in security/generic_security.py [0:0]
def add_security_group_rule(self, sg_id: str, protocol: _ec2.Protocol, cidr_range: str = None,
prefix_list: str = None,
from_port: int = 0,
to_port: int = 0, is_ingress: bool = True, description: str = None):
"""add security group rule"""
if cidr_range is None:
cidr_range = self._vpc.vpc_cidr_block
if from_port != 0 and to_port == 0:
to_port = from_port
if prefix_list is not None:
peer = _ec2.Peer.prefix_list(prefix_list)
rule_id = f'{sg_id}_{protocol.name}_prefixlist_{from_port}_{to_port}'
else:
peer = _ec2.Peer.ipv4(cidr_range)
rule_id = f'{sg_id}_{protocol.name}_{cidr_range}_{from_port}_{to_port}'
if is_ingress:
self._security_groups[sg_id].add_ingress_rule(
peer=peer,
connection=_ec2.Port(
string_representation=rule_id,
protocol=protocol,
from_port=from_port,
to_port=to_port
),
description=description
)
else:
self._security_groups[sg_id].add_egress_rule(
peer=peer,
connection=_ec2.Port(
string_representation=rule_id,
protocol=protocol,
from_port=from_port,
to_port=to_port
),
description=description
)