Search in sources :

Example 1 with CreateSecurityGroupRequest

use of com.amazonaws.services.ec2.model.CreateSecurityGroupRequest in project GNS by MobilityFirst.

the class AWSEC2 method createSecurityGroup.

/**
   * Create a New Security Group with our standard permissions
   *
   * @param ec2
   * @param name
   * @return the name of the new group
   */
public static String createSecurityGroup(AmazonEC2 ec2, String name) {
    CreateSecurityGroupRequest securityGroupRequest = new CreateSecurityGroupRequest(name, name + " security group");
    ec2.createSecurityGroup(securityGroupRequest);
    AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest();
    ingressRequest.setGroupName(name);
    List<IpPermission> permissions = new ArrayList<>();
    // open up ping (echo request)
    permissions.add(new IpPermission().withIpProtocol(ICMPPROTOCOL).withFromPort(ECHOTYPE).withToPort(WILDCARDCODE).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(SSHPORT).withToPort(SSHPORT).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPPORT).withToPort(HTTPPORT).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPNONROOTPORT).withToPort(HTTPNONROOTPORT).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPSPORT).withToPort(HTTPSPORT).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(MYSQLPORT).withToPort(MYSQLPORT).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(20000).withToPort(30000).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(UDPPROTOCOL).withFromPort(20000).withToPort(30000).withIpRanges(IPRANGESALL));
    ingressRequest.setIpPermissions(permissions);
    ec2.authorizeSecurityGroupIngress(ingressRequest);
    return name;
}
Also used : ArrayList(java.util.ArrayList) AuthorizeSecurityGroupIngressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest) IpPermission(com.amazonaws.services.ec2.model.IpPermission) CreateSecurityGroupRequest(com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)

Example 2 with CreateSecurityGroupRequest

use of com.amazonaws.services.ec2.model.CreateSecurityGroupRequest in project Synapse-Stack-Builder by Sage-Bionetworks.

the class EC2SecuritySetup method setupResources.

/**
 * Create the EC2 security group that all elastic beanstalk instances will belong to.
 *
 * @param ec2Client - valid AmazonEC2Client
 * @param stack - The name of this stack.
 * @param instance - The name of this stack instance.
 * @param cidrForSSH - The classless inter-domain routing to be used for SSH access to these machines.
 * @return
 */
public void setupResources() {
    CreateSecurityGroupRequest request = new CreateSecurityGroupRequest();
    request.setDescription(config.getElasticSecurityGroupDescription());
    request.setGroupName(config.getElasticSecurityGroupName());
    createSecurityGroup(request);
    // Setup the permissions for this group:
    // Allow anyone to access port 80 (HTTP)
    addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTP).withToPort(PORT_HTTP).withIpRanges(CIDR_ALL_IP));
    // Allow anyone to access port 443 (HTTPS)
    addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTPS).withToPort(PORT_HTTPS).withIpRanges(CIDR_ALL_IP));
    // Only allow ssh to the given address
    addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_SSH).withToPort(PORT_SSH).withIpRanges(config.getCIDRForSSH()));
    // Return the group name
    DescribeSecurityGroupsResult result = ec2Client.describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupNames(request.getGroupName()));
    if (result.getSecurityGroups() == null || result.getSecurityGroups().size() != 1)
        throw new IllegalStateException("Did not find one and ony one EC2 secruity group with the name: " + request.getGroupName());
    // Add this to the resources
    SecurityGroup group = result.getSecurityGroups().get(0);
    resources.setElasticBeanstalkEC2SecurityGroup(group);
    // Create the key pair.
    resources.setStackKeyPair(createOrGetKeyPair());
}
Also used : DescribeSecurityGroupsRequest(com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest) IpPermission(com.amazonaws.services.ec2.model.IpPermission) DescribeSecurityGroupsResult(com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) CreateSecurityGroupRequest(com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)

Example 3 with CreateSecurityGroupRequest

use of com.amazonaws.services.ec2.model.CreateSecurityGroupRequest in project Synapse-Stack-Builder by Sage-Bionetworks.

the class EC2SecuritySetupTest method testCreateGroupUnknownError.

