aws-sdk 1.3.5 → 1.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/aws/api_config/EC2-2011-12-15.yml +2791 -0
- data/lib/aws/core.rb +4 -4
- data/lib/aws/core/client.rb +1 -0
- data/lib/aws/core/client_logging.rb +9 -2
- data/lib/aws/core/lazy_error_classes.rb +1 -1
- data/lib/aws/core/response.rb +5 -0
- data/lib/aws/core/service_interface.rb +3 -2
- data/lib/aws/core/uri_escape.rb +1 -2
- data/lib/aws/ec2.rb +80 -1
- data/lib/aws/ec2/client.rb +29 -10
- data/lib/aws/ec2/client/xml.rb +51 -1
- data/lib/aws/ec2/customer_gateway.rb +90 -0
- data/lib/aws/ec2/customer_gateway_collection.rb +73 -0
- data/lib/aws/ec2/dhcp_options.rb +106 -0
- data/lib/aws/ec2/dhcp_options_collection.rb +87 -0
- data/lib/aws/ec2/filtered_collection.rb +27 -2
- data/lib/aws/ec2/image.rb +7 -4
- data/lib/aws/ec2/instance.rb +54 -2
- data/lib/aws/ec2/instance_collection.rb +5 -3
- data/lib/aws/ec2/internet_gateway.rb +122 -0
- data/lib/aws/ec2/internet_gateway/attachment.rb +78 -0
- data/lib/aws/ec2/internet_gateway_collection.rb +54 -0
- data/lib/aws/ec2/network_acl.rb +254 -0
- data/lib/aws/ec2/network_acl/association.rb +56 -0
- data/lib/aws/ec2/network_acl/entry.rb +147 -0
- data/lib/aws/ec2/network_acl_collection.rb +65 -0
- data/lib/aws/ec2/network_interface.rb +174 -0
- data/lib/aws/ec2/network_interface/attachment.rb +100 -0
- data/lib/aws/ec2/network_interface_collection.rb +103 -0
- data/lib/aws/ec2/region.rb +11 -1
- data/lib/aws/ec2/resource.rb +6 -2
- data/lib/aws/ec2/route_table.rb +204 -0
- data/lib/aws/ec2/route_table/association.rb +119 -0
- data/lib/aws/ec2/route_table/route.rb +113 -0
- data/lib/aws/ec2/route_table_collection.rb +73 -0
- data/lib/aws/ec2/security_group.rb +15 -5
- data/lib/aws/ec2/security_group_collection.rb +15 -12
- data/lib/aws/ec2/subnet.rb +161 -0
- data/lib/aws/ec2/subnet_collection.rb +115 -0
- data/lib/aws/ec2/vpc.rb +166 -0
- data/lib/aws/ec2/vpc_collection.rb +71 -0
- data/lib/aws/ec2/vpn_connection.rb +99 -0
- data/lib/aws/ec2/vpn_connection/telemetry.rb +49 -0
- data/lib/aws/ec2/vpn_connection_collection.rb +96 -0
- data/lib/aws/ec2/vpn_gateway.rb +123 -0
- data/lib/aws/ec2/vpn_gateway/attachment.rb +45 -0
- data/lib/aws/ec2/vpn_gateway_collection.rb +77 -0
- data/lib/aws/iam/login_profile.rb +4 -0
- data/lib/aws/iam/user.rb +6 -0
- data/lib/aws/record/hash_model.rb +3 -3
- data/lib/aws/simple_workflow.rb +6 -3
- data/lib/aws/simple_workflow/activity_task_collection.rb +7 -2
- data/lib/aws/simple_workflow/decision_task_collection.rb +11 -5
- data/lib/aws/simple_workflow/option_formatters.rb +7 -0
