Security Groups

See here for background on Security Groups.

The evroc CLI allows users to create and manage security groups.

Creating Security Groups

To create a security group, run:

$ evroc networking securitygroup create my-sg
my-sg creation requested

To add a rule to a security group, run:

$ evroc networking securitygroup addrule my-sg \
  --name=allow-ssh-from-anywhere \
  --direction=Ingress \
  --ip-address-or-cidr=0.0.0.0/0 \
  --port=22 \
  --protocol=TCP
allow-ssh-from-anywhere creation requested

Updating a VM to use a Security Group

When adding a VM to a security group, you must pass in the complete list of security groups that the VM should be in. So for example, if a VM is already in security groups "default-sto-1" and "allow-https" and you wish to add the VM to a new security group called "allow-ssh", you would need to run:

$ evroc compute vm update <VM name> --security-group=default-sto-1 --security-group=allow-https --security-group=allow-ssh

Deleting Security Group Rules

To delete a rule from a security group, run:

$ evroc networking securitygroup removerule my-sg --name=allow-ssh-from-anywhere
allow-ssh-from-anywhere deletion requested

Show Security Group Rules

To show the rules in a security group, run:

$ evroc networking securitygroup showrules my-sg
[
    {
        "name": "allow-ssh-from-anywhere",
        "direction": "Ingress",
        "protocol": "TCP",
        "port": 22,
        "remote": {
            "securityGroupRef": {},
            "subnetRef": {},
            "address": {
                "IPAddressOrCIDR": "0.0.0.0/0"
            }
        }
    }
]

Deleting Security Groups

To delete a security group, run:

$ evroc networking securitygroup delete my-sg
my-sg deletion requested