Example 6 with AuthorizeSecurityGroupIngressRequest
use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project Synapse-Stack-Builder by Sage-Bionetworks.
the class EC2SecuritySetupTest method testSetupElasticBeanstalkEC2SecutiryGroup.
@Test
public void testSetupElasticBeanstalkEC2SecutiryGroup() {
String expectedDescription = config.getElasticSecurityGroupDescription();
String expectedGroupName = config.getElasticSecurityGroupName();
DescribeSecurityGroupsResult result = new DescribeSecurityGroupsResult();
SecurityGroup expectedGroup = new SecurityGroup().withGroupName(expectedGroupName).withOwnerId("123");
result.withSecurityGroups(expectedGroup);
when(mockEC2Client.describeSecurityGroups(any(DescribeSecurityGroupsRequest.class))).thenReturn(result);
DescribeKeyPairsResult kpr = new DescribeKeyPairsResult().withKeyPairs(new KeyPairInfo().withKeyName("123"));
when(mockEC2Client.describeKeyPairs(any(DescribeKeyPairsRequest.class))).thenReturn(kpr);
// Create the security group.
ec2SecuritySetup.setupResources();
SecurityGroup group = resources.getElasticBeanstalkEC2SecurityGroup();
assertEquals(expectedGroup, group);
String groupName = group.getGroupName();
assertNotNull(groupName);
assertEquals(expectedGroupName, groupName);
CreateSecurityGroupRequest groupRequest = new CreateSecurityGroupRequest(expectedGroupName, expectedDescription);
// The create group should be called
verify(mockEC2Client).createSecurityGroup(groupRequest);
// Three permission should be set
// http
List<IpPermission> list = new LinkedList<IpPermission>();
list.add(new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTP).withToPort(PORT_HTTP).withIpRanges(CIDR_ALL_IP));
AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest(groupName, list);
verify(mockEC2Client).authorizeSecurityGroupIngress(request);
// https
list = new LinkedList<IpPermission>();
list.add(new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTPS).withToPort(PORT_HTTPS).withIpRanges(CIDR_ALL_IP));
request = new AuthorizeSecurityGroupIngressRequest(groupName, list);
verify(mockEC2Client).authorizeSecurityGroupIngress(request);
// ssh
list = new LinkedList<IpPermission>();
list.add(new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_SSH).withToPort(PORT_SSH).withIpRanges(config.getCIDRForSSH()));
request = new AuthorizeSecurityGroupIngressRequest(groupName, list);
verify(mockEC2Client).authorizeSecurityGroupIngress(request);
// Make sure this is set
assertNotNull(resources.getElasticBeanstalkEC2SecurityGroup());
}
Also used :
DescribeSecurityGroupsRequest(com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest)
KeyPairInfo(com.amazonaws.services.ec2.model.KeyPairInfo)
DescribeKeyPairsRequest(com.amazonaws.services.ec2.model.DescribeKeyPairsRequest)
DescribeKeyPairsResult(com.amazonaws.services.ec2.model.DescribeKeyPairsResult)
SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup)
CreateSecurityGroupRequest(com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)
LinkedList(java.util.LinkedList)
AuthorizeSecurityGroupIngressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest)
IpPermission(com.amazonaws.services.ec2.model.IpPermission)
DescribeSecurityGroupsResult(com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult)
Test(org.junit.Test)
Example 7 with AuthorizeSecurityGroupIngressRequest
use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project photon-model by vmware.
the class AWSSecurityGroupClient method addInnerIngressRule.
public DeferredResult<Void> addInnerIngressRule(String securityGroupId) {
AuthorizeSecurityGroupIngressRequest req = new AuthorizeSecurityGroupIngressRequest().withGroupId(securityGroupId).withIpPermissions(Collections.singletonList(buildInnerRule(securityGroupId)));
String message = "Create internal Ingress Rule on AWS Security Group with id [" + securityGroupId + "].";
AWSDeferredResultAsyncHandler<AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResult> handler = new AWSDeferredResultAsyncHandler<AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResult>(this.service, message) {
@Override
protected Exception consumeError(Exception e) {
if (e instanceof AmazonEC2Exception && ((AmazonEC2Exception) e).getErrorCode().equals(SECURITY_GROUP_RULE_DUPLICATE)) {
Utils.log(AWSUtils.class, AWSUtils.class.getSimpleName(), Level.WARNING, () -> String.format("Ingress rule already exists: %s", Utils.toString(e)));
return null;
} else {
return e;
}
}
};
this.client.authorizeSecurityGroupIngressAsync(req, handler);
return handler.toDeferredResult().thenApply(r -> (Void) null);
}
Also used :
AWSUtils(com.vmware.photon.controller.model.adapters.awsadapter.AWSUtils)
AuthorizeSecurityGroupIngressResult(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressResult)
AuthorizeSecurityGroupIngressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest)
AmazonServiceException(com.amazonaws.AmazonServiceException)
AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception)
AmazonEC2Exception(com.amazonaws.services.ec2.model.AmazonEC2Exception)
Example 8 with AuthorizeSecurityGroupIngressRequest
use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project aws-doc-sdk-examples by awsdocs.
the class CreateSecurityGroup method createEC2SecurityGroup.
