Gunakan CreateSecurityGroup dengan AWS SDK atau CLI - Amazon Elastic Compute Cloud

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

Gunakan CreateSecurityGroup dengan AWS SDK atau CLI

Contoh kode berikut menunjukkan cara menggunakanCreateSecurityGroup.

Contoh tindakan adalah kutipan kode dari program yang lebih besar dan harus dijalankan dalam konteks. Anda dapat melihat tindakan ini dalam konteks dalam contoh kode berikut:

.NET
AWS SDK for .NET
catatan

Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS.

/// <summary> /// Create an Amazon EC2 security group with a specified name and description. /// </summary> /// <param name="groupName">The name for the new security group.</param> /// <param name="groupDescription">A description of the new security group.</param> /// <returns>The group Id of the new security group.</returns> public async Task<string> CreateSecurityGroup(string groupName, string groupDescription) { try { var response = await _amazonEC2.CreateSecurityGroupAsync( new CreateSecurityGroupRequest(groupName, groupDescription)); // Wait until the security group exists. int retries = 5; while (retries-- > 0) { var groups = await DescribeSecurityGroups(response.GroupId); if (groups.Any()) { return response.GroupId; } Thread.Sleep(5000); retries--; } _logger.LogError($"Unable to find newly created group {groupName}."); throw new DoesNotExistException("security group not found"); } catch (AmazonEC2Exception ec2Exception) { if (ec2Exception.ErrorCode == "ResourceAlreadyExists") { _logger.LogError( $"A security group with the name {groupName} already exists. {ec2Exception.Message}"); } throw; } catch (Exception ex) { _logger.LogError( $"An error occurred while creating the security group.: {ex.Message}"); throw; } }
Bash
AWS CLI dengan skrip Bash
catatan

Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS.

############################################################################### # function ec2_create_security_group # # This function creates an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Parameters: # -n security_group_name - The name of the security group. # -d security_group_description - The description of the security group. # # Returns: # The ID of the created security group, or an error message if the operation fails. # And: # 0 - If successful. # 1 - If it fails. # ############################################################################### function ec2_create_security_group() { local security_group_name security_group_description response # Function to display usage information function usage() { echo "function ec2_create_security_group" echo "Creates an Amazon Elastic Compute Cloud (Amazon EC2) security group." echo " -n security_group_name - The name of the security group." echo " -d security_group_description - The description of the security group." echo "" } # Parse the command-line arguments while getopts "n:d:h" option; do case "${option}" in n) security_group_name="${OPTARG}" ;; d) security_group_description="${OPTARG}" ;; h) usage return 0 ;; \?) echo "Invalid parameter" usage return 1 ;; esac done export OPTIND=1 # Validate the input parameters if [[ -z "$security_group_name" ]]; then errecho "ERROR: You must provide a security group name with the -n parameter." return 1 fi if [[ -z "$security_group_description" ]]; then errecho "ERROR: You must provide a security group description with the -d parameter." return 1 fi # Create the security group response=$(aws ec2 create-security-group \ --group-name "$security_group_name" \ --description "$security_group_description" \ --query "GroupId" \ --output text) || { aws_cli_error_log ${?} errecho "ERROR: AWS reports create-security-group operation failed." errecho "$response" return 1 } echo "$response" return 0 }

Fungsi utilitas yang digunakan dalam contoh ini.

############################################################################### # function errecho # # This function outputs everything sent to it to STDERR (standard error output). ############################################################################### function errecho() { printf "%s\n" "$*" 1>&2 } ############################################################################## # function aws_cli_error_log() # # This function is used to log the error messages from the AWS CLI. # # The function expects the following argument: # $1 - The error code returned by the AWS CLI. # # Returns: # 0: - Success. # ############################################################################## function aws_cli_error_log() { local err_code=$1 errecho "Error code : $err_code" if [ "$err_code" == 1 ]; then errecho " One or more S3 transfers failed." elif [ "$err_code" == 2 ]; then errecho " Command line failed to parse." elif [ "$err_code" == 130 ]; then errecho " Process received SIGINT." elif [ "$err_code" == 252 ]; then errecho " Command syntax invalid." elif [ "$err_code" == 253 ]; then errecho " The system environment or configuration was invalid." elif [ "$err_code" == 254 ]; then errecho " The service returned an error." elif [ "$err_code" == 255 ]; then errecho " 255 is a catch-all error." fi return 0 }
C++
SDKuntuk C ++
catatan

Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS.

