use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project GNS by MobilityFirst.
the class AWSEC2 method createSecurityGroup.
/**
* Create a New Security Group with our standard permissions
*
* @param ec2
* @param name
* @return the name of the new group
*/
public static String createSecurityGroup(AmazonEC2 ec2, String name) {
CreateSecurityGroupRequest securityGroupRequest = new CreateSecurityGroupRequest(name, name + " security group");
ec2.createSecurityGroup(securityGroupRequest);
AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest();
ingressRequest.setGroupName(name);
List<IpPermission> permissions = new ArrayList<>();
// open up ping (echo request)
permissions.add(new IpPermission().withIpProtocol(ICMPPROTOCOL).withFromPort(ECHOTYPE).withToPort(WILDCARDCODE).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(SSHPORT).withToPort(SSHPORT).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPPORT).withToPort(HTTPPORT).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPNONROOTPORT).withToPort(HTTPNONROOTPORT).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(HTTPSPORT).withToPort(HTTPSPORT).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(MYSQLPORT).withToPort(MYSQLPORT).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(TCPPROTOCOL).withFromPort(20000).withToPort(30000).withIpRanges(IPRANGESALL));
permissions.add(new IpPermission().withIpProtocol(UDPPROTOCOL).withFromPort(20000).withToPort(30000).withIpRanges(IPRANGESALL));
ingressRequest.setIpPermissions(permissions);
ec2.authorizeSecurityGroupIngress(ingressRequest);
return name;
}
use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project incubator-gobblin by apache.
the class AWSSdkClient method addPermissionsToSecurityGroup.
/**
* Open firewall for a security group
*
* @param groupName Open firewall for this security group
* @param ipRanges Open firewall for this IP range
* @param ipProtocol Open firewall for this protocol type (eg. tcp, udp)
* @param fromPort Open firewall for port range starting at this port
* @param toPort Open firewall for port range ending at this port
*/
public void addPermissionsToSecurityGroup(String groupName, String ipRanges, String ipProtocol, Integer fromPort, Integer toPort) {
final AmazonEC2 amazonEC2 = getEc2Client();
final IpPermission ipPermission = new IpPermission().withIpRanges(ipRanges).withIpProtocol(ipProtocol).withFromPort(fromPort).withToPort(toPort);
final AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest().withGroupName(groupName).withIpPermissions(ipPermission);
amazonEC2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
LOGGER.info("Added permissions: " + ipPermission + " to security group: " + groupName);
}
use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project photon-model by vmware.
the class AWSSecurityGroupClient method addIngressRulesAsync.
public DeferredResult<Void> addIngressRulesAsync(String groupId, List<IpPermission> rules) {
if (CollectionUtils.isNotEmpty(rules)) {
AuthorizeSecurityGroupIngressRequest req = new AuthorizeSecurityGroupIngressRequest().withGroupId(groupId).withIpPermissions(rules);
String message = "Create Ingress Rules on AWS Security Group with id [" + groupId + "].";
AWSDeferredResultAsyncHandler<AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResult> handler = new AWSDeferredResultAsyncHandler<AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResult>(this.service, message) {
@Override
protected Exception consumeError(Exception e) {
if (e instanceof AmazonEC2Exception && ((AmazonEC2Exception) e).getErrorCode().equals(SECURITY_GROUP_RULE_DUPLICATE)) {
Utils.log(AWSUtils.class, AWSUtils.class.getSimpleName(), Level.WARNING, () -> String.format("Ingress rules already exist: %s", Utils.toString(e)));
return null;
} else {
return e;
}
}
};
this.client.authorizeSecurityGroupIngressAsync(req, handler);
return handler.toDeferredResult().thenApply(r -> (Void) null);
} else {
return DeferredResult.completed(null);
}
}
use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project aws-doc-sdk-examples by awsdocs.
the class CreateSecurityGroup method main.
public static void main(String[] args) {
final String USAGE = "To run this example, supply a group name, group description and vpc id\n" + "Ex: CreateSecurityGroup <group-name> <group-description> <vpc-id>\n";
if (args.length != 3) {
System.out.println(USAGE);
System.exit(1);
}
String group_name = args[0];
String group_desc = args[1];
String vpc_id = args[2];
final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient();
CreateSecurityGroupRequest create_request = new CreateSecurityGroupRequest().withGroupName(group_name).withDescription(group_desc).withVpcId(vpc_id);
CreateSecurityGroupResult create_response = ec2.createSecurityGroup(create_request);
System.out.printf("Successfully created security group named %s", group_name);
IpRange ip_range = new IpRange().withCidrIp("0.0.0.0/0");
IpPermission ip_perm = new IpPermission().withIpProtocol("tcp").withToPort(80).withFromPort(80).withIpv4Ranges(ip_range);
IpPermission ip_perm2 = new IpPermission().withIpProtocol("tcp").withToPort(22).withFromPort(22).withIpv4Ranges(ip_range);
AuthorizeSecurityGroupIngressRequest auth_request = new AuthorizeSecurityGroupIngressRequest().withGroupName(group_name).withIpPermissions(ip_perm, ip_perm2);
AuthorizeSecurityGroupIngressResult auth_response = ec2.authorizeSecurityGroupIngress(auth_request);
System.out.printf("Successfully added ingress policy to security group %s", group_name);
}
use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project Synapse-Stack-Builder by Sage-Bionetworks.
the class EC2SecuritySetup method addPermission.
/**
* Add a single permission to the passed group. If the permission already exists, this will be a no-operation.
* @param ec2Client
* @param groupName
* @param permission
*/
void addPermission(String groupName, IpPermission permission) {
// Make sure we can access the machines from with the VPN
try {
List<IpPermission> permissions = new LinkedList<IpPermission>();
permissions.add(permission);
// Configure this group
AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest(groupName, permissions);
log.info("Adding IpPermission to group: '" + groupName + "'...");
log.info("IpPermission: " + permission.toString() + "");
ec2Client.authorizeSecurityGroupIngress(ingressRequest);
} catch (AmazonServiceException e) {
// Ignore duplicates
if (ERROR_CODE_INVALID_PERMISSION_DUPLICATE.equals(e.getErrorCode())) {
// This already exists
log.info("IpPermission: " + permission.toString() + " already exists for '" + groupName + "'");
} else {
// Throw any other error
throw e;
}
}
}
Aggregations