Golang AWS SDK安全组入站授权配置指南
Golang AWS SDK安全组入站授权配置指南 我正在尝试为安全组中的每条输入规则添加描述,但不确定如何操作。如果有人能好心帮助,我将不胜感激。
谢谢,
-------------------------代码---------------------
package main
import (
"encoding/hex"
"fmt"
"io/ioutil"
"net/http"
"os"
"strings"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ec2"
)
// exitErrorf - 用于优雅退出的工具函数
func exitErrorf(msg string, args ...interface{}) {
fmt.Fprintf(os.Stderr, msg+"\n", args...)
os.Exit(1)
}
// Get - 返回网页内容
func get(url string) (string, error) {
response, err := http.Get(url)
if err != nil {
return "", err
}
defer response.Body.Close()
contents, err := ioutil.ReadAll(response.Body)
if err != nil {
return "", err
}
return string(contents), nil
}
func main() {
var awsK = "324234"
var awsS = "32423423kljljlkjsdfkldsf"
var securityGroupID = "sg-3434xxx"
wanIPAddress, err := get("http://checkip.amazonaws.com/")
sess, err := session.NewSession(&aws.Config{
Region: aws.String("us-east-1"),
Credentials: credentials.NewStaticCredentials(awsK, awsS, ""),
})
if err != nil {
fmt.Println("Error creating session ", err)
return
}
svc := ec2.New(sess)
_, err = svc.AuthorizeSecurityGroupIngress(&ec2.AuthorizeSecurityGroupIngressInput{
//GroupName: aws.String(*namePtr),
GroupId: aws.String(securityGroupID),
IpPermissions: []*ec2.IpPermission{
// 可以使用 setter 来简化设置多个值,而无需使用 aws.String 或相关的辅助工具。
(&ec2.IpPermission{}).
SetIpProtocol("tcp").
SetFromPort(80).
SetToPort(80).
SetIpRanges([]*ec2.IpRange{
{CidrIp: aws.String(TrimSpaceNewlineInString(wanIPAddress) + "/32")},
}),
(&ec2.IpPermission{}).
SetIpProtocol("tcp").
SetFromPort(443).
SetToPort(443).
SetIpRanges([]*ec2.IpRange{
{CidrIp: aws.String(TrimSpaceNewlineInString(wanIPAddress) + "/32")},
}),
},
})
if err != nil {
exitErrorf("Unable to set security group ingress for ip %s", wanIPAddress)
}
fmt.Printf("Successfully set security group ingress for ip %s\n", wanIPAddress)
}
更多关于Golang AWS SDK安全组入站授权配置指南的实战教程也可以访问 https://www.itying.com/category-94-b0.html
2 回复
我想我应该回来回答这个问题,以防其他人感兴趣。描述信息应该在 CidrIp 之后添加。请看下面的代码:
_, err = svc.AuthorizeSecurityGroupIngress(&ec2.AuthorizeSecurityGroupIngressInput{
//GroupName: aws.String(*namePtr),
GroupId: aws.String(securityGroupID),
IpPermissions: []*ec2.IpPermission{
// 可以使用 setter 方法来简化设置多个值,而无需使用 aws.String 或相关的辅助工具。
(&ec2.IpPermission{}).
SetIpProtocol("tcp").
SetFromPort(80).
SetToPort(80).
SetIpRanges([]*ec2.IpRange{
{
CidrIp: aws.String(TrimSpaceNewlineInString(wanIPAddress) + "/32"),
Description: aws.String(hostname),
},
}),
(&ec2.IpPermission{}).
SetIpProtocol("tcp").
SetFromPort(443).
SetToPort(443).
SetIpRanges([]*ec2.IpRange{
{
CidrIp: aws.String(TrimSpaceNewlineInString(wanIPAddress) + "/32"),
Description: aws.String(hostname),
},
}),
},
})
更多关于Golang AWS SDK安全组入站授权配置指南的实战系列教程也可以访问 https://www.itying.com/category-94-b0.html
在AWS SDK for Go中为安全组入站规则添加描述,需要使用IpRanges字段的Description属性。以下是修改后的代码示例:
package main
import (
"fmt"
"os"
"strings"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ec2"
)
// TrimSpaceNewlineInString - 移除字符串中的换行符和空格
func TrimSpaceNewlineInString(s string) string {
return strings.TrimSpace(strings.Replace(s, "\n", "", -1))
}
func main() {
var awsK = "324234"
var awsS = "32423423kljljlkjsdfkldsf"
var securityGroupID = "sg-3434xxx"
sess, err := session.NewSession(&aws.Config{
Region: aws.String("us-east-1"),
Credentials: credentials.NewStaticCredentials(awsK, awsS, ""),
})
if err != nil {
fmt.Println("Error creating session ", err)
return
}
svc := ec2.New(sess)
// 获取WAN IP地址(假设已实现)
wanIPAddress := "192.168.1.1" // 这里应该是实际的IP地址
_, err = svc.AuthorizeSecurityGroupIngress(&ec2.AuthorizeSecurityGroupIngressInput{
GroupId: aws.String(securityGroupID),
IpPermissions: []*ec2.IpPermission{
{
IpProtocol: aws.String("tcp"),
FromPort: aws.Int64(80),
ToPort: aws.Int64(80),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String(TrimSpaceNewlineInString(wanIPAddress) + "/32"),
Description: aws.String("HTTP access from WAN"),
},
},
},
{
IpProtocol: aws.String("tcp"),
FromPort: aws.Int64(443),
ToPort: aws.Int64(443),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String(TrimSpaceNewlineInString(wanIPAddress) + "/32"),
Description: aws.String("HTTPS access from WAN"),
},
},
},
},
})
if err != nil {
fmt.Printf("Error authorizing ingress: %v\n", err)
return
}
fmt.Printf("Successfully set security group ingress for ip %s\n", wanIPAddress)
}
如果需要为现有规则添加描述,可以使用UpdateSecurityGroupRuleDescriptionsIngress方法:
// 更新现有规则的描述
_, err = svc.UpdateSecurityGroupRuleDescriptionsIngress(&ec2.UpdateSecurityGroupRuleDescriptionsIngressInput{
GroupId: aws.String(securityGroupID),
IpPermissions: []*ec2.IpPermission{
{
IpProtocol: aws.String("tcp"),
FromPort: aws.Int64(80),
ToPort: aws.Int64(80),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String(TrimSpaceNewlineInString(wanIPAddress) + "/32"),
Description: aws.String("Updated HTTP access description"),
},
},
},
},
})
if err != nil {
fmt.Printf("Error updating rule descriptions: %v\n", err)
return
}
对于IPv6规则,使用Ipv6Ranges字段:
Ipv6Ranges: []*ec2.Ipv6Range{
{
CidrIpv6: aws.String("2001:db8::/32"),
Description: aws.String("IPv6 access description"),
},
},
对于前缀列表,使用PrefixListIds字段:
PrefixListIds: []*ec2.PrefixListId{
{
PrefixListId: aws.String("pl-12345678"),
Description: aws.String("Prefix list access"),
},
},
