€cdocutils.nodes
document
q)q}q(U	nametypesq}q(X   ec2 security groupsqNX   security_groupsqˆuUsubstitution_defsq}q	Uparse_messagesq
]qUcurrent_sourceqNU
decorationqNUautofootnote_startqKUnameidsq}q(hUec2-security-groupsqhUsecurity-groupsquUchildrenq]q(cdocutils.nodes
target
q)q}q(U	rawsourceqX   .. _security_groups:UparentqhUsourceqXE   /Users/kyleknap/Documents/GitHub/boto/docs/source/security_groups.rstqUtagnameqUtargetqU
attributesq}q(Uidsq ]Ubackrefsq!]Udupnamesq"]Uclassesq#]Unamesq$]Urefidq%huUlineq&KUdocumentq'hh]ubcdocutils.nodes
section
q()q)}q*(hU hhhhUexpect_referenced_by_nameq+}q,hhshUsectionq-h}q.(h"]h#]h!]h ]q/(hheh$]q0(hheuh&Kh'hUexpect_referenced_by_idq1}q2hhsh]q3(cdocutils.nodes
title
q4)q5}q6(hX   EC2 Security Groupsq7hh)hhhUtitleq8h}q9(h"]h#]h!]h ]h$]uh&Kh'hh]q:cdocutils.nodes
Text
q;X   EC2 Security Groupsq<…q=}q>(hh7hh5ubaubcdocutils.nodes
paragraph
q?)q@}qA(hX#   Amazon defines a security group as:qBhh)hhhU	paragraphqCh}qD(h"]h#]h!]h ]h$]uh&Kh'hh]qEh;X#   Amazon defines a security group as:qF…qG}qH(hhBhh@ubaubcdocutils.nodes
definition_list
qI)qJ}qK(hU hh)hhhUdefinition_listqLh}qM(h"]h#]h!]h ]h$]uh&Nh'hh]qNcdocutils.nodes
definition_list_item
qO)qP}qQ(hXª   "A security group is a named collection of access rules.  These access rules
specify which ingress, i.e. incoming, network traffic should be delivered
to your instance."
hhJhhhUdefinition_list_itemqRh}qS(h"]h#]h!]h ]h$]uh&Kh]qT(cdocutils.nodes
term
qU)qV}qW(hXL   "A security group is a named collection of access rules.  These access rulesqXhhPhhhUtermqYh}qZ(h"]h#]h!]h ]h$]uh&Kh]q[h;XL   "A security group is a named collection of access rules.  These access rulesq\…q]}q^(hhXhhVubaubcdocutils.nodes
definition
q_)q`}qa(hU h}qb(h"]h#]h!]h ]h$]uhhPh]qch?)qd}qe(hX\   specify which ingress, i.e. incoming, network traffic should be delivered
to your instance."qfhh`hhhhCh}qg(h"]h#]h!]h ]h$]uh&K
h]qhh;X\   specify which ingress, i.e. incoming, network traffic should be delivered
to your instance."qi…qj}qk(hhfhhdubaubahU
definitionqlubeubaubh?)qm}qn(hX;   To get a listing of all currently defined security groups::qohh)hhhhCh}qp(h"]h#]h!]h ]h$]uh&Kh'hh]qqh;X:   To get a listing of all currently defined security groups:qr…qs}qt(hX:   To get a listing of all currently defined security groups:hhmubaubcdocutils.nodes
literal_block
qu)qv}qw(hX‘   >>> rs = conn.get_all_security_groups()
>>> print rs
[SecurityGroup:appserver, SecurityGroup:default, SecurityGroup:vnc, SecurityGroup:webserver]hh)hhhUliteral_blockqxh}qy(U	xml:spaceqzUpreserveq{h ]h!]h"]h#]h$]uh&Kh'hh]q|h;X‘   >>> rs = conn.get_all_security_groups()
>>> print rs
[SecurityGroup:appserver, SecurityGroup:default, SecurityGroup:vnc, SecurityGroup:webserver]q}…q~}q(hU hhvubaubh?)q€}q(hXÈ   Each security group can have an arbitrary number of rules which represent
