本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 使用 Amazon EC2 中的安全组
## 先决条件
在开始之前,建议您先阅读[开始使用 适用于 C\$1\$1 的 AWS SDK](getting-started.md)。
下载示例代码并按[代码示例入门](getting-started-code-examples.md)中所述构建解决方案。
要运行这些示例,您的代码用于发出请求的用户配置文件必须具有适当的权限 AWS (适用于服务和操作)。有关更多信息,请参阅[提供 AWS 凭证](credentials.md)。
## 创建安全组
要创建安全组,请使用包含密钥名称的调用 EC2客户端`CreateSecurityGroup`函数。[CreateSecurityGroupRequest](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-ec2/html/class_aws_1_1_e_c2_1_1_model_1_1_create_security_group_request.html)
**包含**
```
#include
#include
```
**代码**
```
Aws::EC2::EC2Client ec2Client(clientConfiguration);
Aws::EC2::Model::CreateSecurityGroupRequest request;
request.SetGroupName(groupName);
request.SetDescription(description);
request.SetVpcId(vpcID);
const Aws::EC2::Model::CreateSecurityGroupOutcome outcome =
ec2Client.CreateSecurityGroup(request);
if (!outcome.IsSuccess()) {
std::cerr << "Failed to create security group:" <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
std::cout << "Successfully created security group named " << groupName <<
std::endl;
```
请参阅[完整示例](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/ec2/create_security_group.cpp)。
## 配置安全组
安全组可以控制对 Amazon EC2 实例的入站(入口)流量和出站(出口)流量。
要向您的安全组添加入口规则,请使用 EC2客户端的`AuthorizeSecurityGroupIngress`函数,在[AuthorizeSecurityGroupIngressRequest](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-ec2/html/class_aws_1_1_e_c2_1_1_model_1_1_authorize_security_group_ingress_request.html)对象中提供安全组的名称和要分配给它的访问规则 ([IpPermission](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-ec2/html/class_aws_1_1_e_c2_1_1_model_1_1_ip_permission.html))。以下示例演示如何将 IP 权限添加到安全组。
**包含**
```
#include
```
**代码**
```
Aws::EC2::Model::AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest;
authorizeSecurityGroupIngressRequest.SetGroupId(groupID);
```
```
Aws::String ingressIPRange = "203.0.113.0/24"; // Configure this for your allowed IP range.
Aws::EC2::Model::IpRange ip_range;
ip_range.SetCidrIp(ingressIPRange);
Aws::EC2::Model::IpPermission permission1;
permission1.SetIpProtocol("tcp");
permission1.SetToPort(80);
permission1.SetFromPort(80);
permission1.AddIpRanges(ip_range);
authorize_request.AddIpPermissions(permission1);
Aws::EC2::Model::IpPermission permission2;
permission2.SetIpProtocol("tcp");
permission2.SetToPort(22);
permission2.SetFromPort(22);
permission2.AddIpRanges(ip_range);
authorize_request.AddIpPermissions(permission2);
```
```
Aws::EC2::Model::AuthorizeSecurityGroupIngressOutcome authorizeSecurityGroupIngressOutcome =
ec2Client.AuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
if (authorizeSecurityGroupIngressOutcome.IsSuccess()) {
std::cout << "Successfully authorized security group ingress." << std::endl;
} else {
std::cerr << "Error authorizing security group ingress: "
<< authorizeSecurityGroupIngressOutcome.GetError().GetMessage() << std::endl;
}
```
要向安全组添加出口规则,请在 EC2客户端`AuthorizeSecurityGroupEgress`函数中[AuthorizeSecurityGroupEgressRequest](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-ec2/html/class_aws_1_1_e_c2_1_1_model_1_1_authorize_security_group_egress_request.html)提供类似的数据。
请参阅[完整示例](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/ec2/create_security_group.cpp)。
## 描述安全组
要描述您的安全组或获取有关安全组的信息,请使用调用 EC2客户端`DescribeSecurityGroups`函数[DescribeSecurityGroupsRequest](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-ec2/html/class_aws_1_1_e_c2_1_1_model_1_1_describe_security_groups_request.html)。
您将在结果对象[DescribeSecurityGroupsResponse](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-ec2/html/class_aws_1_1_e_c2_1_1_model_1_1_describe_security_groups_response.html)中收到一个,您可以使用该对象通过调用其`GetSecurityGroups`函数来访问安全组列表,该函数返回[SecurityGroup](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-ec2/html/class_aws_1_1_e_c2_1_1_model_1_1_security_group.html)对象列表。
**包含**
```
#include
#include
#include
#include
#include
```
**代码**
```
Aws::EC2::EC2Client ec2Client(clientConfiguration);
Aws::EC2::Model::DescribeSecurityGroupsRequest request;
if (!groupID.empty()) {
request.AddGroupIds(groupID);
}
Aws::String nextToken;
do {
if (!nextToken.empty()) {
request.SetNextToken(nextToken);
}
Aws::EC2::Model::DescribeSecurityGroupsOutcome outcome = ec2Client.DescribeSecurityGroups(request);
if (outcome.IsSuccess()) {
std::cout << std::left <<
std::setw(32) << "Name" <<
std::setw(30) << "GroupId" <<
std::setw(30) << "VpcId" <<
std::setw(64) << "Description" << std::endl;
const std::vector &securityGroups =
outcome.GetResult().GetSecurityGroups();
for (const auto &securityGroup: securityGroups) {
std::cout << std::left <<
std::setw(32) << securityGroup.GetGroupName() <<
std::setw(30) << securityGroup.GetGroupId() <<
std::setw(30) << securityGroup.GetVpcId() <<
std::setw(64) << securityGroup.GetDescription() <<
std::endl;
}
} else {
std::cerr << "Failed to describe security groups:" <<
outcome.GetError().GetMessage() << std::endl;
return false;
}
nextToken = outcome.GetResult().GetNextToken();
} while (!nextToken.empty());
```
请参阅[完整示例](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/ec2/describe_security_groups.cpp)。
## 删除安全组
要删除安全组,请调用 EC2客户端的`DeleteSecurityGroup`函数,向其传递一个[DeleteSecurityGroupRequest](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-ec2/html/class_aws_1_1_e_c2_1_1_model_1_1_delete_security_group_request.html)包含要删除的安全组 ID 的函数。
**包含**
```
#include
#include
#include
```
**代码**
```
Aws::EC2::EC2Client ec2Client(clientConfiguration);
Aws::EC2::Model::DeleteSecurityGroupRequest request;
request.SetGroupId(securityGroupID);
Aws::EC2::Model::DeleteSecurityGroupOutcome outcome = ec2Client.DeleteSecurityGroup(request);
if (!outcome.IsSuccess()) {
std::cerr << "Failed to delete security group " << securityGroupID <<
":" << outcome.GetError().GetMessage() << std::endl;
} else {
std::cout << "Successfully deleted security group " << securityGroupID <<
std::endl;
}
```
请参阅[完整示例](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/ec2/delete_security_group.cpp)。
## 更多信息
+ 《Amazon EC2 用户指南》中的 [Amazon EC2 安全组](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html)
+ 《Amazon EC2 用户指南》中的[为您的 Linux 实例授权入站流量](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html)
+ [CreateSecurityGroup](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html)在 Amazon EC2 API 参考中
+ [DescribeSecurityGroups](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)在 Amazon EC2 API 参考中
+ [DeleteSecurityGroup](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteSecurityGroup.html)在 Amazon EC2 API 参考中
+ [AuthorizeSecurityGroupIngress](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeSecurityGroupIngress.html)在 Amazon EC2 API 参考中