Search in sources :

Example 1 with AuthorizeSecurityGroupIngressRequest

use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project GNS by MobilityFirst.

the class AWSEC2 method createSecurityGroup.

/**
   * Create a New Security Group with our standard permissions
   *
   * @param ec2
   * @param name
   * @return the name of the new group
   */
public static String createSecurityGroup(AmazonEC2 ec2, String name) {
    CreateSecurityGroupRequest securityGroupRequest = new CreateSecurityGroupRequest(name, name + " security group");
    ec2.createSecurityGroup(securityGroupRequest);
    AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest();
    ingressRequest.setGroupName(name);
    List<IpPermission> permissions = new ArrayList<>();
    // open up ping (echo request)
    permissions.add(new IpPermission().withIpProtocol(ICMPPROTOCOL).withFromPort(ECHOTYPE).withToPort(WILDCARDCODE).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(SSHPORT).withToPort(SSHPORT).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPPORT).withToPort(HTTPPORT).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPNONROOTPORT).withToPort(HTTPNONROOTPORT).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPSPORT).withToPort(HTTPSPORT).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(MYSQLPORT).withToPort(MYSQLPORT).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(20000).withToPort(30000).withIpRanges(IPRANGESALL));
    permissions.add(new IpPermission().withIpProtocol(UDPPROTOCOL).withFromPort(20000).withToPort(30000).withIpRanges(IPRANGESALL));
    ingressRequest.setIpPermissions(permissions);
    ec2.authorizeSecurityGroupIngress(ingressRequest);
    return name;
}
Also used : ArrayList(java.util.ArrayList) AuthorizeSecurityGroupIngressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest) IpPermission(com.amazonaws.services.ec2.model.IpPermission) CreateSecurityGroupRequest(com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)

Example 2 with AuthorizeSecurityGroupIngressRequest

use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project incubator-gobblin by apache.

the class AWSSdkClient method addPermissionsToSecurityGroup.

/**
 * Open firewall for a security group
 *
 * @param groupName Open firewall for this security group
 * @param ipRanges Open firewall for this IP range
 * @param ipProtocol Open firewall for this protocol type (eg. tcp, udp)
 * @param fromPort Open firewall for port range starting at this port
 * @param toPort Open firewall for port range ending at this port
 */
public void addPermissionsToSecurityGroup(String groupName, String ipRanges, String ipProtocol, Integer fromPort, Integer toPort) {
    final AmazonEC2 amazonEC2 = getEc2Client();
    final IpPermission ipPermission = new IpPermission().withIpRanges(ipRanges).withIpProtocol(ipProtocol).withFromPort(fromPort).withToPort(toPort);
    final AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest().withGroupName(groupName).withIpPermissions(ipPermission);
    amazonEC2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
    LOGGER.info("Added permissions: " + ipPermission + " to security group: " + groupName);
}
Also used : AuthorizeSecurityGroupIngressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest) AmazonEC2(com.amazonaws.services.ec2.AmazonEC2) IpPermission(com.amazonaws.services.ec2.model.IpPermission)

Example 3 with AuthorizeSecurityGroupIngressRequest

use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project photon-model by vmware.

the class AWSSecurityGroupClient method addIngressRulesAsync.

public DeferredResult<Void> addIngressRulesAsync(String groupId, List<IpPermission> rules) {
    if (CollectionUtils.isNotEmpty(rules)) {
        AuthorizeSecurityGroupIngressRequest req = new AuthorizeSecurityGroupIngressRequest().withGroupId(groupId).withIpPermissions(rules);
        String message = "Create Ingress Rules on AWS Security Group with id [" + groupId + "].";
        AWSDeferredResultAsyncHandler<AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResult> handler = new AWSDeferredResultAsyncHandler<AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResult>(this.service, message) {

            @Override
            protected Exception consumeError(Exception e) {
                if (e instanceof AmazonEC2Exception && ((AmazonEC2Exception) e).getErrorCode().equals(SECURITY_GROUP_RULE_DUPLICATE)) {
                    Utils.log(AWSUtils.class, AWSUtils.class.getSimpleName(), Level.WARNING, () -> String.format("Ingress rules already exist: %s", Utils.toString(e)));
                    return null;
                } else {
                    return e;
                }
            }
        };
        this.client.authorizeSecurityGroupIngressAsync(req, handler);
        return handler.toDeferredResult().thenApply(r -> (Void) null);
    } else {
        return DeferredResult.completed(null);
    }
}
Also used : AWSUtils(com.vmware.photon.controller.model.adapters.awsadapter.AWSUtils) AuthorizeSecurityGroupIngressResult(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressResult) AuthorizeSecurityGroupIngressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest) AmazonServiceException(com.amazonaws.AmazonServiceException) AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception) AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception)

Example 4 with AuthorizeSecurityGroupIngressRequest

use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project aws-doc-sdk-examples by awsdocs.

the class CreateSecurityGroup method main.

