Skip to content
/ drone-cfn-security-group Public

Drone plugin for creating complex AWS CloudFormation Security Groups.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

robertstettner/drone-cfn-security-group

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
templates
templates
 
 
test
test
 
 
.babelrc
.babelrc
 
 
.dockerignore
.dockerignore
 
 
.eslintignore
.eslintignore
 
 
.eslintrc.yml
.eslintrc.yml
 
 
.gitignore
.gitignore
 
 
.jest.json
.jest.json
 
 
.travis.yml
.travis.yml
 
 
Dockerfile
Dockerfile
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 
plugin.js
plugin.js
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

drone-cfn-security-group

Build Status Coverage Status

Drone plugin for creating complex AWS CloudFormation Security Groups.

It will create a matrix of rules, Ingress/Egress ports over CIDRs and export the security group that is created so it could be used in another CloudFormation stack.

Configuration

The following parameters are used to configure the plugin:

  • exportname: the name of the CloudFormation stack and export. Required.
  • vpcid: the VPC Id to associate the Security Group to. This can be a exported value, in CloudFormation eg. !ImportValue MyAppVpcId. Required.
  • description: the description of the CloudFormation stack. Required.
  • ingress_cidrs: ingress CIDR ranges. Optional.
  • ingress_ports: array of ingress ports as numbers or objects with parameters (from_port, to_port, protocol). Optional.
  • egress_cidrs: egress CIDR ranges. Optional.
  • egress_ports: array of ingress ports as numbers or objects with parameters (from_port, to_port, protocol). Optional.
  • region: the AWS region to deploy to. Defaults to eu-west-1.
  • access_key: the AWS access key. Optional.
  • secret_key: the AWS secret key. Optional.

Drone configuration example

Simple example below:

pipeline:
  ...
  security:
    image: robertstettner/drone-cfn-security-group
    pull: true
    exportname: MyApplicationSecurityGroup
    ingress_cidrs:
      - 54.123.32.123/32
      - 67.2.34.3/32
      - 5.231.12.0/24
      - 77.65.0.0/16
    ingress_ports:
      - 80 # HTTP all protocols
      - 433 # HTTPS all protocols
      - 22 # SSH all protocols
    when:
      event: deployment

You could then use the security group in other stacks by referring to it using in the syntax for JSON CloudFormation templates:

{ "Fn::ImportValue" : "MyApplicationSecurityGroup" }

or for YAML CloudFormation templates:

!ImportValue MyApplicationSecurityGroup

Complex example below:

pipeline:
  ...
  security:
    image: robertstettner/drone-cfn-security-group
    pull: true
    exportname: MyApplicationSecurityGroup
    ingress_cidrs:
      - 54.123.32.123/32
      - 67.2.34.3/32
      - 5.231.12.0/24
      - 77.65.0.0/16
    ingress_ports:
      - from_port: 80
        to_port: 82
        protocol: tcp
      - from_port: 433
        to_port: 433
        protocol: tcp
      - from_port: 115
        to_port: 115
        protocol: udp
    egress_cidrs:
      - 54.123.32.123/32
      - 67.2.34.3/32
      - 5.231.12.0/24
      - 77.65.0.0/16
    egress_ports:
      - from_port: 80
        to_port: 82
        protocol: tcp
      - from_port: 433
        to_port: 433
        protocol: tcp
      - from_port: 115
        to_port: 115
        protocol: udp
    when:
      event: deployment

License

MIT

About

Drone plugin for creating complex AWS CloudFormation Security Groups.

Topics

security cloudformation drone-ci

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages