feat: add sg to ingress & egress

Author: Komalis

easyecs/cloudformation/template/__init__.py

@@ -128,6 +128,20 @@ def create_load_balancer(stack, ecs_manifest: EcsFileModel, vpc):
                             ),
                             description=egress_rule.name,
                         )
+                    elif egress_rule.security_group_id:
+                        lb_security_group.add_egress_rule(
+                            peer=SecurityGroup.from_security_group_id(
+                                stack,
+                                "egress_rule_sg",
+                                security_group_id=egress_rule.security_group_id,
+                            ),
+                            connection=(
+                                Port.tcp(egress_rule.port)
+                                if egress_rule.port != -1
+                                else Port.all_traffic()
+                            ),
+                            description=egress_rule.name,
+                        )
             if ecs_manifest.load_balancer.security_group_rules.ingress:
                 for (
                     ingress_rule
@@ -156,6 +170,20 @@ def create_load_balancer(stack, ecs_manifest: EcsFileModel, vpc):
                             ),
                             description=ingress_rule.name,
                         )
+                    elif ingress_rule.security_group_id:
+                        lb_security_group.add_ingress_rule(
+                            peer=SecurityGroup.from_security_group_id(
+                                stack,
+                                "ingress_rule_sg",
+                                security_group_id=ingress_rule.security_group_id,
+                            ),
+                            connection=(
+                                Port.tcp(ingress_rule.port)
+                                if ingress_rule.port != -1
+                                else Port.all_traffic()
+                            ),
+                            description=ingress_rule.name,
+                        )
         listener = lb.add_listener(
             "NlbListener", port=ecs_manifest.load_balancer.listener_port
         )

easyecs/model/ecs.py

@@ -155,13 +155,15 @@ class SecurityGroupRule(BaseModel):
     port: int
     cidr: Optional[str] = None
     prefix_list: Optional[str] = None
+    security_group_id: Optional[str] = None
 
     @model_validator(mode="after")
     def validate_cidr(self):
-        if self.prefix_list is not None and self.cidr is not None:
-            raise ValueError("A rule is either a CIDR or a prefix list, not both!")
-        if self.prefix_list is None and self.cidr is None:
-            raise ValueError("A rule is either a CIDR or a prefix list, not none!")
+        has_at_least_two_true = lambda lst: sum(lst) >= 2
+        if has_at_least_two_true([self.prefix_list is not None, self.cidr is not None, self.security_group_id is not None]):
+            raise ValueError("A rule is either a CIDR, a security group id or a prefix list!")
+        if self.prefix_list is None and self.cidr is None and self.security_group_id is None:
+            raise ValueError("A rule is either a CIDR, a security group id or a prefix list, not none!")
         return self