in update_security_groups_lambda/update_security_groups.py [0:0]
def update_security_group(client, group, new_ranges, port):
added = 0
removed = 0
if len(group['IpPermissions']) > 0:
for permission in group['IpPermissions']:
if permission['FromPort'] <= port and permission['ToPort'] >= port:
old_prefixes = list()
to_revoke = list()
to_add = list()
for range in permission['IpRanges']:
cidr = range['CidrIp']
old_prefixes.append(cidr)
if new_ranges.count(cidr) == 0:
to_revoke.append(range)
logging.debug((group['GroupId'] + ": Revoking " + cidr + ":" + str(permission['ToPort'])))
for range in new_ranges:
if old_prefixes.count(range) == 0:
to_add.append({ 'CidrIp': range })
logging.debug((group['GroupId'] + ": Adding " + range + ":" + str(permission['ToPort'])))
removed += revoke_permissions(client, group, permission, to_revoke)
added += add_permissions(client, group, permission, to_add)
else:
to_add = list()
for range in new_ranges:
to_add.append({ 'CidrIp': range })
logging.info((group['GroupId'] + ": Adding " + range + ":" + str(port)))
permission = { 'ToPort': port, 'FromPort': port, 'IpProtocol': 'tcp'}
added += add_permissions(client, group, permission, to_add)
logging.debug((group['GroupId'] + ": Added " + str(added) + ", Revoked " + str(removed)))
return (added > 0 or removed > 0)