Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate temporary security groups in AWS #44

Merged
merged 5 commits into from Jul 16, 2019

Conversation

Projects
None yet
2 participants
@orien
Copy link
Member

commented Jun 30, 2019

It can be rather cumbersome to manage security groups. Especially if you have a build creating and testing AMI across multiple AWS accounts and regions. You have to add them in AWS and then ensure the correct one is being used in CI servers.

Instead of all that manual work, let's get AMI Spec to do it for us!

I propose that if a security group isn't provided via the command line, then a temporary security group is generated in AWS and used for the duration of the testing. This temporary security group allows SSH access. After the tests have completed and the EC2 instance is terminated, the security group is deleted.

orien added some commits Jun 27, 2019

Wait until EC2 instance has terminated
This allows us to delete the temporary security group
require 'securerandom'

module AmiSpec
class AwsSecurityGroup

This comment has been minimized.

Copy link
@orien

orien Jun 30, 2019

Author Member

This new class facilitates the creating and deleting of AWS security groups.

@@ -37,6 +37,11 @@ def start
tag_instance
end

def terminate
@instance.terminate
@instance.wait_until_terminated

This comment has been minimized.

Copy link
@orien

orien Jun 30, 2019

Author Member

To successfully delete a security group, any EC2 instances using it must be terminated. Hence we'll need to start waiting for this EC2 instance fully terminate before attempting to delete the security group.

@patrobinson
Copy link
Collaborator

left a comment

Some minor suggestions but I think this looks good

Show resolved Hide resolved lib/ami_spec/aws_security_group.rb Outdated
Show resolved Hide resolved lib/ami_spec/aws_security_group.rb Outdated
Show resolved Hide resolved lib/ami_spec.rb Outdated
Show resolved Hide resolved lib/ami_spec.rb Outdated

@orien orien force-pushed the orien/create-security-groups branch from 538adcd to 707c333 Jul 1, 2019

orien and others added some commits Jul 1, 2019

Apply suggestions from code review
Add `temporary` prefix to `security_group` variable name
This better describes it's usages. We're not deleting an already existing security group.

Co-Authored-By: Patrick Robinson <patrick.robinson@envato.com>
Make subnet_id a required argument
Remove vpc_id parameter as it's never used in the application
Add --allow_any_temporary_security_group option
This controls the the temporary security group ingress rule. If the
option is passed the security group allows SSH connections from any IP
address (0.0.0.0/0). If not passed, only IP address in the subnet CIDR
block can connect.
@patrobinson
Copy link
Collaborator

left a comment

Very good. Happy to give you access on Rubygems to release it if you like?

def vpc_id
@vpc_id ||= @ec2.subnet(@subnet_id).vpc_id
def cidr_block
@allow_any_ip ? "0.0.0.0/0" : subnet.cidr_block

This comment has been minimized.

Copy link
@patrobinson

patrobinson Jul 15, 2019

Collaborator

A much less surprising default 👍

@orien

This comment has been minimized.

Copy link
Member Author

commented Jul 16, 2019

@patrobinson: Thanks, that'd be awesome!

@orien orien merged commit 2211a35 into master Jul 16, 2019

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@orien orien deleted the orien/create-security-groups branch Jul 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.