How to use revoke_security_group_ingress method in localstack

Best Python code snippet using localstack_python

UpdateSGPublicIP.py

Source:UpdateSGPublicIP.py Github

copy

Full Screen

...31 if sgVal['IpProtocol'] == '-1':32 ipProtocol = sgVal['IpProtocol']33 34 try: 35 response = client.revoke_security_group_ingress(36 GroupId=SGid,37 CidrIp='0.0.0.0/0',38 IpProtocol=ipProtocol39 )40 41 response = client.authorize_security_group_ingress(42 GroupId=SGid,43 IpPermissions=[44 {45 'IpProtocol': ipProtocol,46 'IpRanges': [47 {48 'CidrIp': '0.0.0.0/32',49 'Description': 'Open to Public'50 }51 ]52 }53 ]54 )55 except:56 pass57 58 try:59 response = client.revoke_security_group_ingress(60 GroupId=SGid,61 IpPermissions=[62 {63 'IpProtocol':ipProtocol,64 'Ipv6Ranges': [65 {66 'CidrIpv6': '::/0'67 }68 ]69 }]70 71 )72 73 response = client.authorize_security_group_ingress(74 GroupId=SGid,75 IpPermissions=[76 {77 'IpProtocol': ipProtocol,78 'IpRanges': [79 {80 'CidrIp': '0.0.0.0/32',81 'Description': 'Open to Public'82 }83 ]84 }85 ]86 )87 except:88 pass89 else:90 pass91 except:92 print 'Error with All Traffic rules'93 94 try: 95 if sgVal['IpRanges'][0]['CidrIp'] == '0.0.0.0/0' and sgVal['FromPort'] != 80 and sgVal['FromPort'] != 443:96 ipProtocol = sgVal['IpProtocol']97 fromPort = sgVal['FromPort']98 toPort = sgVal['ToPort']99 100 response = client.revoke_security_group_ingress(101 GroupId=SGid,102 CidrIp='0.0.0.0/0',103 IpProtocol=ipProtocol,104 FromPort = fromPort,105 ToPort = toPort106 )107 108 response = client.authorize_security_group_ingress(109 GroupId=SGid,110 IpPermissions=[111 {112 'FromPort': fromPort,113 'IpProtocol': ipProtocol,114 'IpRanges': [115 {116 'CidrIp': '0.0.0.0/32',117 'Description': 'Open to Public'118 }119 ],120 'ToPort': toPort121 }122 ]123 )124 125 else:126 pass127 except:128 print 'Ipv4 rules not found in ',SGid129 130 try: 131 if sgVal['Ipv6Ranges'][0]['CidrIpv6'] == '::/0' and sgVal['FromPort'] != 80 and sgVal['FromPort'] != 443:132 ipProtocol = sgVal['IpProtocol']133 fromPort = sgVal['FromPort']134 toPort = sgVal['ToPort']135 136 response = client.revoke_security_group_ingress(137 GroupId=SGid,138 IpPermissions=[139 {140 'IpProtocol': ipProtocol,141 'FromPort' : fromPort,142 'ToPort' : toPort,143 'Ipv6Ranges': [144 {145 'CidrIpv6': '::/0'146 }147 ]148 }149 ]150 )151 152 response = client.authorize_security_group_ingress(153 GroupId=SGid,154 IpPermissions=[155 {156 'FromPort': fromPort,157 'IpProtocol': ipProtocol,158 'IpRanges': [159 {160 'CidrIp': '0.0.0.0/32',161 'Description': 'Open to Public'162 }163 ],164 'ToPort': toPort165 }166 ]167 )168 else:169 pass170 except:171 print 'Ipv6 rules not found in ',SGid172 173 SGID.append(SGid) 174 175 except:176 print SGid,': Not open to the world'177 178 else:179 for SGid in SGids:180 SGid = SGid.strip()181 response = client.describe_security_groups(GroupIds=[SGid],182 Filters=[183 {184 'Name': 'ip-permission.ipv6-cidr',185 'Values': [186 '::/0'187 ]188 }189 ]190 )191 try:192 for sgVal in response['SecurityGroups'][0]['IpPermissions']:193 194 try:195 if sgVal['IpProtocol'] == '-1':196 ipProtocol = sgVal['IpProtocol']197 try: 198 response = client.revoke_security_group_ingress(199 GroupId=SGid,200 CidrIp='0.0.0.0/0',201 IpProtocol=ipProtocol202 )203 204 response = client.authorize_security_group_ingress(205 GroupId=SGid,206 IpPermissions=[207 {208 'IpProtocol': ipProtocol,209 'IpRanges': [210 {211 'CidrIp': '0.0.0.0/32',212 'Description': 'Open to Public'213 }214 ]215 }216 ]217 )218 except:219 pass220 try:221 response = client.revoke_security_group_ingress(222 GroupId=SGid,223 IpPermissions=[224 {225 'IpProtocol':ipProtocol,226 'Ipv6Ranges': [227 {228 'CidrIpv6': '::/0'229 }230 ]231 }]232 233 )234 235 response = client.authorize_security_group_ingress(236 GroupId=SGid,237 IpPermissions=[238 {239 'IpProtocol': ipProtocol,240 'IpRanges': [241 {242 'CidrIp': '0.0.0.0/32',243 'Description': 'Open to Public'244 }245 ]246 }247 ]248 )249 except:250 pass251 else:252 pass253 except:254 print 'Error with All Traffic rules'255 256 try: 257 if sgVal['IpRanges'][0]['CidrIp'] == '0.0.0.0/0' and sgVal['FromPort'] != 80 and sgVal['FromPort'] != 443:258 ipProtocol = sgVal['IpProtocol']259 fromPort = sgVal['FromPort']260 toPort = sgVal['ToPort']261 262 response = client.revoke_security_group_ingress(263 GroupId=SGid,264 CidrIp='0.0.0.0/0',265 IpProtocol=ipProtocol,266 FromPort = fromPort,267 ToPort = toPort268 )269 270 response = client.authorize_security_group_ingress(271 GroupId=SGid,272 IpPermissions=[273 {274 'FromPort': fromPort,275 'IpProtocol': ipProtocol,276 'IpRanges': [277 {278 'CidrIp': '0.0.0.0/32',279 'Description': 'Open to Public'280 }281 ],282 'ToPort': toPort283 }284 ]285 )286 else:287 pass288 except:289 print 'Ipv4 rules not found in ',SGid290 291 try: 292 if sgVal['Ipv6Ranges'][0]['CidrIpv6'] == '::/0' and sgVal['FromPort'] != 80 and sgVal['FromPort'] != 443:293 ipProtocol = sgVal['IpProtocol']294 fromPort = sgVal['FromPort']295 toPort = sgVal['ToPort']296 297 response = client.revoke_security_group_ingress(298 GroupId=SGid,299 IpPermissions=[300 {301 'IpProtocol': ipProtocol,302 'FromPort' : fromPort,303 'ToPort' : toPort,304 'Ipv6Ranges': [305 {306 'CidrIpv6': '::/0'307 }308 ]309 }310 ]311 )...

