use of com.amazonaws.services.ec2.model.CreateSecurityGroupRequest in project GNS by MobilityFirst.
the class AWSEC2 method createSecurityGroup.
/**
* Create a New Security Group with our standard permissions
*
* @param ec2
* @param name
* @return the name of the new group
*/
public static String createSecurityGroup(AmazonEC2 ec2, String name) {
CreateSecurityGroupRequest securityGroupRequest = new CreateSecurityGroupRequest(name, name + " security group");
ec2.createSecurityGroup(securityGroupRequest);
AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest();
ingressRequest.setGroupName(name);
List<IpPermission> permissions = new ArrayList<>();
// open up ping (echo request)
permissions.add(new IpPermission().withIpProtocol(ICMPPROTOCOL).withFromPort(ECHOTYPE).withToPort(WILDCARDCODE).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(SSHPORT).withToPort(SSHPORT).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPPORT).withToPort(HTTPPORT).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPNONROOTPORT).withToPort(HTTPNONROOTPORT).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPSPORT).withToPort(HTTPSPORT).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(MYSQLPORT).withToPort(MYSQLPORT).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(20000).withToPort(30000).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(UDPPROTOCOL).withFromPort(20000).withToPort(30000).withIpRanges(IPRANGESALL));
ingressRequest.setIpPermissions(permissions);
ec2.authorizeSecurityGroupIngress(ingressRequest);
return name;
}
use of com.amazonaws.services.ec2.model.CreateSecurityGroupRequest in project Synapse-Stack-Builder by Sage-Bionetworks.
the class EC2SecuritySetup method setupResources.
/**
* Create the EC2 security group that all elastic beanstalk instances will belong to.
*
* @param ec2Client - valid AmazonEC2Client
* @param stack - The name of this stack.
* @param instance - The name of this stack instance.
* @param cidrForSSH - The classless inter-domain routing to be used for SSH access to these machines.
* @return
*/
public void setupResources() {
CreateSecurityGroupRequest request = new CreateSecurityGroupRequest();
request.setDescription(config.getElasticSecurityGroupDescription());
request.setGroupName(config.getElasticSecurityGroupName());
createSecurityGroup(request);
// Setup the permissions for this group:
// Allow anyone to access port 80 (HTTP)
addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTP).withToPort(PORT_HTTP).withIpRanges(CIDR_ALL_IP));
// Allow anyone to access port 443 (HTTPS)
addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTPS).withToPort(PORT_HTTPS).withIpRanges(CIDR_ALL_IP));
// Only allow ssh to the given address
addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_SSH).withToPort(PORT_SSH).withIpRanges(config.getCIDRForSSH()));
// Return the group name
DescribeSecurityGroupsResult result = ec2Client.describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupNames(request.getGroupName()));
if (result.getSecurityGroups() == null || result.getSecurityGroups().size() != 1)
throw new IllegalStateException("Did not find one and ony one EC2 secruity group with the name: " + request.getGroupName());
// Add this to the resources
SecurityGroup group = result.getSecurityGroups().get(0);
resources.setElasticBeanstalkEC2SecurityGroup(group);
// Create the key pair.
resources.setStackKeyPair(createOrGetKeyPair());
}
use of com.amazonaws.services.ec2.model.CreateSecurityGroupRequest in project Synapse-Stack-Builder by Sage-Bionetworks.
the class EC2SecuritySetupTest method testCreateGroupUnknownError.
@Test(expected = AmazonServiceException.class)
public void testCreateGroupUnknownError() {
// For this case make sure an unknown error gets thrown
AmazonServiceException exception = new AmazonServiceException("Some error");
exception.setErrorCode("unknown code");
CreateSecurityGroupRequest request = new CreateSecurityGroupRequest();
when(mockEC2Client.createSecurityGroup(request)).thenThrow(exception);
ec2SecuritySetup.createSecurityGroup(request);
}
use of com.amazonaws.services.ec2.model.CreateSecurityGroupRequest in project aws-doc-sdk-examples by awsdocs.
the class CreateSecurityGroup method main.
public static void main(String[] args) {
final String USAGE = "To run this example, supply a group name, group description and vpc id\n" + "Ex: CreateSecurityGroup <group-name> <group-description> <vpc-id>\n";
if (args.length != 3) {
System.out.println(USAGE);
System.exit(1);
}
String group_name = args[0];
String group_desc = args[1];
String vpc_id = args[2];
final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient();
CreateSecurityGroupRequest create_request = new CreateSecurityGroupRequest().withGroupName(group_name).withDescription(group_desc).withVpcId(vpc_id);
CreateSecurityGroupResult create_response = ec2.createSecurityGroup(create_request);
System.out.printf("Successfully created security group named %s", group_name);
IpRange ip_range = new IpRange().withCidrIp("0.0.0.0/0");
IpPermission ip_perm = new IpPermission().withIpProtocol("tcp").withToPort(80).withFromPort(80).withIpv4Ranges(ip_range);
IpPermission ip_perm2 = new IpPermission().withIpProtocol("tcp").withToPort(22).withFromPort(22).withIpv4Ranges(ip_range);
AuthorizeSecurityGroupIngressRequest auth_request = new AuthorizeSecurityGroupIngressRequest().withGroupName(group_name).withIpPermissions(ip_perm, ip_perm2);
AuthorizeSecurityGroupIngressResult auth_response = ec2.authorizeSecurityGroupIngress(auth_request);
System.out.printf("Successfully added ingress policy to security group %s", group_name);
}
use of com.amazonaws.services.ec2.model.CreateSecurityGroupRequest in project SimianArmy by Netflix.
the class AWSClient method createSecurityGroup.
/**
* {@inheritDoc}
*/
public String createSecurityGroup(String instanceId, String name, String description) {
String vpcId = getVpcId(instanceId);
AmazonEC2 ec2Client = ec2Client();
CreateSecurityGroupRequest request = new CreateSecurityGroupRequest();
request.setGroupName(name);
request.setDescription(description);
request.setVpcId(vpcId);
LOGGER.info(String.format("Creating EC2 security group %s.", name));
CreateSecurityGroupResult result = ec2Client.createSecurityGroup(request);
return result.getGroupId();
}
Aggregations