@Test(expected = AmazonServiceException.class)
public void testCreateGroupUnknownError() {
    // For this case make sure an unknown error gets thrown
    AmazonServiceException exception = new AmazonServiceException("Some error");
    exception.setErrorCode("unknown code");
    CreateSecurityGroupRequest request = new CreateSecurityGroupRequest();
    when(mockEC2Client.createSecurityGroup(request)).thenThrow(exception);
    ec2SecuritySetup.createSecurityGroup(request);
}
Also used : AmazonServiceException(com.amazonaws.AmazonServiceException) CreateSecurityGroupRequest(com.amazonaws.services.ec2.model.CreateSecurityGroupRequest) Test(org.junit.Test)

Example 4 with CreateSecurityGroupRequest

use of com.amazonaws.services.ec2.model.CreateSecurityGroupRequest in project aws-doc-sdk-examples by awsdocs.

the class CreateSecurityGroup method main.

public static void main(String[] args) {
    final String USAGE = "To run this example, supply a group name, group description and vpc id\n" + "Ex: CreateSecurityGroup <group-name> <group-description> <vpc-id>\n";
    if (args.length != 3) {
        System.out.println(USAGE);
        System.exit(1);
    }
    String group_name = args[0];
    String group_desc = args[1];
    String vpc_id = args[2];
    final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient();
    CreateSecurityGroupRequest create_request = new CreateSecurityGroupRequest().withGroupName(group_name).withDescription(group_desc).withVpcId(vpc_id);
    CreateSecurityGroupResult create_response = ec2.createSecurityGroup(create_request);
    System.out.printf("Successfully created security group named %s", group_name);
    IpRange ip_range = new IpRange().withCidrIp("0.0.0.0/0");
    IpPermission ip_perm = new IpPermission().withIpProtocol("tcp").withToPort(80).withFromPort(80).withIpv4Ranges(ip_range);
    IpPermission ip_perm2 = new IpPermission().withIpProtocol("tcp").withToPort(22).withFromPort(22).withIpv4Ranges(ip_range);
    AuthorizeSecurityGroupIngressRequest auth_request = new AuthorizeSecurityGroupIngressRequest().withGroupName(group_name).withIpPermissions(ip_perm, ip_perm2);
    AuthorizeSecurityGroupIngressResult auth_response = ec2.authorizeSecurityGroupIngress(auth_request);
    System.out.printf("Successfully added ingress policy to security group %s", group_name);
}
Also used : IpRange(com.amazonaws.services.ec2.model.IpRange) AuthorizeSecurityGroupIngressResult(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressResult) CreateSecurityGroupResult(com.amazonaws.services.ec2.model.CreateSecurityGroupResult) AuthorizeSecurityGroupIngressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest) AmazonEC2(com.amazonaws.services.ec2.AmazonEC2) IpPermission(com.amazonaws.services.ec2.model.IpPermission) CreateSecurityGroupRequest(com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)

Example 5 with CreateSecurityGroupRequest

use of com.amazonaws.services.ec2.model.CreateSecurityGroupRequest in project SimianArmy by Netflix.

the class AWSClient method createSecurityGroup.

/**
 * {@inheritDoc}
 */
public String createSecurityGroup(String instanceId, String name, String description) {
    String vpcId = getVpcId(instanceId);
    AmazonEC2 ec2Client = ec2Client();
    CreateSecurityGroupRequest request = new CreateSecurityGroupRequest();
    request.setGroupName(name);
    request.setDescription(description);
    request.setVpcId(vpcId);
    LOGGER.info(String.format("Creating EC2 security group %s.", name));
    CreateSecurityGroupResult result = ec2Client.createSecurityGroup(request);
    return result.getGroupId();
}
Also used : AmazonEC2(com.amazonaws.services.ec2.AmazonEC2)

Aggregations

CreateSecurityGroupRequest (com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)10 IpPermission (com.amazonaws.services.ec2.model.IpPermission)5 AmazonServiceException (com.amazonaws.AmazonServiceException)4 AmazonEC2 (com.amazonaws.services.ec2.AmazonEC2)4 AuthorizeSecurityGroupIngressRequest (com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest)4 CreateSecurityGroupResult (com.amazonaws.services.ec2.model.CreateSecurityGroupResult)4 Test (org.junit.Test)3 DescribeKeyPairsRequest (com.amazonaws.services.ec2.model.DescribeKeyPairsRequest)2 DescribeKeyPairsResult (com.amazonaws.services.ec2.model.DescribeKeyPairsResult)2 DescribeSecurityGroupsRequest (com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest)2 DescribeSecurityGroupsResult (com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult)2 IpRange (com.amazonaws.services.ec2.model.IpRange)2 SecurityGroup (com.amazonaws.services.ec2.model.SecurityGroup)2 AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)1 AuthorizeSecurityGroupIngressResult (com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressResult)1 CreateKeyPairRequest (com.amazonaws.services.ec2.model.CreateKeyPairRequest)1 CreateKeyPairResult (com.amazonaws.services.ec2.model.CreateKeyPairResult)1 DescribeInstancesRequest (com.amazonaws.services.ec2.model.DescribeInstancesRequest)1 DescribeInstancesResult (com.amazonaws.services.ec2.model.DescribeInstancesResult)1 KeyPairInfo (com.amazonaws.services.ec2.model.KeyPairInfo)1