- data/lib/net/http/connection_pool.rb +19 -5
- metadata +33 -5
- data/lib/aws/api_config/EC2-2011-02-28.yml +0 -2314
@@ -0,0 +1,78 @@
|
|
1
|
+
# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"). You
|
4
|
+
# may not use this file except in compliance with the License. A copy of
|
5
|
+
# the License is located at
|
6
|
+
#
|
7
|
+
# http://aws.amazon.com/apache2.0/
|
8
|
+
#
|
9
|
+
# or in the "license" file accompanying this file. This file is
|
10
|
+
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
|
11
|
+
# ANY KIND, either express or implied. See the License for the specific
|
12
|
+
# language governing permissions and limitations under the License.
|
13
|
+
|
14
|
+
module AWS
|
15
|
+
class EC2
|
16
|
+
class InternetGateway < Resource
|
17
|
+
|
18
|
+
# Represents the attachment between an internet gateway and a VPC.
|
19
|
+
#
|
20
|
+
# == Creating Attachments
|
21
|
+
#
|
22
|
+
# To create an attachment, just assign an internet gateway to a VPC
|
23
|
+
# or visa versa.
|
24
|
+
#
|
25
|
+
# # attaches a gateway to a vpc
|
26
|
+
# internet_gateway.vpc = vpc
|
27
|
+
#
|
28
|
+
# # this can also be done in reverse
|
29
|
+
# vpc.internet_gateway = internet_gateway
|
30
|
+
#
|
31
|
+
# == Enumerating Attachments
|
32
|
+
#
|
33
|
+
# You can enumerate the attachments for an {InternetGateway} like so:
|
34
|
+
#
|
35
|
+
# internet_gateway.attachments.each do |attachment|
|
36
|
+
# puts "#{attachment.internet_gateway.id} => #{attachment.vpc.id}"
|
37
|
+
# end
|
38
|
+
#
|
39
|
+
# == Deleting Attachments
|
40
|
+
#
|
41
|
+
# You can delete an attachment from the Attachment object:
|
42
|
+
#
|
43
|
+
# internet_gateway.attachments.each(&:delete)
|
44
|
+
#
|
45
|
+
# You can also delete an attachment by assigning a nil value:
|
46
|
+
#
|
47
|
+
# # removes the current attachment to the vpc is one exists
|
48
|
+
# internet_gateway.vpc = nil
|
49
|
+
#
|
50
|
+
class Attachment
|
51
|
+
|
52
|
+
# @private
|
53
|
+
def initialize internet_gateway, details
|
54
|
+
@internet_gateway = internet_gateway
|
55
|
+
@vpc = VPC.new(details.vpc_id, :config => internet_gateway.config)
|
56
|
+
@state = details.state.to_sym
|
57
|
+
end
|
58
|
+
|
59
|
+
# @return [InternetGateway]
|
60
|
+
attr_reader :internet_gateway
|
61
|
+
|
62
|
+
# @return [VPC]
|
63
|
+
attr_reader :vpc
|
64
|
+
|
65
|
+
# @return [Symbol]
|
66
|
+
attr_reader :state
|
67
|
+
|
68
|
+
# Deletes this attachment.
|
69
|
+
# @return (see InternetGateway#detach)
|
70
|
+
def delete
|
71
|
+
internet_gateway.detach(vpc)