different network ports which are being enabled.  To find the rules for a
particular security group, use the rules attribute::hh)hhhhCh}q‚(h"]h#]h!]h ]h$]uh&Kh'hh]qƒh;XÇ   Each security group can have an arbitrary number of rules which represent
different network ports which are being enabled.  To find the rules for a
particular security group, use the rules attribute:q„…q…}q†(hXÇ   Each security group can have an arbitrary number of rules which represent
different network ports which are being enabled.  To find the rules for a
particular security group, use the rules attribute:hh€ubaubhu)q‡}qˆ(hX¾   >>> sg = rs[1]
>>> sg.name
u'default'
>>> sg.rules
[IPPermissions:tcp(0-65535),
 IPPermissions:udp(0-65535),
 IPPermissions:icmp(-1--1),
 IPPermissions:tcp(22-22),
 IPPermissions:tcp(80-80)]hh)hhhhxh}q‰(hzh{h ]h!]h"]h#]h$]uh&Kh'hh]qŠh;X¾   >>> sg = rs[1]
>>> sg.name
u'default'
>>> sg.rules
[IPPermissions:tcp(0-65535),
 IPPermissions:udp(0-65535),
 IPPermissions:icmp(-1--1),
 IPPermissions:tcp(22-22),
 IPPermissions:tcp(80-80)]q‹…qŒ}q(hU hh‡ubaubh?)qŽ}q(hX  In addition to listing the available security groups you can also create
a new security group.  I'll follow through the "Three Tier Web Service"
example included in the EC2 Developer's Guide for an example of how to
create security groups and add rules to them.qhh)hhhhCh}q‘(h"]h#]h!]h ]h$]uh&K!h'hh]q’h;X  In addition to listing the available security groups you can also create
a new security group.  I'll follow through the "Three Tier Web Service"
example included in the EC2 Developer's Guide for an example of how to
create security groups and add rules to them.q“…q”}q•(hhhhŽubaubh?)q–}q—(hX]   First, let's create a group for our Apache web servers that allows HTTP
access to the world::hh)hhhhCh}q˜(h"]h#]h!]h ]h$]uh&K&h'hh]q™h;X\   First, let's create a group for our Apache web servers that allows HTTP
access to the world:qš…q›}qœ(hX\   First, let's create a group for our Apache web servers that allows HTTP
access to the world:hh–ubaubhu)q}qž(hX’   >>> web = conn.create_security_group('apache', 'Our Apache Group')
>>> web
SecurityGroup:apache
>>> web.authorize('tcp', 80, 80, '0.0.0.0/0')
Truehh)hhhhxh}qŸ(hzh{h ]h!]h"]h#]h$]uh&K)h'hh]q h;X’   >>> web = conn.create_security_group('apache', 'Our Apache Group')
>>> web
SecurityGroup:apache
>>> web.authorize('tcp', 80, 80, '0.0.0.0/0')
Trueq¡…q¢}q£(hU hhubaubh?)q¤}q¥(hX  The first argument is the ip protocol which can be one of; tcp, udp or icmp.
The second argument is the FromPort or the beginning port in the range, the
third argument is the ToPort or the ending port in the range and the last
argument is the CIDR IP range to authorize access to.q¦hh)hhhhCh}q§(h"]h#]h!]h ]h$]uh&K/h'hh]q¨h;X  The first argument is the ip protocol which can be one of; tcp, udp or icmp.