public static void main(String[] args) {
    final String USAGE = "To run this example, supply a group name, group description and vpc id\n" + "Ex: CreateSecurityGroup <group-name> <group-description> <vpc-id>\n";
    if (args.length != 3) {
        System.out.println(USAGE);
        System.exit(1);
    }
    String group_name = args[0];
    String group_desc = args[1];
    String vpc_id = args[2];
    final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient();
    CreateSecurityGroupRequest create_request = new CreateSecurityGroupRequest().withGroupName(group_name).withDescription(group_desc).withVpcId(vpc_id);
    CreateSecurityGroupResult create_response = ec2.createSecurityGroup(create_request);
    System.out.printf("Successfully created security group named %s", group_name);
    IpRange ip_range = new IpRange().withCidrIp("0.0.0.0/0");
    IpPermission ip_perm = new IpPermission().withIpProtocol("tcp").withToPort(80).withFromPort(80).withIpv4Ranges(ip_range);
    IpPermission ip_perm2 = new IpPermission().withIpProtocol("tcp").withToPort(22).withFromPort(22).withIpv4Ranges(ip_range);
    AuthorizeSecurityGroupIngressRequest auth_request = new AuthorizeSecurityGroupIngressRequest().withGroupName(group_name).withIpPermissions(ip_perm, ip_perm2);
    AuthorizeSecurityGroupIngressResult auth_response = ec2.authorizeSecurityGroupIngress(auth_request);
    System.out.printf("Successfully added ingress policy to security group %s", group_name);
}
Also used : IpRange(com.amazonaws.services.ec2.model.IpRange) AuthorizeSecurityGroupIngressResult(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressResult) CreateSecurityGroupResult(com.amazonaws.services.ec2.model.CreateSecurityGroupResult) AuthorizeSecurityGroupIngressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest) AmazonEC2(com.amazonaws.services.ec2.AmazonEC2) IpPermission(com.amazonaws.services.ec2.model.IpPermission) CreateSecurityGroupRequest(com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)

Example 5 with AuthorizeSecurityGroupIngressRequest

use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project Synapse-Stack-Builder by Sage-Bionetworks.

the class EC2SecuritySetup method addPermission.

/**
 * Add a single permission to the passed group.  If the permission already exists, this will be a no-operation.
 * @param ec2Client
 * @param groupName
 * @param permission
 */
void addPermission(String groupName, IpPermission permission) {
    // Make sure we can access the machines from with the VPN
    try {
        List<IpPermission> permissions = new LinkedList<IpPermission>();
        permissions.add(permission);
        // Configure this group
        AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest(groupName, permissions);
        log.info("Adding IpPermission to group: '" + groupName + "'...");
        log.info("IpPermission: " + permission.toString() + "");
        ec2Client.authorizeSecurityGroupIngress(ingressRequest);
    } catch (AmazonServiceException e) {
        // Ignore duplicates
        if (ERROR_CODE_INVALID_PERMISSION_DUPLICATE.equals(e.getErrorCode())) {
            // This already exists
            log.info("IpPermission: " + permission.toString() + " already exists for '" + groupName + "'");
        } else {
            // Throw any other error
            throw e;
        }
    }
}
Also used : AmazonServiceException(com.amazonaws.AmazonServiceException) AuthorizeSecurityGroupIngressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest) IpPermission(com.amazonaws.services.ec2.model.IpPermission) LinkedList(java.util.LinkedList)

Aggregations

AuthorizeSecurityGroupIngressRequest (com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest)8 IpPermission (com.amazonaws.services.ec2.model.IpPermission)6 CreateSecurityGroupRequest (com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)4 AmazonServiceException (com.amazonaws.AmazonServiceException)3 AmazonEC2 (com.amazonaws.services.ec2.AmazonEC2)3 AuthorizeSecurityGroupIngressResult (com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressResult)3 AmazonEC2Exception (com.amazonaws.services.ec2.model.AmazonEC2Exception)2 DescribeKeyPairsRequest (com.amazonaws.services.ec2.model.DescribeKeyPairsRequest)2 DescribeKeyPairsResult (com.amazonaws.services.ec2.model.DescribeKeyPairsResult)2 IpRange (com.amazonaws.services.ec2.model.IpRange)2 AWSUtils (com.vmware.photon.controller.model.adapters.awsadapter.AWSUtils)2 LinkedList (java.util.LinkedList)2 AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)1 CreateKeyPairRequest (com.amazonaws.services.ec2.model.CreateKeyPairRequest)1 CreateKeyPairResult (com.amazonaws.services.ec2.model.CreateKeyPairResult)1 CreateSecurityGroupResult (com.amazonaws.services.ec2.model.CreateSecurityGroupResult)1 DescribeInstancesRequest (com.amazonaws.services.ec2.model.DescribeInstancesRequest)1 DescribeInstancesResult (com.amazonaws.services.ec2.model.DescribeInstancesResult)1 DescribeSecurityGroupsRequest (com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest)1 DescribeSecurityGroupsResult (com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult)1