{-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE TypeFamilies #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-binds #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Network.AWS.EC2.DescribeSecurityGroups -- Copyright : (c) 2013-2016 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) -- -- Describes one or more of your security groups. -- -- -- A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see in the /Amazon Elastic Compute Cloud User Guide/ and in the /Amazon Virtual Private Cloud User Guide/ . -- module Network.AWS.EC2.DescribeSecurityGroups ( -- * Creating a Request describeSecurityGroups , DescribeSecurityGroups -- * Request Lenses , dsgsFilters , dsgsGroupNames , dsgsGroupIds , dsgsDryRun -- * Destructuring the Response , describeSecurityGroupsResponse , DescribeSecurityGroupsResponse -- * Response Lenses , dsgrsSecurityGroups , dsgrsResponseStatus ) where import Network.AWS.EC2.Types import Network.AWS.EC2.Types.Product import Network.AWS.Lens import Network.AWS.Prelude import Network.AWS.Request import Network.AWS.Response -- | Contains the parameters for DescribeSecurityGroups. -- -- -- -- /See:/ 'describeSecurityGroups' smart constructor. data DescribeSecurityGroups = DescribeSecurityGroups' { _dsgsFilters :: !(Maybe [Filter]) , _dsgsGroupNames :: !(Maybe [Text]) , _dsgsGroupIds :: !(Maybe [Text]) , _dsgsDryRun :: !(Maybe Bool) } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'DescribeSecurityGroups' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'dsgsFilters' - One or more filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters. * @description@ - The description of the security group. * @egress.ip-permission.prefix-list-id@ - The ID (prefix) of the AWS service to which the security group allows access. * @group-id@ - The ID of the security group. * @group-name@ - The name of the security group. * @ip-permission.cidr@ - An IPv4 CIDR range that has been granted permission in a security group rule. * @ip-permission.from-port@ - The start of port range for the TCP and UDP protocols, or an ICMP type number. * @ip-permission.group-id@ - The ID of a security group that has been granted permission. * @ip-permission.group-name@ - The name of a security group that has been granted permission. * @ip-permission.ipv6-cidr@ - An IPv6 CIDR range that has been granted permission in a security group rule. * @ip-permission.protocol@ - The IP protocol for the permission (@tcp@ | @udp@ | @icmp@ or a protocol number). * @ip-permission.to-port@ - The end of port range for the TCP and UDP protocols, or an ICMP code. * @ip-permission.user-id@ - The ID of an AWS account that has been granted permission. * @owner-id@ - The AWS account ID of the owner of the security group. * @tag-key@ - The key of a tag assigned to the security group. * @tag-value@ - The value of a tag assigned to the security group. * @vpc-id@ - The ID of the VPC specified when the security group was created. -- -- * 'dsgsGroupNames' - [EC2-Classic and default VPC only] One or more security group names. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the @group-name@ filter to describe security groups by name. Default: Describes all your security groups. -- -- * 'dsgsGroupIds' - One or more security group IDs. Required for security groups in a nondefault VPC. Default: Describes all your security groups. -- -- * 'dsgsDryRun' - Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is @DryRunOperation@ . Otherwise, it is @UnauthorizedOperation@ . describeSecurityGroups :: DescribeSecurityGroups describeSecurityGroups = DescribeSecurityGroups' { _dsgsFilters = Nothing , _dsgsGroupNames = Nothing , _dsgsGroupIds = Nothing , _dsgsDryRun = Nothing } -- | One or more filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters. * @description@ - The description of the security group. * @egress.ip-permission.prefix-list-id@ - The ID (prefix) of the AWS service to which the security group allows access. * @group-id@ - The ID of the security group. * @group-name@ - The name of the security group. * @ip-permission.cidr@ - An IPv4 CIDR range that has been granted permission in a security group