|
72
|
+
end
|
73
|
+
alias_method :detach, :delete
|
74
|
+
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"). You
|
4
|
+
# may not use this file except in compliance with the License. A copy of
|
5
|
+
# the License is located at
|
6
|
+
#
|
7
|
+
# http://aws.amazon.com/apache2.0/
|
8
|
+
#
|
9
|
+
# or in the "license" file accompanying this file. This file is
|
10
|
+
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
|
11
|
+
# ANY KIND, either express or implied. See the License for the specific
|
12
|
+
# language governing permissions and limitations under the License.
|
13
|
+
|
14
|
+
module AWS
|
15
|
+
class EC2
|
16
|
+
|
17
|
+
class InternetGatewayCollection < Collection
|
18
|
+
|
19
|
+
include TaggedCollection
|
20
|
+
include Core::Collection::Simple
|
21
|
+
|
22
|
+
# Creates a new Internet gateway in your AWS account. After creating
|
23
|
+
# the gateway you can attach it to a VPC.
|
24
|
+
#
|
25
|
+
# @return [InternetGateway]
|
26
|
+
#
|
27
|
+
def create
|
28
|
+
response = client.create_internet_gateway
|
29
|
+
self[response.internet_gateway.internet_gateway_id]
|
30
|
+
end
|
31
|
+
|
32
|
+
# @param [String] internet_gateway_id
|
33
|
+
# @return [InternetGateway]
|
34
|
+
def [] internet_gateway_id
|
35
|
+
InternetGateway.new(internet_gateway_id, :config => config)
|
36
|
+
end
|
37
|
+
|
38
|
+
protected
|
39
|
+
|
40
|
+
def _each_item options = {}, &block
|
41
|
+
response = filtered_request(:describe_internet_gateways, options, &block)
|
42
|
+
response.internet_gateway_set.each do |g|
|
43
|
+
|
44
|
+
gateway = InternetGateway.new_from(:describe_internet_gateways, g,
|
45
|
+
g.internet_gateway_id, :config => config)
|
46
|
+
|
47
|
+
yield(gateway)
|
48
|
+
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1,254 @@
|
|
1
|
+
# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"). You
|
4
|
+
# may not use this file except in compliance with the License. A copy of
|
5
|
+
# the License is located at
|
6
|
+
#
|
7
|
+
# http://aws.amazon.com/apache2.0/
|
8
|
+
#
|
9
|
+
# or in the "license" file accompanying this file. This file is
|
10
|
+
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
|
11
|
+
# ANY KIND, either express or implied. See the License for the specific
|
12
|
+
# language governing permissions and limitations under the License.
|
13
|
+
|
14
|
+
require 'aws/ec2/network_acl/entry'
|
15
|
+
require 'aws/ec2/network_acl/association'
|
16
|
+
|
17
|
+
module AWS
|
18
|
+
class EC2
|
19
|
+
|
20
|
+
# Represents a network ACL in EC2.
|
21
|
+
#
|
22
|
+
# @attr_reader [String] vpc_id
|
23
|
+
#
|
24
|
+
# @attr_reader [Boolean] default? Returns true if this is the default
|
25
|
+
# network ACL.
|
26
|
+
#
|
27
|
+
class NetworkACL < Resource
|
28
|
+
|
29
|
+
include TaggedItem
|
30
|
+
|
31
|
+
def initialize network_acl_id, options = {}
|
32
|
+
@network_acl_id = network_acl_id
|
33
|
+
super
|
34
|
+
end
|
35
|
+
|
36
|
+
# @return [String]
|
37
|
+
attr_reader :network_acl_id
|
38
|
+
|
39
|
+
alias_method :id, :network_acl_id
|
40
|
+
|
41
|
+
attribute :vpc_id, :static => true
|
42
|
+
|
43
|
+
attribute :default?, :static => true
|
44
|
+
|
45
|
+
attribute :entry_set
|
46
|
+
|
47
|
+
protected :entry_set
|
48
|
+
|
49
|
+
attribute :association_set
|
50
|
+
|
51
|
+
protected :association_set
|
52
|
+
|
53
|
+
populates_from(:create_network_acl) do |resp|
|
54
|
+
resp.network_acl if resp.network_acl.network_acl_id == network_acl_id
|
55
|
+
end
|
56
|
+
|
57
|
+
populates_from(:describe_network_acls) do |resp|
|
58
|
+
resp.network_acl_set.find{|acl| acl.network_acl_id == network_acl_id }
|
59
|
+
end
|
60
|
+
|
61
|
+
# @return [VPC] Returns the VPC this network ACL belongs to.
|
62
|
+
def vpc
|
63
|
+
VPC.new(vpc_id, :config => config)
|
64
|
+
end
|
65
|
+
|
66
|
+
# @return [Array<Subnet>] Returns an array of subnets ({Subnet})
|
67
|
+
# that currently use this network ACL.
|
68
|
+
def subnets
|
69
|
+
associations.map(&:subnet)
|
70
|
+
end
|
71
|
+
|
72
|
+
# @return [Array<NetworkACL::Association>] Returns an array of
|
73
|
+
# {NetworkACL::Association} objects (association to subnets).
|
74
|
+
def associations
|
75
|
+
association_set.map do |assoc|
|
76
|
+
|
77
|
+
subnet = Subnet.new(assoc.subnet_id,
|
78
|
+
:vpc_id => vpc_id,
|
79
|
+
:config => config)
|
80
|
+
|
81
|
+
Association.new(assoc.network_acl_association_id, self, subnet)
|
82
|
+
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
# @return [Array<NetworkACL::Entry>] Returns an array of
|
87
|
+
# all entries for this network ACL.
|
88
|
+
def entries
|
89
|
+
entry_set.map do |entry_details|
|
90
|
+
Entry.new(self, entry_details)
