# AWS EC2 {% hint style="info" %} The following documentation is for **AWS EC2 v1.6.4** *(BDK)*. {% endhint %} ## Overview Amazon EC2 (Elastic Compute Cloud) provides resizable compute capacity in the cloud for running applications. This integration enables automated instance management, server provisioning, and cloud infrastructure automation workflows. Scale computing resources dynamically and optimize cloud infrastructure operations. ## Prerequisites ### 1. Required Books The following Book(s) need to be added to your agent so it can learn and understand the automation procedures defined within them: * **AWS EC2** #### How to Add the Book(s) 1. Go to **Books** → **All Books**. 2. Search for the name of the book and click on it. 3. Click on **Install** or **Add Connection** to add the book to your agent. 4. If adding a connection, you'll be prompted for [**connectivity**](#connectivity) details. ## Connectivity This section outlines the available methods for connecting to the Book, along with the required configuration details for each. ### Connect using AWS Access key ID, AWS Secret Access Key, AWS Region, AWS Role ARN and AWS External ID Assumes a role using the provided AWS credentials. | Label | Description | Type | | --------------------- | -------------------------------------------------------------------------- | ----------- | | AWS Access key ID | The AWS Access Key ID for the initial authentication. | `text` | | AWS Secret Access Key | The AWS Secret Access Key for the initial authentication. | `sensitive` | | AWS Region | The AWS Region for the initial authentication. | `text` | | AWS Role ARN | The ARN of the role to assume. | `text` | | AWS External ID | An optional external ID that might be required by the role's trust policy. | `sensitive` | ### Connect using AWS Access key ID, AWS Secret Access Key and AWS Region Connects to an API using the provided API key. | Label | Description | Type | | --------------------- | ------------------------- | ----------- | | AWS Access key ID | The AWS Access Key ID | `text` | | AWS Secret Access Key | The AWS Secret Access Key | `sensitive` | | AWS Region | The AWS Region | `text` | ## Procedures ### to attach a rule to a security group Create an ingress or egress rule in a security group. **Input Concepts** | Concept | Description | Type | Required | Default Value | | --------------------------------------- | ------------------------------------------------------------------------ | ---------------------- | -------- | ------------- | | [`security group`](#ec2-security-group) | A security group to authorize | `ec2 security group` | Yes | (no default) | | `rule type` | The type of rule to add (ingress or egress) | `conceptual` or `text` | Yes | (no default) | | [`ip permissions`](#ec2-ip-permission) | A list of IpPermission objects representing the permissions to authorize | `ec2 ip permission` | Yes | (no default) | **Examples** ```generic get '[{"cidr_ip": "186.137.54.107/32", "description": "SSH access from specific IP"}]' as a json use the above as the ip ranges create a json use the above as the permission set the permission's "ip_protocol" to "tcp" set the permission's "from_port" to 22 set the permission's "to_port" to 22 set the permission's "ip_ranges" to the ip ranges the permission imagine the permissions add the permission to the permissions attach a rule to the security group the rule type is "ingress" the ip permissions are the permissions attach a rule to the security group the rule type is "egress" the ip permissions are the permissions ``` ### to get (security groups) from *ec2* ![FILTER - CAPABLE](https://img.shields.io/static/v1?label=FILTER\&message=CAPABLE\&color=blue) Get security groups from EC2. **Output Concepts** | Concept | Description | Type | | ----------------- | -------------------------- | ------ | | `security groups` | A list of security groups. | `json` | **Examples** Get all security groups from EC2 ```generic get some security groups from ec2 ``` Get security groups filtered by name ```generic get some security groups from ec2 whose group-name is "bdk-test" ``` ### to get some (security group's rules) Get security group rules for a security group in EC2. **Input Concepts** | Concept | Description | Type | Required | Default Value | | --------------------------------------- | ------------------------------------ | -------------------- | -------- | ------------- | | [`security