The second argument is the FromPort or the beginning port in the range, the
third argument is the ToPort or the ending port in the range and the last
argument is the CIDR IP range to authorize access to.q©…qª}q«(hh¦hh¤ubaubh?)q¬}q­(hX2   Next we create another group for the app servers::q®hh)hhhhCh}q¯(h"]h#]h!]h ]h$]uh&K4h'hh]q°h;X1   Next we create another group for the app servers:q±…q²}q³(hX1   Next we create another group for the app servers:hh¬ubaubhu)q´}qµ(hXI   >>> app = conn.create_security_group('appserver', 'The application tier')hh)hhhhxh}q¶(hzh{h ]h!]h"]h#]h$]uh&K6h'hh]q·h;XI   >>> app = conn.create_security_group('appserver', 'The application tier')q¸…q¹}qº(hU hh´ubaubh?)q»}q¼(hXÕ   We then want to grant access between the web server group and the app
server group.  So, rather than specifying an IP address as we did in the
last example, this time we will specify another SecurityGroup object.:q½hh)hhhhCh}q¾(h"]h#]h!]h ]h$]uh&K8h'hh]q¿h;XÕ   We then want to grant access between the web server group and the app
server group.  So, rather than specifying an IP address as we did in the
last example, this time we will specify another SecurityGroup object.:qÀ…qÁ}qÂ(hh½hh»ubaubcdocutils.nodes
doctest_block
qÃ)qÄ}qÅ(hX%   >>> app.authorize(src_group=web)
Truehh)hNhUdoctest_blockqÆh}qÇ(hzh{h ]h!]h"]h#]h$]uh&Nh'hh]qÈh;X%   >>> app.authorize(src_group=web)
TrueqÉ…qÊ}qË(hU hhÄubaubh?)qÌ}qÍ(hX   Now, to verify that the web group now has access to the app servers, we want to
temporarily allow SSH access to the web servers from our computer.  Let's
say that our IP address is 192.168.1.130 as it is in the EC2 Developer
Guide.  To enable that access::hh)hhhhCh}qÎ(h"]h#]h!]h ]h$]uh&K?h'hh]qÏh;Xÿ   Now, to verify that the web group now has access to the app servers, we want to
temporarily allow SSH access to the web servers from our computer.  Let's
say that our IP address is 192.168.1.130 as it is in the EC2 Developer
Guide.  To enable that access:qÐ…qÑ}qÒ(hXÿ   Now, to verify that the web group now has access to the app servers, we want to
temporarily allow SSH access to the web servers from our computer.  Let's
say that our IP address is 192.168.1.130 as it is in the EC2 Developer
Guide.  To enable that access:hhÌubaubhu)qÓ}qÔ(hX_   >>> web.authorize(ip_protocol='tcp', from_port=22, to_port=22, cidr_ip='192.168.1.130/32')
Truehh)hhhhxh}qÕ(hzh{h ]h!]h"]h#]h$]uh&KDh'hh]qÖh;X_   >>> web.authorize(ip_protocol='tcp', from_port=22, to_port=22, cidr_ip='192.168.1.130/32')
Trueq×…qØ}qÙ(hU hhÓubaubh?)qÚ}qÛ(hX5  Now that this access is authorized, we could ssh into an instance running in
the web group and then try to telnet to specific ports on servers in the
appserver group, as shown in the EC2 Developer's Guide.  When this testing is
complete, we would want to revoke SSH access to the web server group, like this::hh)hhhhCh}qÜ(h"]h#]h!]h ]h$]uh&KGh'hh]qÝh;X4  Now that this access is authorized, we could ssh into an instance running in
the web group and then try to telnet to specific ports on servers in the
appserver group, as shown in the EC2 Developer's Guide.  When this testing is
complete, we would want to revoke SSH access to the web server group, like this:qÞ…qß}qà(hX4  Now that this access is authorized, we could ssh into an instance running in
the web group and then try to telnet to specific ports on servers in the
appserver group, as shown in the EC2 Developer's Guide.  When this testing is
complete, we would want to revoke SSH access to the web server group, like this:hhÚubaubhu)qá}qâ(hX«   >>> web.rules
[IPPermissions:tcp(80-80),
 IPPermissions:tcp(22-22)]
>>> web.revoke('tcp', 22, 22, cidr_ip='192.168.1.130/32')
True
>>> web.rules
[IPPermissions:tcp(80-80)]hh)hhhhxh}qã(hzh{h ]h!]h"]h#]h$]uh&KLh'hh]qäh;X«   >>> web.rules
[IPPermissions:tcp(80-80),
 IPPermissions:tcp(22-22)]
>>> web.revoke('tcp', 22, 22, cidr_ip='192.168.1.130/32')
True
>>> web.rules
[IPPermissions:tcp(80-80)]qå…qæ}qç(hU hháubaubeubehU UtransformerqèNUfootnote_refsqé}qêUrefnamesqë}qìUsymbol_footnotesqí]qîUautofootnote_refsqï]qðUsymbol_footnote_refsqñ]qòU	citationsqó]qôh'hUcurrent_lineqõNUtransform_messagesqö]q÷cdocutils.nodes
system_message
qø)qù}qú(hU h}qû(h"]UlevelKh ]h!]Usourcehh#]h$]UlineKUtypeUINFOqüuh]qýh?)qþ}qÿ(hU h}r   (h"]h#]h!]h ]h$]uhhùh]r  h;X5   Hyperlink target "security-groups" is not referenced.r  …r  }r  (hU hhþubahhCubahUsystem_messager  ubaUreporterr  NUid_startr  KUautofootnotesr  ]r	  Ucitation_refsr
  }r  Uindirect_targetsr  ]r  Usettingsr  (cdocutils.frontend
Values
r  or  }r  (Ufootnote_backlinksr  KUrecord_dependenciesr  NUrfc_base_urlr  Uhttp://tools.ietf.org/html/r  U	tracebackr  ˆUpep_referencesr  NUstrip_commentsr  NUtoc_backlinksr  Uentryr  Ulanguage_coder  Uenr  U	datestampr  NUreport_levelr  KU_destinationr  NU
halt_levelr   KUstrip_classesr!  Nh8NUerror_encoding_error_handlerr"  Ubackslashreplacer#  Udebugr$  NUembed_stylesheetr%  ‰Uoutput_encoding_error_handlerr&  Ustrictr'  Usectnum_xformr(  KUdump_transformsr)  NUdocinfo_xformr*  KUwarning_streamr+  NUpep_file_url_templater,  Upep-%04dr-  Uexit_status_levelr.  KUconfigr/  NUstrict_visitorr0  NUcloak_email_addressesr1  ˆUtrim_footnote_reference_spacer2  ‰Uenvr3  NUdump_pseudo_xmlr4  NUexpose_internalsr5  NUsectsubtitle_xformr6  ‰Usource_linkr7  NUrfc_referencesr8  NUoutput_encodingr9  Uutf-8r:  U
source_urlr;  NUinput_encodingr<  U	utf-8-sigr=  U_disable_configr>  NU	id_prefixr?  U U	tab_widthr@  KUerror_encodingrA  UUTF-8rB  U_sourcerC  hUgettext_compactrD  ˆU	generatorrE  NUdump_internalsrF  NUsmart_quotesrG  ‰Upep_base_urlrH  Uhttp://www.python.org/dev/peps/rI  Usyntax_highlightrJ  UlongrK  Uinput_encoding_error_handlerrL  j'  Uauto_id_prefixrM  UidrN  Udoctitle_xformrO  ‰Ustrip_elements_with_classesrP  NU_config_filesrQ  ]Ufile_insertion_enabledrR  ˆUraw_enabledrS  KUdump_settingsrT  NubUsymbol_footnote_startrU  K UidsrV  }rW  (hh)hh)uUsubstitution_namesrX  }rY  hh'h}rZ  (h"]h ]h!]Usourcehh#]h$]uU	footnotesr[  ]r\  Urefidsr]  }r^  h]r_  hasub.