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
# Adds an entry to this network ACL.
|
95
|
+
#
|
96
|
+
# @param [Hash] options
|
97
|
+
#
|
98
|
+
# @option options [required,Integer] :rule_number Rule number to
|
99
|
+
# assign to the entry (e.g., 100). ACL entries are processed in
|
100
|
+
# ascending order by rule number.
|
101
|
+
#
|
102
|
+
# @option options [required,:allow,:deny] :action Whether to
|
103
|
+
# allow or deny traffic that matches the rule.
|
104
|
+
#
|
105
|
+
# @option options [required,Integer] :protocol IP protocol the rule
|
106
|
+
# applies to. You can use -1 to mean all protocols. You can see a
|
107
|
+
# list of # supported protocol numbers here:
|
108
|
+
# http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
|
109
|
+
#
|
110
|
+
# @option options [required,String] :cidr_block The CIDR range to
|
111
|
+
# allow or deny, in CIDR notation (e.g., 172.16.0.0/24).
|
112
|
+
#
|
113
|
+
# @option options [Boolean] :egress (false)
|
114
|
+
# Whether this rule applies to egress traffic from the subnet (true)
|
115
|
+
# or ingress traffic to the subnet (false).
|
116
|
+
#
|
117
|
+
# @option options [Range<Integer>] :port_range A numeric range
|
118
|
+
# of ports. Required if specifying TCP (6) or UDP (17) for the
|
119
|
+
# :protocol.
|
120
|
+
#
|
121
|
+
# @option options [Integer] :icmp_code For the ICMP protocol, the
|
122
|
+
# ICMP code. You can use -1 to specify all ICMP codes for the given
|
123
|
+
# ICMP type.
|
124
|
+
#
|
125
|
+
# @option options [Integer] :icmp_type For the ICMP protocol,
|
126
|
+
# the ICMP type. You can use -1 to specify all ICMP types.
|
127
|
+
#
|
128
|
+
# @return [nil]
|
129
|
+
#
|
130
|
+
def create_entry options = {}
|
131
|
+
client.create_network_acl_entry(entry_options(options))