// snippet-start:[ec2.java2.create_security_group.main]
public static String createEC2SecurityGroup(Ec2Client ec2, String groupName, String groupDesc, String vpcId) {
try {
// snippet-start:[ec2.java2.create_security_group.create]
CreateSecurityGroupRequest createRequest = CreateSecurityGroupRequest.builder().groupName(groupName).description(groupDesc).vpcId(vpcId).build();
CreateSecurityGroupResponse resp = ec2.createSecurityGroup(createRequest);
// snippet-end:[ec2.java2.create_security_group.create]
// snippet-start:[ec2.java2.create_security_group.config]
IpRange ipRange = IpRange.builder().cidrIp("0.0.0.0/0").build();
IpPermission ipPerm = IpPermission.builder().ipProtocol("tcp").toPort(80).fromPort(80).ipRanges(ipRange).build();
IpPermission ipPerm2 = IpPermission.builder().ipProtocol("tcp").toPort(22).fromPort(22).ipRanges(ipRange).build();
AuthorizeSecurityGroupIngressRequest authRequest = AuthorizeSecurityGroupIngressRequest.builder().groupName(groupName).ipPermissions(ipPerm, ipPerm2).build();
AuthorizeSecurityGroupIngressResponse authResponse = ec2.authorizeSecurityGroupIngress(authRequest);
System.out.printf("Successfully added ingress policy to Security Group %s", groupName);
return resp.groupId();
} catch (Ec2Exception e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "";
}
Also used :
IpRange(software.amazon.awssdk.services.ec2.model.IpRange)
Ec2Exception(software.amazon.awssdk.services.ec2.model.Ec2Exception)
AuthorizeSecurityGroupIngressRequest(software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest)
IpPermission(software.amazon.awssdk.services.ec2.model.IpPermission)
AuthorizeSecurityGroupIngressResponse(software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressResponse)
CreateSecurityGroupResponse(software.amazon.awssdk.services.ec2.model.CreateSecurityGroupResponse)
CreateSecurityGroupRequest(software.amazon.awssdk.services.ec2.model.CreateSecurityGroupRequest)
Example 9 with AuthorizeSecurityGroupIngressRequest
use of software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest in project tutorials by eugenp.
the class EC2Application method main.
public static void main(String[] args) {
// Set up the client
AmazonEC2 ec2Client = AmazonEC2ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(credentials)).withRegion(Regions.US_EAST_1).build();
// Create a security group
CreateSecurityGroupRequest createSecurityGroupRequest = new CreateSecurityGroupRequest().withGroupName("BaeldungSecurityGroup").withDescription("Baeldung Security Group");
ec2Client.createSecurityGroup(createSecurityGroupRequest);
// Allow HTTP and SSH traffic
IpRange ipRange1 = new IpRange().withCidrIp("0.0.0.0/0");
IpPermission ipPermission1 = new IpPermission().withIpv4Ranges(Arrays.asList(new IpRange[] { ipRange1 })).withIpProtocol("tcp").withFromPort(80).withToPort(80);
IpPermission ipPermission2 = new IpPermission().withIpv4Ranges(Arrays.asList(new IpRange[] { ipRange1 })).withIpProtocol("tcp").withFromPort(22).withToPort(22);
AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest().withGroupName("BaeldungSecurityGroup").withIpPermissions(ipPermission1, ipPermission2);
ec2Client.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
// Create KeyPair
CreateKeyPairRequest createKeyPairRequest = new CreateKeyPairRequest().withKeyName("baeldung-key-pair");
CreateKeyPairResult createKeyPairResult = ec2Client.createKeyPair(createKeyPairRequest);
String privateKey = createKeyPairResult.getKeyPair().getKeyMaterial();
// See what key-pairs you've got
DescribeKeyPairsRequest describeKeyPairsRequest = new DescribeKeyPairsRequest();
DescribeKeyPairsResult describeKeyPairsResult = ec2Client.describeKeyPairs(describeKeyPairsRequest);
// Launch an Amazon Instance
RunInstancesRequest runInstancesRequest = // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html | https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/usingsharedamis-finding.html
new RunInstancesRequest().withImageId("ami-97785bed").withInstanceType(// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html
"t2.micro").withMinCount(1).withMaxCount(1).withKeyName(// optional - if not present, can't connect to instance
"baeldung-key-pair").withSecurityGroups("BaeldungSecurityGroup");