Full Screen

Full Screen

serverless-sg-sentry.py

Source:serverless-sg-sentry.py Github

copy

Full Screen

...15 # Remove the rule only if the event was to authorize the ingress rule for the given16 # security group id is one provided in the Environment Variables.17 if (event['detail']['eventName'] == 'AuthorizeSecurityGroupIngress' and18 event['detail']['requestParameters']['groupId'] == os.environ['security_group_id']):19 result = revoke_security_group_ingress(event['detail'])20 message = "AUTO-MITIGATED: Ingress rule removed from security group: {} that was added by {}: {}".format(21 result['group_id'],22 result['user_name'],23 json.dumps(result['ip_permissions'])24 )25 # boto3.client('sns').publish( TargetArn = os.environ['sns_topic_arn'], Message = message, Subject = "Auto-mitigation successful" )26# ===============================================================================27def revoke_security_group_ingress(event_detail):28 request_parameters = event_detail['requestParameters']29 # Build the normalized IP permission JSON struture.30 ip_permissions = normalize_paramter_names(request_parameters['ipPermissions']['items'])31 response = boto3.client('ec2').revoke_security_group_ingress(32 GroupId=request_parameters['groupId'],33 IpPermissions=ip_permissions34 )35 # Build the result36 result = {}37 result['group_id'] = request_parameters['groupId']38 result['user_name'] = event_detail['userIdentity']['arn']39 result['ip_permissions'] = ip_permissions40 return result41# ===============================================================================42def normalize_paramter_names(ip_items):43 # Start building the permissions items list.44 new_ip_items = []45 # First, build the basic parameter list....

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run localstack automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful