ec2-authorizeしてるあたり。

ec2-describe-group | egrep "[[:space:]]$CLUSTER_MASTER[[:space:]]" > /dev/null
if [ ! $? -eq 0 ]; then
  echo "Creating group $CLUSTER_MASTER"
  ec2-add-group $CLUSTER_MASTER -d "Group for Hadoop Master."
  ec2-authorize $CLUSTER_MASTER -o $CLUSTER_MASTER -u $AWS_ACCOUNT_ID
  ec2-authorize $CLUSTER_MASTER -p 22    # ssh


  if [ $ENABLE_WEB_PORTS == "true" ]; then
    ec2-authorize $CLUSTER_MASTER -p 50030 # JobTracker web interface

    ec2-authorize $CLUSTER_MASTER -p 50060 # TaskTracker web interface

  fi
fi

ec2-describe-group | egrep "[[:space:]]$CLUSTER[[:space:]]" > /dev/null
if [ ! $? -eq 0 ]; then
  echo "Creating group $CLUSTER"
  ec2-add-group $CLUSTER -d "Group for Hadoop Slaves."
  ec2-authorize $CLUSTER -o $CLUSTER -u $AWS_ACCOUNT_ID
  ec2-authorize $CLUSTER -p 22    # ssh


  if [ $ENABLE_WEB_PORTS == "true" ]; then
    ec2-authorize $CLUSTER -p 50030 # JobTracker web interface

    ec2-authorize $CLUSTER -p 50060 # TaskTracker web interface

  fi

  ec2-authorize $CLUSTER_MASTER -o $CLUSTER -u $AWS_ACCOUNT_ID
  ec2-authorize $CLUSTER -o $CLUSTER_MASTER -u $AWS_ACCOUNT_ID
fi

• Net::Amazon::EC2::SecurityGroupとNet::Amazon::EC2::IpPermissionを渡すと中身を確認して追加してくれる