def create_security

def create_security_group()

in mephisto/abstractions/architects/ec2/ec2_helpers.py [0:0]
105 lines of code
2 McCabe index (conditional complexity)

def create_security_group(session: boto3.Session, vpc_id: str, ssh_ip: str) -> str:
    """
    Create a security group with public access
    for 80 and 443, but only access from ssh_ip (comma-separated) for 22
    """
    client = session.client("ec2")

    create_response = client.create_security_group(
        Description="Security group used for Mephisto host servers",
        GroupName="mephisto-server-security-group",
        VpcId=vpc_id,
        TagSpecifications=[
            {
                "ResourceType": "security-group",
                "Tags": [
                    {"Key": "Name", "Value": "mephisto-server-security-group"},
                    get_owner_tag(),
                ],
            }
        ],
    )
    group_id = create_response["GroupId"]
    ssh_perms = [
        {
            "FromPort": 22,
            "ToPort": 22,
            "IpProtocol": "tcp",
            "IpRanges": [
                {
                    "CidrIp": one_ip,
                    "Description": "SSH from allowed ip",
                }
            ],
        }
        for one_ip in ssh_ip.split(",")
    ]

    response = client.authorize_security_group_ingress(
        GroupId=group_id,
        IpPermissions=[
            {
                "FromPort": 80,
                "ToPort": 80,
                "IpProtocol": "tcp",
                "IpRanges": [
                    {
                        "CidrIp": "0.0.0.0/0",
                        "Description": "Public insecure http access",
                    }
                ],
            },
            {
                "FromPort": 80,
                "ToPort": 80,
                "IpProtocol": "tcp",
                "Ipv6Ranges": [
                    {
                        "CidrIpv6": "::/0",
                        "Description": "Public insecure http access",
                    }
                ],
            },
            {
                "FromPort": 5000,
                "ToPort": 5000,
                "IpProtocol": "tcp",
                "IpRanges": [
                    {
                        "CidrIp": "0.0.0.0/0",
                        "Description": "Internal router access",
                    }
                ],
            },
            {
                "FromPort": 5000,
                "ToPort": 5000,
                "IpProtocol": "tcp",
                "Ipv6Ranges": [
                    {
                        "CidrIpv6": "::/0",
                        "Description": "Internal router access",
                    }
                ],
            },
            {
                "FromPort": 443,
                "ToPort": 443,
                "IpProtocol": "tcp",
                "IpRanges": [
                    {
                        "CidrIp": "0.0.0.0/0",
                        "Description": "Public secure http access",
                    }
                ],
            },
            {
                "FromPort": 443,
                "ToPort": 443,
                "IpProtocol": "tcp",
                "Ipv6Ranges": [
                    {
                        "CidrIpv6": "::/0",
                        "Description": "Public secure http access",
                    }
                ],
            },
        ]
        + ssh_perms,
    )

    assert response["ResponseMetadata"]["HTTPStatusCode"] == 200
    return group_id