|
132
|
+
nil
|
133
|
+
end
|
134
|
+
|
135
|
+
# Replaces the network ACL entry with the given :rule_number.
|
136
|
+
#
|
137
|
+
# @param [Hash] options
|
138
|
+
#
|
139
|
+
# @option options [required,Integer] :rule_number Rule number to
|
140
|
+
# assign to the entry (e.g., 100). ACL entries are processed in
|
141
|
+
# ascending order by rule number.
|
142
|
+
#
|
143
|
+
# @option options [required,:allow,:deny] :action Whether to
|
144
|
+
# allow or deny traffic that matches the rule.
|
145
|
+
#
|
146
|
+
# @option options [required,Integer] :protocol IP protocol the rule
|
147
|
+
# applies to. You can use -1 to mean all protocols. You can see a
|
148
|
+
# list of # supported protocol numbers here:
|
149
|
+
# http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
|
150
|
+
#
|
151
|
+
# @option options [required,String] :cidr_block The CIDR range to
|
152
|
+
# allow or deny, in CIDR notation (e.g., 172.16.0.0/24).
|
153
|
+
#
|
154
|
+
# @option options [Boolean] :egress (false)
|
155
|
+
# Whether this rule applies to egress traffic from the subnet (true)
|
156
|
+
# or ingress traffic to the subnet (false).
|
157
|
+
#
|
158
|
+
# @option options [Range<Integer>] :port_range A numeric range
|
159
|
+
# of ports. Required if specifying TCP (6) or UDP (17) for the
|
160
|
+
# :protocol.
|
161
|
+
#
|
162
|
+
# @option options [Integer] :icmp_code For the ICMP protocol, the
|
163
|
+
# ICMP code. You can use -1 to specify all ICMP codes for the given
|
164
|
+
# ICMP type.
|
165
|
+
#
|
166
|
+
# @option options [Integer] :icmp_type For the ICMP protocol,
|
167
|
+
# the ICMP type. You can use -1 to specify all ICMP types.
|
168
|
+
#
|
169
|
+
# @return [nil]
|
170
|
+
#
|
171
|
+
def replace_entry options = {}
|
172
|
+
client.replace_network_acl_entry(entry_options(options))
|
173
|
+
nil
|
174
|
+
end
|
175
|
+
|
176
|
+
# Deletes an entry from this network ACL. To delete an entry
|
177
|
+
# you need to know its rule number and if it is an egress or ingress
|
178
|
+
# rule.
|
179
|
+
#
|
180
|
+
# # delete ingress rule 10
|
181
|
+
# network_acl.delete_entry :egress, 10
|
182
|
+
#
|
183
|
+
# # delete egress rules 5
|
184
|
+
# network_acl.delete_entry :ingress, 5
|
185
|
+
#
|
186
|
+
# @param [:ingress,:egress] egress_or_ingress Specifies if you want to
|
187
|
+
# delete an ingress or an egress rule.
|
188
|
+
#
|
189
|
+
# @param [Integer] rule_number Which rule to delete.
|
190
|
+
#
|
191
|
+
# @return [nil]
|
192
|
+
#
|
193
|
+
def delete_entry egress_or_ingress, rule_number
|
194
|
+
|
195
|
+
unless [:ingress, :egress].include?(egress_or_ingress)
|
196
|
+
msg = "expected :ingress or :egress for egress_or_ingress param"
|
197
|
+
raise ArgumentError, msg
|
198
|
+
end
|
199
|
+
|
200
|
+
client_opts = {}
|
201
|
+
client_opts[:network_acl_id] = network_acl_id
|
202
|
+
client_opts[:egress] = egress_or_ingress == :egress
|
203
|
+
client_opts[:rule_number] = rule_number
|
204
|
+
|
205
|
+
client.delete_network_acl_entry(client_opts)
|
206
|
+
|
207
|
+
nil
|
208
|
+
|
209
|
+
end
|
210
|
+
|
211
|
+
# Deletes the current network ACL. You can not delete the default
|
212
|
+
# network ACL.
|
213
|
+
# @return [nil]
|
214
|
+
def delete
|
215
|
+
client.delete_network_acl(:network_acl_id => network_acl_id)
|
216
|
+
nil
|
217
|
+
end
|
218
|
+
|
219
|
+
protected
|
220
|
+
|
221
|
+
def entry_options options
|
222
|
+
|
223
|
+
unless [true,false].include?(options[:egress])
|
224
|
+
msg = "expected :egress option to be set to true or false"
|
225
|
+
raise ArgumentError, msg
|
226
|
+
end
|
227
|
+
|
228
|
+
entry_opts = {}
|
229
|
+
entry_opts[:network_acl_id] = network_acl_id
|
230
|
+
entry_opts[:rule_number] = options[:rule_number]
|
231
|
+
entry_opts[:protocol] = options[:protocol].to_s.downcase
|
232
|
+
entry_opts[:rule_action] = options[:action].to_s
|
233
|
+
entry_opts[:egress] = options[:egress] if options.key?(:egress)
|
234
|
+
entry_opts[:cidr_block] = options[:cidr_block]
|
235
|
+
|
236
|
+
if options[:icmp_code] or options[:icmp_type]
|
237
|
+
entry_opts[:icmp_type_code] = {}
|
238
|
+
entry_opts[:icmp_type_code][:type] = options[:icmp_type]
|
239
|
+
entry_opts[:icmp_type_code][:code] = options[:icmp_code]
|
240
|
+
end
|
241
|
+
|
242
|
+
if options[:port_range]
