in lambda/guardduty_to_acl_lambda.py [0:0]
def create_netacl_rule(netacl_id, host_ip, rule_no):
ec2 = boto3.resource('ec2')
network_acl = ec2.NetworkAcl(netacl_id)
response = network_acl.create_entry(
CidrBlock = host_ip + '/32',
Egress=False,
PortRange={
'From': 0,
'To': 65535
},
Protocol='-1',
RuleAction='deny',
RuleNumber= rule_no
)
if response['ResponseMetadata']['HTTPStatusCode'] == 200:
logger.info("log -- successfully added new rule %s, HostIP %s, to NACL %s." % (rule_no, host_ip, netacl_id))
return True
else:
logger.error("log -- error adding new rule %s, HostIP %s, to NACL %s." % (rule_no, host_ip, netacl_id))
logger.info(response)
return False