github.com/almamedia/fargate@v0.2.4-0.20220704071213-7b5b3d27c5eb/ec2/vpc.go (about) 1 package ec2 2 3 import ( 4 "fmt" 5 6 "github.com/aws/aws-sdk-go/aws" 7 "github.com/aws/aws-sdk-go/aws/awserr" 8 awsec2 "github.com/aws/aws-sdk-go/service/ec2" 9 ) 10 11 const ( 12 defaultSecurityGroupName = "fargate-default" 13 defaultSecurityGroupDescription = "Default Fargate CLI SG" 14 defaultSecurityGroupIngressCIDR = "0.0.0.0/0" 15 defaultSecurityGroupIngressProtocol = "-1" 16 ) 17 18 // GetDefaultSubnetIDs finds and returns the subnet IDs marked as default. 19 func (ec2 SDKClient) GetDefaultSubnetIDs() ([]string, error) { 20 var subnetIDs []string 21 22 defaultFilter := &awsec2.Filter{ 23 Name: aws.String("default-for-az"), 24 Values: aws.StringSlice([]string{"true"}), 25 } 26 27 resp, err := ec2.client.DescribeSubnets( 28 &awsec2.DescribeSubnetsInput{ 29 Filters: []*awsec2.Filter{defaultFilter}, 30 }, 31 ) 32 33 if err != nil { 34 return subnetIDs, fmt.Errorf("could not retrieve default subnet IDs: %v", err) 35 } 36 37 for _, subnet := range resp.Subnets { 38 subnetIDs = append(subnetIDs, aws.StringValue(subnet.SubnetId)) 39 } 40 41 return subnetIDs, nil 42 } 43 44 // GetDefaultSecurityGroupID returns the ID of the permissive security group created by default. 45 func (ec2 SDKClient) GetDefaultSecurityGroupID() (string, error) { 46 resp, err := ec2.client.DescribeSecurityGroups( 47 &awsec2.DescribeSecurityGroupsInput{ 48 GroupNames: aws.StringSlice([]string{defaultSecurityGroupName}), 49 }, 50 ) 51 52 if err != nil { 53 if aerr, ok := err.(awserr.Error); ok { 54 if aerr.Code() == "InvalidGroup.NotFound" { 55 return "", nil 56 } 57 } 58 59 return "", fmt.Errorf("could not retrieve default security group ID (%s): %v", defaultSecurityGroupName, err) 60 } 61 62 return aws.StringValue(resp.SecurityGroups[0].GroupId), nil 63 } 64 65 // GetSubnetVPCID returns the VPC ID for a given subnet ID. 66 func (ec2 SDKClient) GetSubnetVPCID(subnetID string) (string, error) { 67 resp, err := ec2.client.DescribeSubnets( 68 &awsec2.DescribeSubnetsInput{ 69 SubnetIds: aws.StringSlice([]string{subnetID}), 70 }, 71 ) 72 73 switch { 74 case err != nil: 75 return "", fmt.Errorf("could not find VPC ID for subnet ID %s: %v", subnetID, err) 76 case len(resp.Subnets) == 0: 77 return "", fmt.Errorf("could not find VPC ID: subnet ID %s not found", subnetID) 78 default: 79 return aws.StringValue(resp.Subnets[0].VpcId), nil 80 } 81 } 82 83 // CreateDefaultSecurityGroup creates a new security group for use as the default. 84 func (ec2 SDKClient) CreateDefaultSecurityGroup() (string, error) { 85 resp, err := ec2.client.CreateSecurityGroup( 86 &awsec2.CreateSecurityGroupInput{ 87 GroupName: aws.String(defaultSecurityGroupName), 88 Description: aws.String(defaultSecurityGroupDescription), 89 }, 90 ) 91 92 if err != nil { 93 return "", fmt.Errorf("could not create default security group (%s): %v", defaultSecurityGroupName, err) 94 } 95 96 return aws.StringValue(resp.GroupId), nil 97 } 98 99 // AuthorizeAllSecurityGroupIngress configures a security group to allow all ingress traffic. 100 func (ec2 SDKClient) AuthorizeAllSecurityGroupIngress(groupID string) error { 101 _, err := ec2.client.AuthorizeSecurityGroupIngress( 102 &awsec2.AuthorizeSecurityGroupIngressInput{ 103 CidrIp: aws.String(defaultSecurityGroupIngressCIDR), 104 GroupId: aws.String(groupID), 105 IpProtocol: aws.String(defaultSecurityGroupIngressProtocol), 106 }, 107 ) 108 109 return err 110 }