|
243
|
+
entry_opts[:port_range] = {}
|
244
|
+
entry_opts[:port_range][:from] = options[:port_range].first
|
245
|
+
entry_opts[:port_range][:to] = options[:port_range].last
|
246
|
+
end
|
247
|
+
|
248
|
+
entry_opts
|
249
|
+
|
250
|
+
end
|
251
|
+
|
252
|
+
end
|
253
|
+
end
|
254
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"). You
|
4
|
+
# may not use this file except in compliance with the License. A copy of
|
5
|
+
# the License is located at
|
6
|
+
#
|
7
|
+
# http://aws.amazon.com/apache2.0/
|
8
|
+
#
|
9
|
+
# or in the "license" file accompanying this file. This file is
|
10
|
+
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
|
11
|
+
# ANY KIND, either express or implied. See the License for the specific
|
12
|
+
# language governing permissions and limitations under the License.
|
13
|
+
|
14
|
+
module AWS
|
15
|
+
class EC2
|
16
|
+
class NetworkACL < Resource
|
17
|
+
|
18
|
+
# Represents the association between a {NetworkACL} and a {Subnet}.
|
19
|
+
class Association
|
20
|
+
|
21
|
+
def initialize association_id, network_acl, subnet
|
22
|
+
@association_id = association_id
|
23
|
+
@network_acl = network_acl
|
24
|
+
@subnet = subnet
|
25
|
+
end
|
26
|
+
|
27
|
+
# @return [String] An identifier representing the association
|
28
|
+
# between the network ACL and subnet.
|
29
|
+
attr_reader :association_id
|
30
|
+
|
31
|
+
# @return [NetworkACL]
|
32
|
+
attr_reader :network_acl
|
33
|
+
|
34
|
+
# @return [Subnet]
|
35
|
+
attr_reader :subnet
|
36
|
+
|
37
|
+
# Replaces the network acl in the current association with a
|
38
|
+
# different one (a new network acl is assigned to the subnet).
|
39
|
+
#
|
40
|
+
# @param [NetworkACL,String] network_acl A {NetworkACL} object or
|
41
|
+
# a network acl id (string).
|
42
|
+
#
|
43
|
+
# @return [nil]
|
44
|
+
#
|
45
|
+
def replace_network_acl network_acl
|
46
|
+
acl_id = network_acl.is_a?(NetworkACL) ? network_acl.id : network_acl
|
47
|
+
subnet.client.replace_network_acl_association(
|
48
|
+
:association_id => association_id,
|
49
|
+
:network_acl_id => acl_id)
|
50
|
+
nil
|
51
|
+
end
|
52
|
+
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,147 @@
|
|
1
|
+
# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License"). You
|
4
|
+
# may not use this file except in compliance with the License. A copy of
|
5
|
+
# the License is located at
|
6
|
+
#
|
7
|
+
# http://aws.amazon.com/apache2.0/
|
8
|
+
#
|
9
|
+
# or in the "license" file accompanying this file. This file is
|
10
|
+
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
|
11
|
+
# ANY KIND, either express or implied. See the License for the specific
|
12
|
+
# language governing permissions and limitations under the License.
|
13
|
+
|
14
|
+
module AWS
|
15
|
+
class EC2
|
16
|
+
class NetworkACL < Resource
|
17
|
+
|
18
|
+
# Represents a single entry (rule) for an EC2 network ACL.
|
19
|
+
class Entry
|
20
|
+
|
21
|
+
def initialize network_acl, details
|
22
|
+
@network_acl = network_acl
|
23
|
+
@rule_number = details.rule_number
|
24
|
+
@protocol = details.protocol.to_i
|
25
|
+
@action = details.rule_action.to_sym
|
26
|
+
@egress = details.egress?
|
27
|
+
@ingress = !@egress
|
28
|
+
@cidr_block = details.cidr_block
|
29
|
+
if details.respond_to?(:icmp_type_code)
|
30
|
+
@icmp_type = details.icmp_type_code.type
|
31
|
+
@icmp_code = details.icmp_type_code.code
|
32
|
+
end
|
33
|
+
if details.respond_to?(:port_range)
|
34
|
+
@port_range = (details.port_range.from..details.port_range.to)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