rule. * @ip-permission.from-port@ - The start of port range for the TCP and UDP protocols, or an ICMP type number. * @ip-permission.group-id@ - The ID of a security group that has been granted permission. * @ip-permission.group-name@ - The name of a security group that has been granted permission. * @ip-permission.ipv6-cidr@ - An IPv6 CIDR range that has been granted permission in a security group rule. * @ip-permission.protocol@ - The IP protocol for the permission (@tcp@ | @udp@ | @icmp@ or a protocol number). * @ip-permission.to-port@ - The end of port range for the TCP and UDP protocols, or an ICMP code. * @ip-permission.user-id@ - The ID of an AWS account that has been granted permission. * @owner-id@ - The AWS account ID of the owner of the security group. * @tag-key@ - The key of a tag assigned to the security group. * @tag-value@ - The value of a tag assigned to the security group. * @vpc-id@ - The ID of the VPC specified when the security group was created. dsgsFilters :: Lens' DescribeSecurityGroups [Filter] dsgsFilters = lens _dsgsFilters (\ s a -> s{_dsgsFilters = a}) . _Default . _Coerce; -- | [EC2-Classic and default VPC only] One or more security group names. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the @group-name@ filter to describe security groups by name. Default: Describes all your security groups. dsgsGroupNames :: Lens' DescribeSecurityGroups [Text] dsgsGroupNames = lens _dsgsGroupNames (\ s a -> s{_dsgsGroupNames = a}) . _Default . _Coerce; -- | One or more security group IDs. Required for security groups in a nondefault VPC. Default: Describes all your security groups. dsgsGroupIds :: Lens' DescribeSecurityGroups [Text] dsgsGroupIds = lens _dsgsGroupIds (\ s a -> s{_dsgsGroupIds = a}) . _Default . _Coerce; -- | Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is @DryRunOperation@ . Otherwise, it is @UnauthorizedOperation@ . dsgsDryRun :: Lens' DescribeSecurityGroups (Maybe Bool) dsgsDryRun = lens _dsgsDryRun (\ s a -> s{_dsgsDryRun = a}); instance AWSRequest DescribeSecurityGroups where type Rs DescribeSecurityGroups = DescribeSecurityGroupsResponse request = postQuery ec2 response = receiveXML (\ s h x -> DescribeSecurityGroupsResponse' <$> (x .@? "securityGroupInfo" .!@ mempty >>= may (parseXMLList "item")) <*> (pure (fromEnum s))) instance Hashable DescribeSecurityGroups instance NFData DescribeSecurityGroups instance ToHeaders DescribeSecurityGroups where toHeaders = const mempty instance ToPath DescribeSecurityGroups where toPath = const "/" instance ToQuery DescribeSecurityGroups where toQuery DescribeSecurityGroups'{..} = mconcat ["Action" =: ("DescribeSecurityGroups" :: ByteString), "Version" =: ("2016-11-15" :: ByteString), toQuery (toQueryList "Filter" <$> _dsgsFilters), toQuery (toQueryList "GroupName" <$> _dsgsGroupNames), toQuery (toQueryList "GroupId" <$> _dsgsGroupIds), "DryRun" =: _dsgsDryRun] -- | Contains the output of DescribeSecurityGroups. -- -- -- -- /See:/ 'describeSecurityGroupsResponse' smart constructor. data DescribeSecurityGroupsResponse = DescribeSecurityGroupsResponse' { _dsgrsSecurityGroups :: !(Maybe [SecurityGroup]) , _dsgrsResponseStatus :: !Int } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'DescribeSecurityGroupsResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'dsgrsSecurityGroups' - Information about one or more security groups. -- -- * 'dsgrsResponseStatus' - -- | The response status code. describeSecurityGroupsResponse :: Int -- ^ 'dsgrsResponseStatus' -> DescribeSecurityGroupsResponse describeSecurityGroupsResponse pResponseStatus_ = DescribeSecurityGroupsResponse' { _dsgrsSecurityGroups = Nothing , _dsgrsResponseStatus = pResponseStatus_ } -- | Information about one or more security groups. dsgrsSecurityGroups :: Lens' DescribeSecurityGroupsResponse [SecurityGroup] dsgrsSecurityGroups = lens _dsgrsSecurityGroups (\ s a -> s{_dsgrsSecurityGroups = a}) . _Default . _Coerce; -- | -- | The response status code. dsgrsResponseStatus :: Lens' DescribeSecurityGroupsResponse Int dsgrsResponseStatus = lens _dsgrsResponseStatus (\ s a -> s{_dsgrsResponseStatus = a}); instance NFData DescribeSecurityGroupsResponse