Search in sources :

Example 1 with DescribeSecurityGroupsRequest

use of software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest in project Synapse-Stack-Builder by Sage-Bionetworks.

the class EC2SecuritySetup method setupResources.

/**
 * Create the EC2 security group that all elastic beanstalk instances will belong to.
 *
 * @param ec2Client - valid AmazonEC2Client
 * @param stack - The name of this stack.
 * @param instance - The name of this stack instance.
 * @param cidrForSSH - The classless inter-domain routing to be used for SSH access to these machines.
 * @return
 */
public void setupResources() {
    CreateSecurityGroupRequest request = new CreateSecurityGroupRequest();
    request.setDescription(config.getElasticSecurityGroupDescription());
    request.setGroupName(config.getElasticSecurityGroupName());
    createSecurityGroup(request);
    // Setup the permissions for this group:
    // Allow anyone to access port 80 (HTTP)
    addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTP).withToPort(PORT_HTTP).withIpRanges(CIDR_ALL_IP));
    // Allow anyone to access port 443 (HTTPS)
    addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTPS).withToPort(PORT_HTTPS).withIpRanges(CIDR_ALL_IP));
    // Only allow ssh to the given address
    addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_SSH).withToPort(PORT_SSH).withIpRanges(config.getCIDRForSSH()));
    // Return the group name
    DescribeSecurityGroupsResult result = ec2Client.describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupNames(request.getGroupName()));
    if (result.getSecurityGroups() == null || result.getSecurityGroups().size() != 1)
        throw new IllegalStateException("Did not find one and ony one EC2 secruity group with the name: " + request.getGroupName());
    // Add this to the resources
    SecurityGroup group = result.getSecurityGroups().get(0);
    resources.setElasticBeanstalkEC2SecurityGroup(group);
    // Create the key pair.
    resources.setStackKeyPair(createOrGetKeyPair());
}
Also used : DescribeSecurityGroupsRequest(com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest) IpPermission(com.amazonaws.services.ec2.model.IpPermission) DescribeSecurityGroupsResult(com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) CreateSecurityGroupRequest(com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)

Example 2 with DescribeSecurityGroupsRequest

use of software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest in project Synapse-Stack-Builder by Sage-Bionetworks.

the class BuildStackMainTest method before.

@Before
public void before() throws IOException {
    inputProps = TestHelper.createInputProperties("dev");
    InputConfiguration config = TestHelper.createTestConfig("dev");
    defaultProps = TestHelper.createDefaultProperties();
    clientFactory = new MockAmazonClientFactory();
    AmazonS3Client mockS3Client = clientFactory.createS3Client();
    AmazonEC2Client mockEC2Client = clientFactory.createEC2Client();
    AmazonSNSClient mockSNSnsClient = clientFactory.createSNSClient();
    AmazonRDSClient mockRdsClient = clientFactory.createRDSClient();
    // Write the default properties.
    when(mockS3Client.getObject(any(GetObjectRequest.class), any(File.class))).thenAnswer(new Answer<ObjectMetadata>() {