# @return [NetworkACL]
|
39
|
+
attr_reader :network_acl
|
40
|
+
|
41
|
+
# @return [Integer]
|
42
|
+
attr_reader :rule_number
|
43
|
+
|
44
|
+
# @return [Integer] Returns the protocol number. A value of -1
|
45
|
+
# means all protocols. See
|
46
|
+
# http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
|
47
|
+
# for a list of protocol numbers to names.
|
48
|
+
attr_reader :protocol
|
49
|
+
|
50
|
+
# @return [:allow,:deny] Whether to allow or deny the traffic that
|
51
|
+
# matches the rule.
|
52
|
+
attr_reader :action
|
53
|
+
|
54
|
+
# @return [Boolean] Indicate the rule is an egress rule (rule is
|
55
|
+
# applied to traffic leaving the subnet).
|
56
|
+
attr_reader :egress
|
57
|
+
|
58
|
+
# @return [Boolean] Indicate the rule is an ingress rule (rule is
|
59
|
+
# applied to traffic entering the subnet).
|
60
|
+
attr_reader :ingress
|
61
|
+
|
62
|
+
# @return [String] The network range to allow or deny, in CIDR notation.
|
63
|
+
attr_reader :cidr_block
|
64
|
+
|
65
|
+
# @return [nil,Range<Integer>] For the TCP or UDP protocols, the range
|
66
|
+
# of ports the rule applies to.
|
67
|
+
attr_reader :port_range
|
68
|
+
|
69
|
+
# @return [nil,Integer] A value of -1 means all codes for the given
|
70
|
+
# ICMP type. Returns nil unless the protocol is ICMP.
|
71
|
+
attr_reader :icmp_code
|
72
|
+
|
73
|
+
# @return [nil,Integer] A value of -1 means all codes for the given
|
74
|
+
# ICMP type. Returns nil unless the protocol is ICMP.
|
75
|
+
attr_reader :icmp_type
|
76
|
+
|
77
|
+
# @return [Boolean] Returns true if traffic matching this rule
|
78
|
+
# is allowed.
|
79
|
+
def allow?
|
80
|
+
@action == :allow
|
81
|
+
end
|
82
|
+
|
83
|
+
# @return [Boolean] Returns true if traffic matching this rule
|
84
|
+
# is denied.
|
85
|
+
def deny?
|
86
|
+
@action == :deny
|
87
|
+
end
|
88
|
+
|
89
|
+
# @return [Boolean] Returns true if the rule is applied to traffic
|
90
|
+
# entering the subnet.
|
91
|
+
def ingress?
|
92
|
+
@ingress
|
93
|
+
end
|
94
|
+
|
95
|
+
# @return [Boolean] Returns true if the rule is applied to traffic
|
96
|
+
# leaving the subnet.
|
97
|
+
def egress?
|
98
|
+
@egress
|
99
|
+
end
|
100
|
+
|
101
|
+
# Replaces the current network ACL entry with the options passed.
|
102
|
+
#
|
103
|
+
# @param [Hash] options
|
104
|
+
#
|
105
|
+
# @option options [required,:allow,:deny] :rule_action Whether to
|
106
|
+
# allow or deny traffic that matches the rule.
|
107
|
+
#
|
108
|
+
# @option options [required,Integer] :protocol IP protocol the rule
|
109
|
+
# applies to. You can use -1 to mean all protocols. You can see a
|
110
|
+
# list of # supported protocol numbers here:
|
111
|
+
# http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
|
112
|
+
#
|
113
|
+
# @option options [required,String] :cidr_block The CIDR range to
|
114
|
+
# allow or deny, in CIDR notation (e.g., 172.16.0.0/24).
|
115
|
+
#
|
116
|
+
# @option options [Boolean] :egress (false)
|
117
|
+
# Whether this rule applies to egress traffic from the subnet (true)
|
118
|
+
# or ingress traffic to the subnet (false).
|
119
|
+
#
|
120
|
+
# @option options [Range<Integer>] :port_range A numeric range
|
121
|
+
# of ports. Required if specifying TCP (6) or UDP (17) for the
|
122
|
+
# :protocol.
|
123
|
+
#
|
124
|
+
# @option options [Integer] :icmp_code For the ICMP protocol, the
|
125
|
+
# ICMP code. You can use -1 to specify all ICMP codes for the given
|
126
|
+
# ICMP type.
|
127
|
+
#
|
128
|
+
# @option options [Integer] :icmp_type For the ICMP protocol,
|
129
|
+
# the ICMP type. You can use -1 to specify all ICMP types.
|
130
|
+
#
|
131
|
+
# @return [nil]
|
132
|
+
#
|
133
|
+
def replace options = {}
|
134
|
+
network_acl.replace_entry(options.merge(:rule_number => rule_number))
|
135
|
+
end
|
136
|
+
|
137
|
+
# Deletes the current network ACL entry.
|
138
|
+
# @return [nil]
|
139
|
+
def delete
|
140
|
+
network_acl.delete_entry(egress? ? :egress : :ingress, rule_number)
|
141
|
+
end
|
142
|
+
|
143
|
+
end
|
144
|
+
|
145
|
+
end
|
146
|
+
end
|
147
|
+
end
|