Examples with IpPermission software.amazon.awssdk.services.ec2.model.IpPermission used on opensource projects

Example 11 with IpPermission

use of software.amazon.awssdk.services.ec2.model.IpPermission in project aws-doc-sdk-examples by awsdocs.

the class CreateSecurityGroup method main.

public static void main(String[] args) {
    final String USAGE = "To run this example, supply a group name, group description and vpc id\n" + "Ex: CreateSecurityGroup <group-name> <group-description> <vpc-id>\n";
    if (args.length != 3) {
        System.out.println(USAGE);
        System.exit(1);
    }
    String group_name = args[0];
    String group_desc = args[1];
    String vpc_id = args[2];
    final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient();
    CreateSecurityGroupRequest create_request = new CreateSecurityGroupRequest().withGroupName(group_name).withDescription(group_desc).withVpcId(vpc_id);
    CreateSecurityGroupResult create_response = ec2.createSecurityGroup(create_request);
    System.out.printf("Successfully created security group named %s", group_name);
    IpRange ip_range = new IpRange().withCidrIp("0.0.0.0/0");
    IpPermission ip_perm = new IpPermission().withIpProtocol("tcp").withToPort(80).withFromPort(80).withIpv4Ranges(ip_range);
    IpPermission ip_perm2 = new IpPermission().withIpProtocol("tcp").withToPort(22).withFromPort(22).withIpv4Ranges(ip_range);
    AuthorizeSecurityGroupIngressRequest auth_request = new AuthorizeSecurityGroupIngressRequest().withGroupName(group_name).withIpPermissions(ip_perm, ip_perm2);
    AuthorizeSecurityGroupIngressResult auth_response = ec2.authorizeSecurityGroupIngress(auth_request);
    System.out.printf("Successfully added ingress policy to security group %s", group_name);
}

Example 12 with IpPermission

use of software.amazon.awssdk.services.ec2.model.IpPermission in project incubator-gobblin by apache.

the class AWSSdkClient method addPermissionsToSecurityGroup.

/**
 * Open firewall for a security group
 *
 * @param groupName Open firewall for this security group
 * @param ipRanges Open firewall for this IP range
 * @param ipProtocol Open firewall for this protocol type (eg. tcp, udp)
 * @param fromPort Open firewall for port range starting at this port
 * @param toPort Open firewall for port range ending at this port
 */
public void addPermissionsToSecurityGroup(String groupName, String ipRanges, String ipProtocol, Integer fromPort, Integer toPort) {
    final AmazonEC2 amazonEC2 = getEc2Client();
    final IpPermission ipPermission = new IpPermission().withIpRanges(ipRanges).withIpProtocol(ipProtocol).withFromPort(fromPort).withToPort(toPort);
    final AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest().withGroupName(groupName).withIpPermissions(ipPermission);
    amazonEC2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
    LOGGER.info("Added permissions: " + ipPermission + " to security group: " + groupName);
}

Example 13 with IpPermission

use of software.amazon.awssdk.services.ec2.model.IpPermission in project Synapse-Stack-Builder by Sage-Bionetworks.

the class EC2SecuritySetup method addPermission.

/**
 * Add a single permission to the passed group.  If the permission already exists, this will be a no-operation.
 * @param ec2Client
 * @param groupName
 * @param permission
 */
void addPermission(String groupName, IpPermission permission) {
    // Make sure we can access the machines from with the VPN
    try {
        List<IpPermission> permissions = new LinkedList<IpPermission>();
        permissions.add(permission);
        // Configure this group
        AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest(groupName, permissions);
        log.info("Adding IpPermission to group: '" + groupName + "'...");
        log.info("IpPermission: " + permission.toString() + "");
        ec2Client.authorizeSecurityGroupIngress(ingressRequest);
    } catch (AmazonServiceException e) {
        // Ignore duplicates
        if (ERROR_CODE_INVALID_PERMISSION_DUPLICATE.equals(e.getErrorCode())) {
            // This already exists
            log.info("IpPermission: " + permission.toString() + " already exists for '" + groupName + "'");
        } else {
            // Throw any other error
            throw e;
        }
    }
}

Example 14 with IpPermission

use of software.amazon.awssdk.services.ec2.model.IpPermission in project Synapse-Stack-Builder by Sage-Bionetworks.

the class EC2SecuritySetupTest method testAddPermissionDuplicate.

@Test
public void testAddPermissionDuplicate() {
    // When a duplicate error code is thrown then the exception should not be thrown
    AmazonServiceException exception = new AmazonServiceException("Some error");
    exception.setErrorCode(Constants.ERROR_CODE_INVALID_PERMISSION_DUPLICATE);
    doThrow(exception).when(mockEC2Client).authorizeSecurityGroupIngress(any(AuthorizeSecurityGroupIngressRequest.class));
    ec2SecuritySetup.addPermission("groupName", new IpPermission());
}

Example 15 with IpPermission

use of software.amazon.awssdk.services.ec2.model.IpPermission in project Synapse-Stack-Builder by Sage-Bionetworks.

the class EC2SecuritySetupTest method testSetupElasticBeanstalkEC2SecutiryGroup.

@Test
public void testSetupElasticBeanstalkEC2SecutiryGroup() {
    String expectedDescription = config.getElasticSecurityGroupDescription();
    String expectedGroupName = config.getElasticSecurityGroupName();
    DescribeSecurityGroupsResult result = new DescribeSecurityGroupsResult();
    SecurityGroup expectedGroup = new SecurityGroup().withGroupName(expectedGroupName).withOwnerId("123");
    result.withSecurityGroups(expectedGroup);
    when(mockEC2Client.describeSecurityGroups(any(DescribeSecurityGroupsRequest.class))).thenReturn(result);
    DescribeKeyPairsResult kpr = new DescribeKeyPairsResult().withKeyPairs(new KeyPairInfo().withKeyName("123"));
    when(mockEC2Client.describeKeyPairs(any(DescribeKeyPairsRequest.class))).thenReturn(kpr);
    // Create the security group.
    ec2SecuritySetup.setupResources();
    SecurityGroup group = resources.getElasticBeanstalkEC2SecurityGroup();
    assertEquals(expectedGroup, group);
    String groupName = group.getGroupName();
    assertNotNull(groupName);
    assertEquals(expectedGroupName, groupName);
    CreateSecurityGroupRequest groupRequest = new CreateSecurityGroupRequest(expectedGroupName, expectedDescription);
    // The create group should be called
    verify(mockEC2Client).createSecurityGroup(groupRequest);
    // Three permission should be set
    // http
    List<IpPermission> list = new LinkedList<IpPermission>();
    list.add(new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTP).withToPort(PORT_HTTP).withIpRanges(CIDR_ALL_IP));
    AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest(groupName, list);
    verify(mockEC2Client).authorizeSecurityGroupIngress(request);
    // https
    list = new LinkedList<IpPermission>();
    list.add(new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTPS).withToPort(PORT_HTTPS).withIpRanges(CIDR_ALL_IP));
    request = new AuthorizeSecurityGroupIngressRequest(groupName, list);
    verify(mockEC2Client).authorizeSecurityGroupIngress(request);
    // ssh
    list = new LinkedList<IpPermission>();
    list.add(new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_SSH).withToPort(PORT_SSH).withIpRanges(config.getCIDRForSSH()));
    request = new AuthorizeSecurityGroupIngressRequest(groupName, list);
    verify(mockEC2Client).authorizeSecurityGroupIngress(request);
    // Make sure this is set
    assertNotNull(resources.getElasticBeanstalkEC2SecurityGroup());
}