurityGroups method of the Amazon EC2 service object.
// Load the AWS SDK for Node.js
var AWS = require("aws-sdk");
// Set the region
AWS.config.update({ region: "REGION" });
// Create EC2 service object
var ec2 = new AWS.EC2({ apiVersion: "2016-11-15" });
var params = {
GroupIds: ["SECURITY_GROUP_ID"],
};
// Retrieve security group descriptions
ec2.describeSecurityGroups(params, function (err, data) {
if (err) {
console.log("Error", err);
} else {
console.log("Success", JSON.stringify(data.SecurityGroups));
}
});
To run the example, type the following at the command line.
node ec2_describesecuritygroups.jsThis sample code can be found here on GitHub.
Creating a Security Group and Rules
Create a Node.js module with the file nameec2_createsecuritygroup.js. Be sure to configure the SDK as previously shown. To access Amazon EC2, create an AWS.EC2 service object. Create a JSON object for the parameters that specify the name of the security group, a description, and the ID for the VPC. Pass the parameters to the createSecurityGroup method.
After you successfully create the security group, you can define rules for allowing inbound traffic. Create a JSON object for parameters that specify the IP protocol and inbound ports on which the Amazon EC2 instance will receive traffic. Pass the parameters to the authorizeSecurityGroupIngress method.
// Load the AWS SDK for Node.js
var AWS = require("aws-sdk");
// Load credentials and set region from JSON file
AWS.config.update({ region: "REGION" });
// Create EC2 service object
var ec2 = new AWS.EC2({ apiVersion: "2016-11-15" });
// Variable to hold a ID of a VPC
var vpc = null;
// Retrieve the ID of a VPC
ec2.describeVpcs(function (err, data) {
if (err) {
console.log("Cannot retrieve a VPC", err);
} else {
vpc = data.Vpcs[0].VpcId;
var paramsSecurityGroup = {
Description: "DESCRIPTION",
GroupName: "SECURITY_GROUP_NAME",
VpcId: vpc,
};
// Create the instance
ec2.createSecurityGroup(paramsSecurityGroup, function (err, data) {
if (err) {
console.log("Error", err);
} else {
var SecurityGroupId = data.GroupId;
console.log("Success", SecurityGroupId);
var paramsIngress = {
GroupId: "SECURITY_GROUP_ID",
IpPermissions: [
{
IpProtocol: "tcp",
FromPort: 80,
ToPort: 80,
IpRanges: [{ CidrIp: "0.0.0.0/0" }],
},
{
IpProtocol: "tcp",
FromPort: 22,
ToPort: 22,
IpRanges: [{ CidrIp: "0.0.0.0/0" }],
},
],
};
ec2.authorizeSecurityGroupIngress(paramsIngress, function (err, data) {
if (err) {
console.log("Error", err);
} else {
console.log("Ingress Successfully Set", data);
}
});
}
});
}
});
To run the example, type the following at the command line.
node ec2_createsecuritygroup.jsThis sample code can be found here on GitHub.
Deleting a Security Group
Create a Node.js module with the file nameec2_deletesecuritygroup.js. Be sure to configure the SDK as previously shown. To access Amazon EC2, create an AWS.EC2 service object. Create the JSON parameters to specify the name of the security group to delete. Then call the deleteSecurityGroup method.
// Load the AWS SDK for Node.js
var AWS = require("aws-sdk");
// Set the region
AWS.config.update({ region: "REGION" });
// Create EC2 service object
var ec2 = new AWS.EC2({ apiVersion: "2016-11-15" });
var params = {
GroupId: "SECURITY_GROUP_ID",
};
// Delete the security group
ec2.deleteSecurityGroup(params, function (err, data) {
if (err) {
console.log("Error", err);
} else {
console.log("Security Group Deleted");
}
});
To run the example, type the following at the command line.
node ec2_deletesecuritygroup.jsThis sample code can be found here on GitHub.