cloud/awscloud: allow internet access on secure instance again
The executor is timing out and there are no logs. This will require some further work. Remove the restriction for now.
This commit is contained in:
Sanne Raymaekers
parent
8653f614f0
commit
314ed4b527
1 changed files with 0 additions and 69 deletions
|
|
@ -274,75 +274,6 @@ func (a *AWS) createOrReplaceSG(hostInstanceID, hostIP, vpcID string) (string, e
|
|||
if err != nil {
|
||||
return sgID, err
|
||||
}
|
||||
if len(describeSGOutput.SecurityGroups) != 1 {
|
||||
return sgID, fmt.Errorf("Expected 1 security group, got %d", len(describeSGOutput.SecurityGroups))
|
||||
}
|
||||
|
||||
if len(describeSGOutput.SecurityGroups[0].IpPermissionsEgress) != 1 {
|
||||
return sgID, fmt.Errorf("Expected exactly 1 egress rule on the security group (got %d)", len(describeSGOutput.SecurityGroups[0].IpPermissionsEgress))
|
||||
}
|
||||
|
||||
describeSGROutput, err := a.ec2.DescribeSecurityGroupRules(&ec2.DescribeSecurityGroupRulesInput{
|
||||
Filters: []*ec2.Filter{
|
||||
&ec2.Filter{
|
||||
Name: aws.String("group-id"),
|
||||
Values: []*string{
|
||||
aws.String(sgID),
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return sgID, err
|
||||
}
|
||||
|
||||
for _, rule := range describeSGROutput.SecurityGroupRules {
|
||||
if *rule.IsEgress {
|
||||
revokeOutput, err := a.ec2.RevokeSecurityGroupEgress(&ec2.RevokeSecurityGroupEgressInput{
|
||||
GroupId: aws.String(sgID),
|
||||
SecurityGroupRuleIds: []*string{
|
||||
rule.SecurityGroupRuleId,
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return sgID, err
|
||||
}
|
||||
if !*revokeOutput.Return {
|
||||
return sgID, fmt.Errorf("Failed to revoke security group %s's egress rule %s", sgID, *rule.SecurityGroupRuleId)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sgEgressOutput, err := a.ec2.AuthorizeSecurityGroupEgress(&ec2.AuthorizeSecurityGroupEgressInput{
|
||||
GroupId: aws.String(sgID),
|
||||
IpPermissions: []*ec2.IpPermission{
|
||||
&ec2.IpPermission{
|
||||
IpProtocol: aws.String(ec2.ProtocolTcp),
|
||||
FromPort: aws.Int64(1),
|
||||
ToPort: aws.Int64(65535),
|
||||
IpRanges: []*ec2.IpRange{
|
||||
&ec2.IpRange{
|
||||
CidrIp: aws.String(fmt.Sprintf("%s/32", hostIP)),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return sgID, err
|
||||
}
|
||||
if !*sgEgressOutput.Return {
|
||||
return sgID, fmt.Errorf("Unable to attach egress rules to SG")
|
||||
}
|
||||
|
||||
describeSGOutput, err = a.ec2.DescribeSecurityGroups(&ec2.DescribeSecurityGroupsInput{
|
||||
GroupIds: []*string{
|
||||
aws.String(sgID),
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return sgID, err
|
||||
}
|
||||
|
||||
// SGs are created with a predefind egress rule that allows all outgoing traffic, so expecting 1 outbound rule
|
||||
if len(describeSGOutput.SecurityGroups[0].IpPermissions) != 1 || len(describeSGOutput.SecurityGroups[0].IpPermissionsEgress) != 1 {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue