in cognito-restapi-vpclink/AuxLambdaFunctionSecGrp/index.py [0:0]
def on_create(event, context):
try:
sec_group_ips = os.environ['WhiteList']
ports_allowed = list(event['ResourceProperties']['Ports'].split(','))
ports_allowed = [int(port.strip()) for port in ports_allowed]
sec_group_list = list(sec_group_ips.split(","))
sec_group_list = [ip.strip() for ip in sec_group_list]
vpc_id = os.environ['VpcId']
client = boto3.client('ec2')
response = client.create_security_group(
GroupName=os.environ['StackName'] + ' - Access to CloudHSM API instance from NLB',
Description='Allows connections to port 8080 from NLB private IP addresses',
VpcId=vpc_id
)
security_group_id = response['GroupId']
ingress_list = []
for port in ports_allowed:
for ip in sec_group_list:
ingress_list.append({
'IpProtocol': 'tcp',
'FromPort': port,
'ToPort': port,
'IpRanges': [{'CidrIp': ip + '/32'}]
})
client.authorize_security_group_ingress(
GroupId=security_group_id,
IpPermissions=ingress_list
)
data = {"SecGroupId": security_group_id}
send_response(event, context, 'SUCCESS', data, 'SecGroup Created', security_group_id, False)
except Exception as e:
send_response(event, context, 'FAILED', {}, str(e), 'None', False)