        public ObjectMetadata answer(InvocationOnMock invocation) throws Throwable {
            // Write the property file
            File file = (File) invocation.getArguments()[1];
            FileWriter writer = new FileWriter(file);
            try {
                defaultProps.store(writer, "test generated");
            } finally {
                writer.close();
            }
            return new ObjectMetadata();
        }
    });
    // Return a valid EC2 security group.
    DescribeSecurityGroupsRequest dsgr = new DescribeSecurityGroupsRequest().withGroupNames(config.getElasticSecurityGroupName());
    when(mockEC2Client.describeSecurityGroups(dsgr)).thenReturn(new DescribeSecurityGroupsResult().withSecurityGroups(new SecurityGroup().withGroupName(config.getElasticSecurityGroupName())));
    // Return a valid topic
    String topicArn = "some:arn";
    when(mockSNSnsClient.createTopic(new CreateTopicRequest(config.getRDSAlertTopicName()))).thenReturn(new CreateTopicResult().withTopicArn(topicArn));
    when(mockSNSnsClient.listSubscriptionsByTopic(new ListSubscriptionsByTopicRequest(topicArn))).thenReturn(new ListSubscriptionsByTopicResult().withSubscriptions(new Subscription()));
    // return a valid group
    when(mockRdsClient.describeDBParameterGroups(new DescribeDBParameterGroupsRequest().withDBParameterGroupName(config.getDatabaseParameterGroupName()))).thenReturn(new DescribeDBParameterGroupsResult().withDBParameterGroups(new DBParameterGroup().withDBParameterGroupName(config.getDatabaseParameterGroupName())));
    when(mockRdsClient.describeDBParameters(new DescribeDBParametersRequest().withDBParameterGroupName(config.getDatabaseParameterGroupName()))).thenReturn(new DescribeDBParametersResult().withParameters(new Parameter().withParameterName(Constants.DB_PARAM_KEY_SLOW_QUERY_LOG)).withParameters(new Parameter().withParameterName(Constants.DB_PARAM_KEY_LONG_QUERY_TIME)));
}
Also used : DescribeSecurityGroupsRequest(com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest) DescribeDBParameterGroupsResult(com.amazonaws.services.rds.model.DescribeDBParameterGroupsResult) FileWriter(java.io.FileWriter) AmazonSNSClient(com.amazonaws.services.sns.AmazonSNSClient) CreateTopicResult(com.amazonaws.services.sns.model.CreateTopicResult) DescribeDBParametersRequest(com.amazonaws.services.rds.model.DescribeDBParametersRequest) DescribeDBParameterGroupsRequest(com.amazonaws.services.rds.model.DescribeDBParameterGroupsRequest) DescribeSecurityGroupsResult(com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult) Subscription(com.amazonaws.services.sns.model.Subscription) GetObjectRequest(com.amazonaws.services.s3.model.GetObjectRequest) AmazonEC2Client(com.amazonaws.services.ec2.AmazonEC2Client) DBParameterGroup(com.amazonaws.services.rds.model.DBParameterGroup) ListSubscriptionsByTopicRequest(com.amazonaws.services.sns.model.ListSubscriptionsByTopicRequest) DescribeDBParametersResult(com.amazonaws.services.rds.model.DescribeDBParametersResult) CreateTopicRequest(com.amazonaws.services.sns.model.CreateTopicRequest) MockAmazonClientFactory(org.sagebionetworks.factory.MockAmazonClientFactory) AmazonRDSClient(com.amazonaws.services.rds.AmazonRDSClient) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) InputConfiguration(org.sagebionetworks.stack.config.InputConfiguration) AmazonS3Client(com.amazonaws.services.s3.AmazonS3Client) InvocationOnMock(org.mockito.invocation.InvocationOnMock) ListSubscriptionsByTopicResult(com.amazonaws.services.sns.model.ListSubscriptionsByTopicResult) Parameter(com.amazonaws.services.rds.model.Parameter) File(java.io.File) ObjectMetadata(com.amazonaws.services.s3.model.ObjectMetadata) Before(org.junit.Before)

Example 3 with DescribeSecurityGroupsRequest

use of software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest in project photon-model by vmware.

the class AWSRemoteCleanup method deleteSecurityGroups.

private void deleteSecurityGroups(String vpcId, AmazonEC2 usEastEc2Client) {
    DescribeSecurityGroupsRequest securityGroupsRequest = new DescribeSecurityGroupsRequest().withFilters(new Filter(VPC_KEY, Collections.singletonList(vpcId)));
    DescribeSecurityGroupsResult securityGroupsResult = usEastEc2Client.describeSecurityGroups(securityGroupsRequest);
    securityGroupsResult.getSecurityGroups().forEach(securityGroup -> {
        if (!(securityGroup.getGroupName().equalsIgnoreCase(DEFAULT_TAG))) {
            DeleteSecurityGroupRequest deleteSecurityGroupRequest = new DeleteSecurityGroupRequest().withGroupId(securityGroup.getGroupId());
            this.host.log("Terminating stale security group: %s", securityGroup.getGroupId());
            usEastEc2Client.deleteSecurityGroup(deleteSecurityGroupRequest);
        }
    });
}
Also used : DescribeSecurityGroupsRequest(com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest) DeleteSecurityGroupRequest(com.amazonaws.services.ec2.model.DeleteSecurityGroupRequest) Filter(com.amazonaws.services.ec2.model.Filter) DescribeSecurityGroupsResult(com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult)