String yourInstanceId = ec2Client.runInstances(runInstancesRequest).getReservation().getInstances().get(0).getInstanceId();
// Start an Instance
StartInstancesRequest startInstancesRequest = new StartInstancesRequest().withInstanceIds(yourInstanceId);
ec2Client.startInstances(startInstancesRequest);
// Monitor Instances
MonitorInstancesRequest monitorInstancesRequest = new MonitorInstancesRequest().withInstanceIds(yourInstanceId);
ec2Client.monitorInstances(monitorInstancesRequest);
UnmonitorInstancesRequest unmonitorInstancesRequest = new UnmonitorInstancesRequest().withInstanceIds(yourInstanceId);
ec2Client.unmonitorInstances(unmonitorInstancesRequest);
// Reboot an Instance
RebootInstancesRequest rebootInstancesRequest = new RebootInstancesRequest().withInstanceIds(yourInstanceId);
ec2Client.rebootInstances(rebootInstancesRequest);
// Stop an Instance
StopInstancesRequest stopInstancesRequest = new StopInstancesRequest().withInstanceIds(yourInstanceId);
ec2Client.stopInstances(stopInstancesRequest).getStoppingInstances().get(0).getPreviousState().getName();
// Describe an Instance
DescribeInstancesRequest describeInstancesRequest = new DescribeInstancesRequest();
DescribeInstancesResult response = ec2Client.describeInstances(describeInstancesRequest);
System.out.println(response.getReservations().get(0).getInstances().get(0).getKernelId());
}
Also used :
IpRange(com.amazonaws.services.ec2.model.IpRange)
DescribeKeyPairsRequest(com.amazonaws.services.ec2.model.DescribeKeyPairsRequest)
StartInstancesRequest(com.amazonaws.services.ec2.model.StartInstancesRequest)
DescribeKeyPairsResult(com.amazonaws.services.ec2.model.DescribeKeyPairsResult)
AmazonEC2(com.amazonaws.services.ec2.AmazonEC2)
DescribeInstancesRequest(com.amazonaws.services.ec2.model.DescribeInstancesRequest)
CreateSecurityGroupRequest(com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)
CreateKeyPairRequest(com.amazonaws.services.ec2.model.CreateKeyPairRequest)
MonitorInstancesRequest(com.amazonaws.services.ec2.model.MonitorInstancesRequest)
RebootInstancesRequest(com.amazonaws.services.ec2.model.RebootInstancesRequest)
DescribeInstancesResult(com.amazonaws.services.ec2.model.DescribeInstancesResult)
AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider)
CreateKeyPairResult(com.amazonaws.services.ec2.model.CreateKeyPairResult)
AuthorizeSecurityGroupIngressRequest(com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest)
StopInstancesRequest(com.amazonaws.services.ec2.model.StopInstancesRequest)
IpPermission(com.amazonaws.services.ec2.model.IpPermission)
RunInstancesRequest(com.amazonaws.services.ec2.model.RunInstancesRequest)
UnmonitorInstancesRequest(com.amazonaws.services.ec2.model.UnmonitorInstancesRequest)
Aggregations
AuthorizeSecurityGroupIngressRequest (com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest)8
IpPermission (com.amazonaws.services.ec2.model.IpPermission)6
CreateSecurityGroupRequest (com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)4
AmazonServiceException (com.amazonaws.AmazonServiceException)3
AmazonEC2 (com.amazonaws.services.ec2.AmazonEC2)3
AuthorizeSecurityGroupIngressResult (com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressResult)3
AmazonEC2Exception (com.amazonaws.services.ec2.model.AmazonEC2Exception)2
DescribeKeyPairsRequest (com.amazonaws.services.ec2.model.DescribeKeyPairsRequest)2
DescribeKeyPairsResult (com.amazonaws.services.ec2.model.DescribeKeyPairsResult)2
IpRange (com.amazonaws.services.ec2.model.IpRange)2
AWSUtils (com.vmware.photon.controller.model.adapters.awsadapter.AWSUtils)2
LinkedList (java.util.LinkedList)2
AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)1
CreateKeyPairRequest (com.amazonaws.services.ec2.model.CreateKeyPairRequest)1
CreateKeyPairResult (com.amazonaws.services.ec2.model.CreateKeyPairResult)1
CreateSecurityGroupResult (com.amazonaws.services.ec2.model.CreateSecurityGroupResult)1
DescribeInstancesRequest (com.amazonaws.services.ec2.model.DescribeInstancesRequest)1
DescribeInstancesResult (com.amazonaws.services.ec2.model.DescribeInstancesResult)1
DescribeSecurityGroupsRequest (com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest)1
DescribeSecurityGroupsResult (com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult)1