group`](#ec2-security-group) | The security group to get rules for. | `ec2 security group` | Yes | (no default) | **Output Concepts** | Concept | Description | Type | | ---------------------------------------------------- | ------------------------------- | ------------------------- | | [`security group's rules`](#ec2-security-group-rule) | A list of security group rules. | `ec2 security group rule` | **Examples** Get security group rules from a specific security group ```generic get some security groups from ec2 whose group-name is "bdk-test" get the security group's rules ``` ### to revoke a security group rule Delete a security group rule from a security group. **Input Concepts** | Concept | Description | Type | Required | Default Value | | ------------------------------------------------- | ----------------------------------- | ------------------------- | -------- | ------------- | | [`security group rule`](#ec2-security-group-rule) | A security group rule to be revoked | `ec2 security group rule` | Yes | (no default) | **Examples** Revoke all existing security group rules from a security group ```generic get some security groups from ec2 whose group-name is "bdk-test" get the security group's rules the rules process each rule as follows the rule use the above as the security rule revoke the security rule ``` ## Concepts ### Ec2 security group Represents an EC2 security group. | Field Name | Description | Type | | ------------------ | ------------------------------------------------------ | ----------------- | | `id` | The ID of the security group. | `text` | | `name` | The name of the security group. | `text` | | `description` | The description of the security group. | `text` | | `vpc_id` | The ID of the VPC to which the security group belongs. | `text` | | [`tags`](#aws-tag) | A list of tags associated with the security group. | `list of aws tag` | ### Aws tag Represents an AWS tag. | Field Name | Description | Type | | ---------- | --------------------- | ------ | | `key` | The key of the tag. | `text` | | `value` | The value of the tag. | `text` | ### Ec2 ip permission Represents an IP permission for an EC2 security group. | Field Name | Description | Type | | ------------------------------------------------------- | ----------------------------------------------- | ------------------------ | | `ip_protocol` | The IP protocol for the permission. | `text` | | `from_port` | The start port for the permission. | `number` | | `to_port` | The end port for the permission. | `number` | | [`ip_ranges`](#ip_ranges-ec2-ip-permission) | The list of IP ranges for the permission. | `optional[list of json]` | | [`ipv6_ranges`](#ipv6_ranges-ec2-ip-permission) | The list of IPv6 ranges for the permission. | `optional[list of json]` | | [`prefix_list_ids`](#prefix_list_ids-ec2-ip-permission) | The list of prefix list IDs for the permission. | `optional[list of json]` | ### Ec2 security group rule Represents an EC2 security group rule. | Field Name | Description | Type | | ------------------ | ------------------------------------------------------------------ | ----------------- | | `rule_id` | The ID of the security group rule. | `text` | | `group_id` | The ID of the security group. | `text` | | `group_owner_id` | The AWS account ID of the security group owner. | `text` | | `is_egress` | Whether the rule is an egress rule (True) or ingress rule (False). | `boolean` | | `ip_protocol` | The IP protocol for the rule. | `text` | | `from_port` | The start port (or ICMP type) for the rule. | `number` | | `to_port` | The end port (or ICMP code) for the rule. | `number` | | [`tags`](#aws-tag) | A list of tags associated with the security group rule. | `list of aws tag` | | `rule_arn` | The ARN of the security group rule. | `text` | | `cidr_ipv4` | The IPv4 CIDR range for the rule, if applicable. | `optional[text]` | **Concept attribute specifications** **ip\_ranges (ec2 ip permission)** | Name | Type | | ------------- | ---------------- | | `description` | `optional[text]` | | `cidr_ip` | `optional[text]` | **ipv6\_ranges (ec2 ip permission)** | Name | Type | | ------------- | ---------------- | | `description` | `optional[text]` | | `cidr_ipv6` | `optional[text]` | **prefix\_list\_ids (ec2 ip permission)** | Name | Type | | ---------------- | ---------------- | | `description` | `optional[text]` | | `prefix_list_id` | `optional[text]` |