AWS code-library documentation change
Summary
Added Swift SDK code example demonstrating EC2 instance lifecycle management including key pair creation, security group configuration, instance launch/stop/termination, and Elastic IP management
Security assessment
The change adds documentation about security best practices including temporary key pair management with automatic cleanup, security group configuration restricting SSH access to current IP, and proper resource cleanup. While these are security-related features, there's no evidence of addressing a specific vulnerability or security incident.
Diff
diff --git a/code-library/latest/ug/ec2_example_ec2_Scenario_GetStartedInstances_section.md b/code-library/latest/ug/ec2_example_ec2_Scenario_GetStartedInstances_section.md index dc8bb1120..1009c8223 100644 --- a//code-library/latest/ug/ec2_example_ec2_Scenario_GetStartedInstances_section.md +++ b//code-library/latest/ug/ec2_example_ec2_Scenario_GetStartedInstances_section.md @@ -8910,0 +8911,1192 @@ The main entry point for the scenario. +Swift + + +**SDK for Swift** + + +###### Note + +There's more on GitHub. Find the complete example and learn how to set up and run in the [AWS Code Examples Repository](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/swift/example_code/ec2#code-examples). + +The `Package.swift` file. + + + // swift-tools-version: 5.9 + // + // The swift-tools-version declares the minimum version of Swift required to + // build this package. + + import PackageDescription + + let package = Package( + name: "ec2-scenario", + // Let Xcode know the minimum Apple platforms supported. + platforms: [ + .macOS(.v13), + .iOS(.v15) + ], + dependencies: [ + // Dependencies declare other packages that this package depends on. + .package( + url: "https://github.com/awslabs/aws-sdk-swift", + from: "1.4.0"), + .package( + url: "https://github.com/apple/swift-argument-parser.git", + branch: "main" + ) + ], + targets: [ + // Targets are the basic building blocks of a package, defining a module or a test suite. + // Targets can depend on other targets in this package and products + // from dependencies. + .executableTarget( + name: "ec2-scenario", + dependencies: [ + .product(name: "AWSEC2", package: "aws-sdk-swift"), + .product(name: "AWSSSM", package: "aws-sdk-swift"), + .product(name: "ArgumentParser", package: "swift-argument-parser") + ], + path: "Sources") + + ] + ) + + + +The `entry.swift` file. + + + // An example that shows how to use the AWS SDK for Swift to perform a variety + // of operations using Amazon Elastic Compute Cloud (EC2). + // + + import ArgumentParser + import Foundation + import AWSEC2 + + // Allow waiters to be used. + + import class SmithyWaitersAPI.Waiter + import struct SmithyWaitersAPI.WaiterOptions + + import AWSSSM + + struct ExampleCommand: ParsableCommand { + @Option(help: "The AWS Region to run AWS API calls in.") + var awsRegion = "us-east-1" + + @Option( + help: ArgumentHelp("The level of logging for the Swift SDK to perform."), + completion: .list([ + "critical", + "debug", + "error", + "info", + "notice", + "trace", + "warning" + ]) + ) + var logLevel: String = "error" + + static var configuration = CommandConfiguration( + commandName: "ec2-scenario", + abstract: """ + Performs various operations to demonstrate the use of Amazon EC2 using the + AWS SDK for Swift. + """, + discussion: """ + """ + ) + + /// Called by ``main()`` to run the bulk of the example. + func runAsync() async throws { + let ssmConfig = try await SSMClient.SSMClientConfiguration(region: awsRegion) + let ssmClient = SSMClient(config: ssmConfig) + + let ec2Config = try await EC2Client.EC2ClientConfiguration(region: awsRegion) + let ec2Client = EC2Client(config: ec2Config) + + let example = Example(ec2Client: ec2Client, ssmClient: ssmClient) + + await example.run() + } + } + + class Example { + let ec2Client: EC2Client + let ssmClient: SSMClient + + // Storage for AWS EC2 properties. + + var keyName: String? = nil + var securityGroupId: String? = nil + var instanceId: String? = nil + var allocationId: String? = nil + var associationId: String? = nil + + init(ec2Client: EC2Client, ssmClient: SSMClient) { + self.ec2Client = ec2Client + self.ssmClient = ssmClient + } + + /// The example's main body. + func run() async { + //===================================================================== + // 1. Create an RSA key pair, saving the private key as a `.pem` file. + // Create a `defer` block that will delete the private key when the + // program exits. + //===================================================================== + + print("Creating an RSA key pair...") + + keyName = self.tempName(prefix: "ExampleKeyName") + let keyUrl = await self.createKeyPair(name: keyName!) + + guard let keyUrl else { + print("*** Failed to create the key pair!") + return + } + + print("Created the private key at: \(keyUrl.absoluteString)") + + // Schedule deleting the private key file to occur automatically when + // the program exits, no matter how it exits. + + defer { + do { + try FileManager.default.removeItem(at: keyUrl) + } catch { + print("*** Failed to delete the private key at \(keyUrl.absoluteString)") + } + } + + //===================================================================== + // 2. List the key pairs by calling `DescribeKeyPairs`. + //===================================================================== + + print("Describing available key pairs...") + await self.describeKeyPairs() + + //===================================================================== + // 3. Create a security group for the default VPC, and add an inbound + // rule to allow SSH from the current computer's public IPv4 + // address. + //===================================================================== + + print("Creating the security group...") + + let secGroupName = self.tempName(prefix: "ExampleSecurityGroup") + let ipAddress = self.getMyIPAddress() + + guard let ipAddress else { + print("*** Unable to get the device's IP address.") + return + } + + print("IP address is: \(ipAddress)") + + securityGroupId = await self.createSecurityGroup( + name: secGroupName, + description: "An example security group created using the AWS SDK for Swift" + ) + + if securityGroupId == nil { + await cleanUp()