我有一个在AWS中创建安全组的脚本,它为入口(入站)和出口(出站)流量创建规则,我的脚本现在看起来像这样:
#!/usr/bin/env node
/*
This is a script to generate security groups and apply them to instances in a VPC.
Attached to this script is a json file which has the security group parameters in it.
Run this script by executing:
node AWS_Security_Groups.js
*/
'use strict';
process.env.AWS_PROFILE
var PropertiesReader = require('properties-reader');
var AWS = require('aws-sdk')
var properties = PropertiesReader('/Users/testuser/.aws/credentials');
AWS.config.update({
accessKeyId : properties.get('aws_access_key_id'),
secretAccessKey : properties.get('aws_secret_access_key'),
region : 'us-east-1'
})
var ec2 = new AWS.EC2({apiVersion: '2016-11-15'});
// Load credentials and set region from JSON file
//AWS.config.loadFromPath('/Users/testuser/.aws/credentials');
// Load in security group parameters
let securityParams = require('./securityParams.json');
module.exports = {
//Exports creation of Security Groups
createSecurityGroup: (req, res) => {
ec2.createSecurityGroup(securityParams, function(err, data) {
if (err) {
return (console.log("Error", err));
}
// Pass the Json as a parameter in this function
ec2.authorizeSecurityGroupIngress(securityParams, function(err, data) {
if (err) {
res.serverError(err, err.stack);
} else {
res.ok(data);
console.log('Ingress Security Rules Created');
}
})
// Pass the Json as a parameter in this function
ec2.authorizeSecurityGroupEgress(securityParams, function(err, data) {
if (err) {
res.serverError(err, err.stack);
} else {
res.ok(data);
console.log('Egress Security Rules Created');
}
})
})
}
}
module.exports.createSecurityGroup();
我的Json文件如下所示:
{
"SecurityGroups": [
{
"IpPermissionsEgress": [],
"Description": "My security group",
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
}
],
"GroupName": "MySecurityGroup",
"OwnerId": "123456789012",
"GroupId": "sg-903004f8",
}
{
"IpPermissionsEgress": [],
"Description": "My security group2",
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
}
],
"GroupName": "MySecurityGroup2",
"OwnerId": "123456789012",
"GroupId": "sg-903004f28",
}]
}
但是我无法让脚本正确执行。我一直收到错误说未读字符' /'在JSON文件中。有谁知道我错过了什么?此外,我希望能够更新脚本以读取安全组,如果该组已经存在,请不要尝试创建它。
所以这个JSON似乎在某种程度上起作用:它没有创建任何规则,只是创建了安全组:
[
{
"IpProtocol": "string",
"FromPort": integer,
"ToPort": integer,
"UserIdGroupPairs": [
{
"UserId": "string",
"GroupName": "string",
"GroupId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string",
"PeeringStatus": "string"
}
...
],
"IpRanges": [
{
"CidrIp": "string"
}
...
],
"Ipv6Ranges": [
{
"CidrIpv6": "string"
}
...
],
"PrefixListIds": [
{
"PrefixListId": "string"
}
...
]
}
...
]
我必须使用params更新我的脚本:securityParams[0].UserIdGroupPairs[0]