//! Create a security group. /*! \param groupName: A security group name. \param description: A description. \param vpcID: A virtual private cloud (VPC) ID. \param[out] groupIDResult: A string to receive the group ID. \param clientConfiguration: AWS client configuration. \return bool: Function succeeded. */ bool AwsDoc::EC2::createSecurityGroup(const Aws::String &groupName, const Aws::String &description, const Aws::String &vpcID, Aws::String &groupIDResult, const Aws::Client::ClientConfiguration &clientConfiguration) { Aws::EC2::EC2Client ec2Client(clientConfiguration); Aws::EC2::Model::CreateSecurityGroupRequest request; request.SetGroupName(groupName); request.SetDescription(description); request.SetVpcId(vpcID); const Aws::EC2::Model::CreateSecurityGroupOutcome outcome = ec2Client.CreateSecurityGroup(request); if (!outcome.IsSuccess()) { std::cerr << "Failed to create security group:" << outcome.GetError().GetMessage() << std::endl; return false; } std::cout << "Successfully created security group named " << groupName << std::endl; groupIDResult = outcome.GetResult().GetGroupId(); return true; }
CLI
AWS CLI

Untuk membuat grup keamanan untuk EC2 -Classic

Contoh ini membuat grup keamanan bernama MySecurityGroup.

Perintah:

aws ec2 create-security-group --group-name MySecurityGroup --description "My security group"

Output:

{ "GroupId": "sg-903004f8" }

Untuk membuat grup keamanan untuk EC2 - VPC

Contoh ini membuat grup keamanan bernama MySecurityGroup untuk yang ditentukanVPC.

Perintah:

aws ec2 create-security-group --group-name MySecurityGroup --description "My security group" --vpc-id vpc-1a2b3c4d

Output:

{ "GroupId": "sg-903004f8" }

Untuk informasi selengkapnya, lihat Menggunakan Grup Keamanan di Panduan Pengguna Antarmuka Baris Perintah AWS .

Java
SDKuntuk Java 2.x
catatan

Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS.

/** * Creates a new security group asynchronously with the specified group name, description, and VPC ID. It also * authorizes inbound traffic on ports 80 and 22 from the specified IP address. * * @param groupName the name of the security group to create * @param groupDesc the description of the security group * @param vpcId the ID of the VPC in which to create the security group * @param myIpAddress the IP address from which to allow inbound traffic (e.g., "192.168.1.1/0" to allow traffic from * any IP address in the 192.168.1.0/24 subnet) * @return a CompletableFuture that, when completed, returns the ID of the created security group * @throws RuntimeException if there was a failure creating the security group or authorizing the inbound traffic */ public CompletableFuture<String> createSecurityGroupAsync(String groupName, String groupDesc, String vpcId, String myIpAddress) { CreateSecurityGroupRequest createRequest = CreateSecurityGroupRequest.builder() .groupName(groupName) .description(groupDesc) .vpcId(vpcId) .build(); return getAsyncClient().createSecurityGroup(createRequest) .thenCompose(createResponse -> { String groupId = createResponse.groupId(); IpRange ipRange = IpRange.builder() .cidrIp(myIpAddress + "/32") .build(); IpPermission ipPerm = IpPermission.builder() .ipProtocol("tcp") .toPort(80) .fromPort(80) .ipRanges(ipRange) .build(); IpPermission ipPerm2 = IpPermission.builder() .ipProtocol("tcp") .toPort(22) .fromPort(22) .ipRanges(ipRange) .build(); AuthorizeSecurityGroupIngressRequest authRequest = AuthorizeSecurityGroupIngressRequest.builder() .groupName(groupName) .ipPermissions(ipPerm, ipPerm2) .build(); return getAsyncClient().authorizeSecurityGroupIngress(authRequest) .thenApply(authResponse -> groupId); }) .whenComplete((result, exception) -> { if (exception != null) { if (exception instanceof CompletionException && exception.getCause() instanceof Ec2Exception) { throw (Ec2Exception) exception.getCause(); } else { throw new RuntimeException("Failed to create security group: " + exception.getMessage(), exception); } } }); }
JavaScript
SDKuntuk JavaScript (v3)
catatan

Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS.

import { CreateSecurityGroupCommand, EC2Client } from "@aws-sdk/client-ec2"; /** * Creates a security group. * @param {{ groupName: string, description: string }} options */ export const main = async ({ groupName, description }) => { const client = new EC2Client({}); const command = new CreateSecurityGroupCommand({ // Up to 255 characters in length. Cannot start with sg-. GroupName: groupName, // Up to 255 characters in length. Description: description, }); try { const { GroupId } = await client.send(command); console.log(GroupId); } catch (caught) { if (caught instanceof Error && caught.name === "InvalidParameterValue") { console.warn(`${caught.message}.`); } else { throw caught; } } };
Kotlin
SDKuntuk Kotlin
catatan

Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS.

suspend fun createEC2SecurityGroup( groupNameVal: String?, groupDescVal: String?, vpcIdVal: String?, ): String? { val request = CreateSecurityGroupRequest { groupName = groupNameVal description = groupDescVal vpcId = vpcIdVal } Ec2Client { region = "us-west-2" }.use { ec2 -> val resp = ec2.createSecurityGroup(request) val ipRange = IpRange { cidrIp = "0.0.0.0/0" } val ipPerm = IpPermission { ipProtocol = "tcp" toPort = 80 fromPort = 80 ipRanges = listOf(ipRange) } val ipPerm2 = IpPermission { ipProtocol = "tcp" toPort = 22 fromPort = 22 ipRanges = listOf(ipRange) } val authRequest = AuthorizeSecurityGroupIngressRequest { groupName = groupNameVal ipPermissions = listOf(ipPerm, ipPerm2) } ec2.authorizeSecurityGroupIngress(authRequest) println("Successfully added ingress policy to Security Group $groupNameVal") return resp.groupId } }
PowerShell
Alat untuk PowerShell

Contoh 1: Contoh ini membuat grup keamanan untuk yang ditentukanVPC.

New-EC2SecurityGroup -GroupName my-security-group -Description "my security group" -VpcId vpc-12345678

Output:

sg-12345678

Contoh 2: Contoh ini membuat grup keamanan untuk EC2 -Classic.

New-EC2SecurityGroup -GroupName my-security-group -Description "my security group"

Output:

sg-45678901
Python
SDKuntuk Python (Boto3)
catatan

Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS.

class SecurityGroupWrapper: """Encapsulates Amazon Elastic Compute Cloud (Amazon EC2) security group actions.""" def __init__(self, ec2_client: boto3.client, security_group: Optional[str] = None): """ Initializes the SecurityGroupWrapper with an EC2 client and an optional security group ID. :param ec2_client: A Boto3 Amazon EC2 client. This client provides low-level access to AWS EC2 services. :param security_group: The ID of a security group to manage. This is a high-level identifier that represents the security group. """ self.ec2_client = ec2_client self.security_group = security_group @classmethod def from_client(cls) -> "SecurityGroupWrapper": """ Creates a SecurityGroupWrapper instance with a default EC2 client. :return: An instance of SecurityGroupWrapper initialized with the default EC2 client. """ ec2_client = boto3.client("ec2") return cls(ec2_client) def create(self, group_name: str, group_description: str) -> str: """ Creates a security group in the default virtual private cloud (VPC) of the current account. :param group_name: The name of the security group to create. :param group_description: The description of the security group to create. :return: The ID of the newly created security group. :raise Handles AWS SDK service-level ClientError, with special handling for ResourceAlreadyExists """ try: response = self.ec2_client.create_security_group( GroupName=group_name, Description=group_description ) self.security_group = response["GroupId"] except ClientError as err: if err.response["Error"]["Code"] == "ResourceAlreadyExists": logger.error( f"Security group '{group_name}' already exists. Please choose a different name." ) raise else: return self.security_group
Ruby
SDKuntuk Ruby
catatan

Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS.

