feat: add security group to ingress / egress loadbalancer handler

Author: Komalis

easyecs/cloudformation/template/__init__.py

@@ -128,6 +128,20 @@ def create_load_balancer(stack, ecs_manifest: EcsFileModel, vpc):
                             ),
                             description=egress_rule.name,
                         )
+                    elif egress_rule.security_group_id:
+                        lb_security_group.add_egress_rule(
+                            peer=SecurityGroup.from_security_group_id(
+                                stack,
+                                "egress_rule_sg",
+                                security_group_id=egress_rule.security_group_id,
+                            ),
+                            connection=(
+                                Port.tcp(egress_rule.port)
+                                if egress_rule.port != -1
+                                else Port.all_traffic()
+                            ),
+                            description=egress_rule.name,
+                        )
             if ecs_manifest.load_balancer.security_group_rules.ingress:
                 for (
                     ingress_rule
@@ -156,6 +170,20 @@ def create_load_balancer(stack, ecs_manifest: EcsFileModel, vpc):
                             ),
                             description=ingress_rule.name,
                         )
+                    elif ingress_rule.security_group_id:
+                        lb_security_group.add_ingress_rule(
+                            peer=SecurityGroup.from_security_group_id(
+                                stack,
+                                "ingress_rule_sg",
+                                security_group_id=ingress_rule.security_group_id,
+                            ),
+                            connection=(
+                                Port.tcp(ingress_rule.port)
+                                if ingress_rule.port != -1
+                                else Port.all_traffic()
+                            ),
+                            description=ingress_rule.name,
+                        )
         listener = lb.add_listener(
             "NlbListener", port=ecs_manifest.load_balancer.listener_port
         )

easyecs/model/ecs.py

@@ -150,13 +150,30 @@ class SecurityGroupRule(BaseModel):
     port: int
     cidr: Optional[str] = None
     prefix_list: Optional[str] = None
+    security_group_id: Optional[str] = None
 
     @model_validator(mode="after")
     def validate_cidr(self):
-        if self.prefix_list is not None and self.cidr is not None:
-            raise ValueError("A rule is either a CIDR or a prefix list, not both!")
-        if self.prefix_list is None and self.cidr is None:
-            raise ValueError("A rule is either a CIDR or a prefix list, not none!")
+        has_at_least_two_true = lambda lst: sum(lst) >= 2  # noqa: E731
+        if has_at_least_two_true(
+            [
+                self.prefix_list is not None,
+                self.cidr is not None,
+                self.security_group_id is not None,
+            ]
+        ):
+            raise ValueError(
+                "A rule is either a CIDR, a security group id or a prefix list!"
+            )
+        if (
+            self.prefix_list is None
+            and self.cidr is None
+            and self.security_group_id is None
+        ):
+            raise ValueError(
+                "A rule is either a CIDR, a security group id or a prefix list, not"
+                " none!"
+            )
         return self
 
 

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "easyecs"
-version = "0.16.1"
+version = "0.17.0"
 description = ""
 authors = ["BONVARLET Benjamin <benjaminbonvarlet96@gmail.com>"]
 readme = "README.md"