-
DescribeSecurityGroups: This endpoint allows you to retrieve information about one or more security groups, such as their IDs, names, descriptions, and associated VPCs.
-
CreateSecurityGroup: This endpoint allows you to create a new security group in a specified VPC. You can specify the name, description, and VPC ID for the new security group.
-
AuthorizeSecurityGroupIngress: This endpoint allows you to add inbound rules to a security group. You can specify the security group ID, IP protocol, port range, and the source of the traffic (e.g., an IP range, another security group, or a prefix list).
-
AuthorizeSecurityGroupEgress: This endpoint allows you to add outbound rules to a security group. You can specify the security group ID, IP protocol, port range, and the destination of the traffic (e.g., an IP range, another security group, or a prefix list).
-
RevokeSecurityGroupIngress: This endpoint allows you to remove inbound rules from a security group. You can specify the security group ID, IP protocol, port range, and the source of the traffic.
-
RevokeSecurityGroupEgress: This endpoint allows you to remove outbound rules from a security group. You can specify the security group ID, IP protocol, port range, and the destination of the traffic.
// Security Group
type SecurityGroup struct {
GroupName string `json:"group_name"`
GroupDescription string `json:"group_description"`
VpcId string `json:"vpc_id"`
GroupId string `json:"group_id"`
Tags []ec2.Tag `json:"tags,omitempty"`
InboundRules []SecurityGroupRule `json:"inbound_rules,omitempty"`
OutboundRules []SecurityGroupRule `json:"outbound_rules,omitempty"`
}
// Security Group Rule
type SecurityGroupRule struct {
IpProtocol string `json:"ip_protocol"`
FromPort int64 `json:"from_port"`
ToPort int64 `json:"to_port"`
IpRanges []string `json:"ip_ranges,omitempty"`
PrefixListIds []string `json:"prefix_list_ids,omitempty"`
UserIdGroupPairs []UserIdGroupPair `json:"user_id_group_pairs,omitempty"`
}
// User ID Group Pair
type UserIdGroupPair struct {
UserId string `json:"user_id,omitempty"`
GroupName string `json:"group_name,omitempty"`
GroupId string `json:"group_id,omitempty"`
VpcId string `json:"vpc_id,omitempty"`
PeeringId string `json:"peering_id,omitempty"`
Description string `json:"description,omitempty"`
}
// Swagger
swagger: '2.0'
info:
version: 1.0.0
title: EC2 Security Group API
description: API endpoints for managing EC2 security groups
host: api.example.com
basePath: /v1
schemes:
- https
paths:
/security-groups:
get:
summary: Retrieve Security Groups
description: Retrieves information about one or more security groups.
parameters:
- name: group-id
in: query
description: The IDs of the security groups to retrieve.
required: false
type: string
- name: group-name
in: query
description: The names of the security groups to retrieve.
required: false
type: string
- name: vpc-id
in: query
description: The ID of the VPC to which the security groups belong.
required: false
type: string
responses:
'200':
description: A list of security groups that match the specified criteria.
schema:
type: object
properties:
security-groups:
type: array
items:
$ref: '#/definitions/SecurityGroup'
post:
summary: Create Security Group
description: Creates a new security group in the specified VPC.
parameters:
- name: group-id
in: query
description: The ID of the VPC to which the security group belongs.
required: true
type: string
responses:
'200':
description: The details of the newly created security group.
schema:
$ref: '#/definitions/SecurityGroup'
/security-groups/{group-id}/authorize-ingress:
post:
summary: Add Inbound Rule
description: Adds an inbound rule to the specified security group.
parameters:
- name: group-id
in: path
description: The ID of the security group.
required: true
type: string
responses:
'200':
description: The details of the updated security group.
schema:
$ref: '#/definitions/SecurityGroup'
/security-groups/{group-id}/authorize-egress:
post:
summary: Add Outbound Rule
description: Adds an outbound rule to the specified security group.
parameters:
- name: group-id
in: path
description: The ID of the security group.
required: true
type: string
responses:
'200':
description: The details of the updated security group.
schema:
$ref: '#/definitions/SecurityGroup'
/security-groups/{group-id}/revoke-ingress:
post:
summary: Remove Inbound Rule
description: Removes an inbound rule from the specified security group.
parameters:
- name: group-id
in: path
description: The ID of the security group.
required: true
type: string
responses:
'200':
description: The details of the updated security group.
schema:
$ref: '#/definitions/SecurityGroup'
definitions:
SecurityGroup:
type: object
properties:
group-name:
type: string
description: The name of the security group.
group-description:
type: string
description: The description of the security group.
vpc-id:
type: string
description: The ID of the VPC to which the security group belongs
group-id:
type: string
description: The ID of the security group.
tags:
type: array
items:
$ref: '#/definitions/Tag'
inbound-rules:
type: array
items:
$ref: '#/definitions/SecurityGroupRule'
outbound-rules:
type: array
items:
$ref: '#/definitions/SecurityGroupRule'
SecurityGroupRule:
type: object
properties:
ip-protocol:
type: string
description: The IP protocol for the rule.
from-port:
type: integer
description: The starting port for the rule.
to-port:
type: integer
description: The ending port for the rule.
ip-ranges:
type: array
items:
type: string
description: The IP ranges to which the rule applies.
prefix-list-ids:
type: array
items:
type: string
description: The prefix list IDs to which the rule applies.
user-id-group-pairs:
type: array
items:
$ref: '#/definitions/UserIdGroupPair'
description: The user ID group pairs to which the rule applies.
UserIdGroupPair:
type: object
properties:
user-id:
type: string
description: The ID of the user to which the group belongs.
group-name:
type: string
description: The name of the group to which the rule applies.
Tag:
type: object
properties:
key:
type: string
description: The key of the tag.
value:
type: string
description: The value of the tag.