New in version 2014.7.0.
Create and destroy Security Groups. Be aware that this interacts with Amazon's services, and so may incur charges.
This module uses boto
, which can be installed via package, or pip.
This module accepts explicit EC2 credentials but can also utilize IAM roles assigned to the instance through Instance Profiles. Dynamic credentials are then automatically obtained from AWS API and no further configuration is necessary. More information available here.
If IAM roles are not used you need to specify them either in a pillar file or in the minion's config file:
secgroup.keyid: GKTADJGHEIQSXMKKRBJ08H
secgroup.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
It's also possible to specify key
, keyid
and region
via a profile, either
passed in as a dict, or as a string to pull from pillars or minion config:
myprofile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
region: us-east-1
Ensure mysecgroup exists:
boto_secgroup.present:
- name: mysecgroup
- description: My security group
- rules:
- ip_protocol: tcp
from_port: 80
to_port: 80
cidr_ip:
- 10.0.0.0/0
- 192.168.0.0/0
- ip_protocol: icmp
from_port: -1
to_port: -1
source_group_name: mysecgroup
- rules_egress:
- ip_protocol: all
from_port: -1
to_port: -1
cidr_ip:
- 10.0.0.0/0
- 192.168.0.0/0
- region: us-east-1
- keyid: GKTADJGHEIQSXMKKRBJ08H
- key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
# Using a profile from pillars
Ensure mysecgroup exists:
boto_secgroup.present:
- name: mysecgroup
- description: My security group
- region: us-east-1
- profile: myprofile
# Passing in a profile
Ensure mysecgroup exists:
boto_secgroup.present:
- name: mysecgroup
- description: My security group
- region: us-east-1
- profile:
keyid: GKTADJGHEIQSXMKKRBJ08H
key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
salt.states.boto_secgroup.
absent
(name, vpc_id=None, region=None, key=None, keyid=None, profile=None)¶Ensure a security group with the specified name does not exist.
salt.states.boto_secgroup.
present
(name, description, vpc_id=None, rules=None, rules_egress=None, region=None, key=None, keyid=None, profile=None)¶Ensure the security group exists with the specified rules.