Example 4 with DescribeSecurityGroupsRequest

use of software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest in project photon-model by vmware.

the class AWSSecurityGroupClient method getSecurityGroups.

public List<SecurityGroup> getSecurityGroups(List<String> names, String vpcId) {
    DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest();
    req.withFilters(new Filter(AWS_GROUP_NAME_FILTER, names));
    if (vpcId != null) {
        req.withFilters(new Filter(AWS_VPC_ID_FILTER, Collections.singletonList(vpcId)));
    }
    DescribeSecurityGroupsResult groups = this.client.describeSecurityGroups(req);
    return groups != null ? groups.getSecurityGroups() : Collections.emptyList();
}
Also used : DescribeSecurityGroupsRequest(com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest) Filter(com.amazonaws.services.ec2.model.Filter) DescribeSecurityGroupsResult(com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult)

Example 5 with DescribeSecurityGroupsRequest

use of software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest in project photon-model by vmware.

the class AWSSecurityGroupClient method getDefaultSecurityGroup.

public SecurityGroup getDefaultSecurityGroup(String vpcId) {
    SecurityGroup cellGroup = null;
    DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest().withFilters(new Filter("group-name", Collections.singletonList(DEFAULT_SECURITY_GROUP_NAME)));
    if (vpcId != null) {
        req.withFilters(new Filter("vpc-id", Collections.singletonList(vpcId)));
    }
    DescribeSecurityGroupsResult cellGroups = this.client.describeSecurityGroups(req);
    if (cellGroups != null && !cellGroups.getSecurityGroups().isEmpty()) {
        cellGroup = cellGroups.getSecurityGroups().get(0);
    }
    return cellGroup;
}
Also used : DescribeSecurityGroupsRequest(com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest) Filter(com.amazonaws.services.ec2.model.Filter) SecurityGroup(com.amazonaws.services.ec2.model.SecurityGroup) DescribeSecurityGroupsResult(com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult)

Aggregations

DescribeSecurityGroupsRequest (com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest)13 DescribeSecurityGroupsResult (com.amazonaws.services.ec2.model.DescribeSecurityGroupsResult)12 SecurityGroup (com.amazonaws.services.ec2.model.SecurityGroup)9 Filter (com.amazonaws.services.ec2.model.Filter)8 AmazonEC2Client (com.amazonaws.services.ec2.AmazonEC2Client)4 DeleteSecurityGroupRequest (com.amazonaws.services.ec2.model.DeleteSecurityGroupRequest)2 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 Set (java.util.Set)2 AsyncHandler (com.amazonaws.handlers.AsyncHandler)1 AmazonEC2 (com.amazonaws.services.ec2.AmazonEC2)1 AmazonEC2AsyncClient (com.amazonaws.services.ec2.AmazonEC2AsyncClient)1 AmazonEC2Exception (com.amazonaws.services.ec2.model.AmazonEC2Exception)1 AttachInternetGatewayRequest (com.amazonaws.services.ec2.model.AttachInternetGatewayRequest)1 AttachNetworkInterfaceRequest (com.amazonaws.services.ec2.model.AttachNetworkInterfaceRequest)1 AttachNetworkInterfaceResult (com.amazonaws.services.ec2.model.AttachNetworkInterfaceResult)1 BlockDeviceMapping (com.amazonaws.services.ec2.model.BlockDeviceMapping)1 CreateNetworkInterfaceRequest (com.amazonaws.services.ec2.model.CreateNetworkInterfaceRequest)1 CreateNetworkInterfaceResult (com.amazonaws.services.ec2.model.CreateNetworkInterfaceResult)1 CreateSecurityGroupRequest (com.amazonaws.services.ec2.model.CreateSecurityGroupRequest)1