# This code example does the following: # 1. Creates an Amazon Elastic Compute Cloud (Amazon EC2) security group. # 2. Adds inbound rules to the security group. # 3. Displays information about available security groups. # 4. Deletes the security group. require 'aws-sdk-ec2' # Creates an Amazon Elastic Compute Cloud (Amazon EC2) security group. # # Prerequisites: # # - A VPC in Amazon Virtual Private Cloud (Amazon VPC). # # @param ec2_client [Aws::EC2::Client] An initialized # Amazon EC2 client. # @param group_name [String] A name for the security group. # @param description [String] A description for the security group. # @param vpc_id [String] The ID of the VPC for the security group. # @return [String] The ID of security group that was created. # @example # puts create_security_group( # Aws::EC2::Client.new(region: 'us-west-2'), # 'my-security-group', # 'This is my security group.', # 'vpc-6713dfEX' # ) def create_security_group(ec2_client, group_name, description, vpc_id) security_group = ec2_client.create_security_group( group_name: group_name, description: description, vpc_id: vpc_id ) puts "Created security group '#{group_name}' with ID " \ "'#{security_group.group_id}' in VPC with ID '#{vpc_id}'." security_group.group_id rescue StandardError => e puts "Error creating security group: #{e.message}" 'Error' end # Adds an inbound rule to an Amazon Elastic Compute Cloud (Amazon EC2) # security group. # # Prerequisites: # # - The security group. # # @param ec2_client [Aws::EC2::Client] An initialized Amazon EC2 client. # @param security_group_id [String] The ID of the security group. # @param ip_protocol [String] The network protocol for the inbound rule. # @param from_port [String] The originating port for the inbound rule. # @param to_port [String] The destination port for the inbound rule. # @param cidr_ip_range [String] The CIDR IP range for the inbound rule. # @return # @example # exit 1 unless security_group_ingress_authorized?( # Aws::EC2::Client.new(region: 'us-west-2'), # 'sg-030a858e078f1b9EX', # 'tcp', # '80', # '80', # '0.0.0.0/0' # ) def security_group_ingress_authorized?( ec2_client, security_group_id, ip_protocol, from_port, to_port, cidr_ip_range ) ec2_client.authorize_security_group_ingress( group_id: security_group_id, ip_permissions: [ { ip_protocol: ip_protocol, from_port: from_port, to_port: to_port, ip_ranges: [ { cidr_ip: cidr_ip_range } ] } ] ) puts "Added inbound rule to security group '#{security_group_id}' for protocol " \ "'#{ip_protocol}' from port '#{from_port}' to port '#{to_port}' " \ "with CIDR IP range '#{cidr_ip_range}'." true rescue StandardError => e puts "Error adding inbound rule to security group: #{e.message}" false end # Refactored method to simplify complexity for describing security group permissions def format_port_information(perm) from_port_str = perm.from_port == '-1' || perm.from_port == -1 ? 'All' : perm.from_port.to_s to_port_str = perm.to_port == '-1' || perm.to_port == -1 ? 'All' : perm.to_port.to_s { from_port: from_port_str, to_port: to_port_str } end # Displays information about a security group's IP permissions set in # Amazon Elastic Compute Cloud (Amazon EC2). def describe_security_group_permissions(perm) ports = format_port_information(perm) print " Protocol: #{perm.ip_protocol == '-1' ? 'All' : perm.ip_protocol}" print ", From: #{ports[:from_port]}, To: #{ports[:to_port]}" print ", CIDR IPv6: #{perm.ipv_6_ranges[0].cidr_ipv_6}" if perm.key?(:ipv_6_ranges) && perm.ipv_6_ranges.count.positive? print ", CIDR IPv4: #{perm.ip_ranges[0].cidr_ip}" if perm.key?(:ip_ranges) && perm.ip_ranges.count.positive? print "\n" end # Displays information about available security groups in # Amazon Elastic Compute Cloud (Amazon EC2). def describe_security_groups(ec2_client) response = ec2_client.describe_security_groups if response.security_groups.count.positive? response.security_groups.each do |sg| display_group_details(sg) end else puts 'No security groups found.' end rescue StandardError => e puts "Error getting information about security groups: #{e.message}" end # Helper method to display the details of security groups def display_group_details(sg) puts '-' * (sg.group_name.length + 13) puts "Name: #{sg.group_name}" puts "Description: #{sg.description}" puts "Group ID: #{sg.group_id}" puts "Owner ID: #{sg.owner_id}" puts "VPC ID: #{sg.vpc_id}" display_group_tags(sg.tags) if sg.tags.count.positive? display_group_permissions(sg) end def display_group_tags(tags) puts 'Tags:' tags.each do |tag| puts " Key: #{tag.key}, Value: #{tag.value}" end end def display_group_permissions(sg) if sg.ip_permissions.count.positive? puts 'Inbound rules:' sg.ip_permissions.each do |p| describe_security_group_permissions(p) end end return if sg.ip_permissions_egress.empty? puts 'Outbound rules:' sg.ip_permissions_egress.each do |p| describe_security_group_permissions(p) end end # Deletes an Amazon Elastic Compute Cloud (Amazon EC2) # security group. def security_group_deleted?(ec2_client, security_group_id) ec2_client.delete_security_group(group_id: security_group_id) puts "Deleted security group '#{security_group_id}'." true rescue StandardError => e puts "Error deleting security group: #{e.message}" false end # Example usage with refactored run_me to reduce complexity def run_me group_name, description, vpc_id, ip_protocol_http, from_port_http, to_port_http, \ cidr_ip_range_http, ip_protocol_ssh, from_port_ssh, to_port_ssh, \ cidr_ip_range_ssh, region = process_arguments ec2_client = Aws::EC2::Client.new(region: region) security_group_id = attempt_create_security_group(ec2_client, group_name, description, vpc_id) security_group_exists = security_group_id != 'Error' if security_group_exists add_inbound_rules(ec2_client, security_group_id, ip_protocol_http, from_port_http, to_port_http, cidr_ip_range_http) add_inbound_rules(ec2_client, security_group_id, ip_protocol_ssh, from_port_ssh, to_port_ssh, cidr_ip_range_ssh) end describe_security_groups(ec2_client) attempt_delete_security_group(ec2_client, security_group_id) if security_group_exists end def process_arguments if ARGV[0] == '--help' || ARGV[0] == '-h' display_help exit 1 elsif ARGV.count.zero? default_values else ARGV end end def attempt_create_security_group(ec2_client, group_name, description, vpc_id) puts 'Attempting to create security group...' security_group_id = create_security_group(ec2_client, group_name, description, vpc_id) puts 'Could not create security group. Skipping this step.' if security_group_id == 'Error' security_group_id end def add_inbound_rules(ec2_client, security_group_id, ip_protocol, from_port, to_port, cidr_ip_range) puts 'Attempting to add inbound rules to security group...' return if security_group_ingress_authorized?(ec2_client, security_group_id, ip_protocol, from_port, to_port, cidr_ip_range) puts 'Could not add inbound rule to security group. Skipping this step.' end def attempt_delete_security_group(ec2_client, security_group_id) puts "\nAttempting to delete security group..." return if security_group_deleted?(ec2_client, security_group_id) puts 'Could not delete security group. You must delete it yourself.' end def display_help puts 'Usage: ruby ec2-ruby-example-security-group.rb ' \ 'GROUP_NAME DESCRIPTION VPC_ID IP_PROTOCOL_1 FROM_PORT_1 TO_PORT_1 ' \ 'CIDR_IP_RANGE_1 IP_PROTOCOL_2 FROM_PORT_2 TO_PORT_2 ' \ 'CIDR_IP_RANGE_2 REGION' puts 'Example: ruby ec2-ruby-example-security-group.rb ' \ "my-security-group 'This is my security group.' vpc-6713dfEX " \ "tcp 80 80 '0.0.0.0/0' tcp 22 22 '0.0.0.0/0' us-west-2" end def default_values [ 'my-security-group', 'This is my security group.', 'vpc-6713dfEX', 'tcp', '80', '80', '0.0.0.0/0', 'tcp', '22', '22', '0.0.0.0/0', 'us-west-2' ] end run_me if $PROGRAM_NAME == __FILE__
Rust
SDKuntuk Rust
catatan

Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS.

pub async fn create_security_group( &self, name: &str, description: &str, ) -> Result<SecurityGroup, EC2Error> { tracing::info!("Creating security group {name}"); let create_output = self .client .create_security_group() .group_name(name) .description(description) .send() .await .map_err(EC2Error::from)?; let group_id = create_output .group_id .ok_or_else(|| EC2Error::new("Missing security group id after creation"))?; let group = self .describe_security_group(&group_id) .await? .ok_or_else(|| { EC2Error::new(format!("Could not find security group with id {group_id}")) })?; tracing::info!("Created security group {name} as {group_id}"); Ok(group) }
SAP ABAP
SDKuntuk SAP ABAP
catatan

Ada lebih banyak tentang GitHub. Temukan contoh lengkapnya dan pelajari cara pengaturan dan menjalankannya di Repositori Contoh Kode AWS.

TRY. oo_result = lo_ec2->createsecuritygroup( " oo_result is returned for testing purposes. " iv_description = 'Security group example' iv_groupname = iv_security_group_name iv_vpcid = iv_vpc_id ). MESSAGE 'Security group created.' TYPE 'I'. CATCH /aws1/cx_rt_service_generic INTO DATA(lo_exception). DATA(lv_error) = |"{ lo_exception->av_err_code }" - { lo_exception->av_err_msg }|. MESSAGE lv_error TYPE 'E'. ENDTRY.

Untuk daftar lengkap panduan AWS SDK pengembang dan contoh kode, lihatMembuat EC2 sumber daya Amazon menggunakan AWS SDK. Topik ini juga mencakup informasi tentang memulai dan detail tentang SDK versi sebelumnya.