Examples with SecurityGroup software.amazon.awssdk.services.ec2.model.SecurityGroup used on opensource projects

Example 1 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project GNS by MobilityFirst.

the class AWSEC2 method describeSecurityGroups.

/**
   * Describe Security Groups
   *
   * @param ec2
   */
public static void describeSecurityGroups(AmazonEC2 ec2) {
    StringBuilder output = new StringBuilder();
    String prefix = currentTab + "Security Groups: ";
    DescribeSecurityGroupsResult describeSecurityGroupsResult = ec2.describeSecurityGroups();
    for (SecurityGroup securityGroup : describeSecurityGroupsResult.getSecurityGroups()) {
        output.append(prefix);
        prefix = ", ";
        output.append(securityGroup.getGroupName());
    }
    System.out.println(output);
}

Example 2 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project Synapse-Stack-Builder by Sage-Bionetworks.

the class EC2SecuritySetup method setupResources.

/**
 * Create the EC2 security group that all elastic beanstalk instances will belong to.
 *
 * @param ec2Client - valid AmazonEC2Client
 * @param stack - The name of this stack.
 * @param instance - The name of this stack instance.
 * @param cidrForSSH - The classless inter-domain routing to be used for SSH access to these machines.
 * @return
 */
public void setupResources() {
    CreateSecurityGroupRequest request = new CreateSecurityGroupRequest();
    request.setDescription(config.getElasticSecurityGroupDescription());
    request.setGroupName(config.getElasticSecurityGroupName());
    createSecurityGroup(request);
    // Setup the permissions for this group:
    // Allow anyone to access port 80 (HTTP)
    addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTP).withToPort(PORT_HTTP).withIpRanges(CIDR_ALL_IP));
    // Allow anyone to access port 443 (HTTPS)
    addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_HTTPS).withToPort(PORT_HTTPS).withIpRanges(CIDR_ALL_IP));
    // Only allow ssh to the given address
    addPermission(request.getGroupName(), new IpPermission().withIpProtocol(IP_PROTOCOL_TCP).withFromPort(PORT_SSH).withToPort(PORT_SSH).withIpRanges(config.getCIDRForSSH()));
    // Return the group name
    DescribeSecurityGroupsResult result = ec2Client.describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupNames(request.getGroupName()));
    if (result.getSecurityGroups() == null || result.getSecurityGroups().size() != 1)
        throw new IllegalStateException("Did not find one and ony one EC2 secruity group with the name: " + request.getGroupName());
    // Add this to the resources
    SecurityGroup group = result.getSecurityGroups().get(0);
    resources.setElasticBeanstalkEC2SecurityGroup(group);
    // Create the key pair.
    resources.setStackKeyPair(createOrGetKeyPair());
}

Example 3 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project Synapse-Stack-Builder by Sage-Bionetworks.

the class BuildStackMainTest method before.

@Before
public void before() throws IOException {
    inputProps = TestHelper.createInputProperties("dev");
    InputConfiguration config = TestHelper.createTestConfig("dev");
    defaultProps = TestHelper.createDefaultProperties();
    clientFactory = new MockAmazonClientFactory();
    AmazonS3Client mockS3Client = clientFactory.createS3Client();
    AmazonEC2Client mockEC2Client = clientFactory.createEC2Client();
    AmazonSNSClient mockSNSnsClient = clientFactory.createSNSClient();
    AmazonRDSClient mockRdsClient = clientFactory.createRDSClient();
    // Write the default properties.
    when(mockS3Client.getObject(any(GetObjectRequest.class), any(File.class))).thenAnswer(new Answer<ObjectMetadata>() {

        public ObjectMetadata answer(InvocationOnMock invocation) throws Throwable {
            // Write the property file
            File file = (File) invocation.getArguments()[1];
            FileWriter writer = new FileWriter(file);
            try {
                defaultProps.store(writer, "test generated");
            } finally {
                writer.close();
            }
            return new ObjectMetadata();
        }
    });
    // Return a valid EC2 security group.
    DescribeSecurityGroupsRequest dsgr = new DescribeSecurityGroupsRequest().withGroupNames(config.getElasticSecurityGroupName());
    when(mockEC2Client.describeSecurityGroups(dsgr)).thenReturn(new DescribeSecurityGroupsResult().withSecurityGroups(new SecurityGroup().withGroupName(config.getElasticSecurityGroupName())));
    // Return a valid topic
    String topicArn = "some:arn";
    when(mockSNSnsClient.createTopic(new CreateTopicRequest(config.getRDSAlertTopicName()))).thenReturn(new CreateTopicResult().withTopicArn(topicArn));
    when(mockSNSnsClient.listSubscriptionsByTopic(new ListSubscriptionsByTopicRequest(topicArn))).thenReturn(new ListSubscriptionsByTopicResult().withSubscriptions(new Subscription()));
    // return a valid group
    when(mockRdsClient.describeDBParameterGroups(new DescribeDBParameterGroupsRequest().withDBParameterGroupName(config.getDatabaseParameterGroupName()))).thenReturn(new DescribeDBParameterGroupsResult().withDBParameterGroups(new DBParameterGroup().withDBParameterGroupName(config.getDatabaseParameterGroupName())));
    when(mockRdsClient.describeDBParameters(new DescribeDBParametersRequest().withDBParameterGroupName(config.getDatabaseParameterGroupName()))).thenReturn(new DescribeDBParametersResult().withParameters(new Parameter().withParameterName(Constants.DB_PARAM_KEY_SLOW_QUERY_LOG)).withParameters(new Parameter().withParameterName(Constants.DB_PARAM_KEY_LONG_QUERY_TIME)));
}

Example 4 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class TestAWSProvisionTask method assertVMSercurityGroupsConfiguration.

private void assertVMSercurityGroupsConfiguration(Instance instance, ComputeState vm) {
    // This assert is only suitable for real (non-mocking env).
    if (this.isMock) {
        return;
    }
    this.host.log(Level.INFO, "%s: Assert security groups configuration for [%s] VM", this.currentTestName.getMethodName(), this.vmState.name);
    // Get the SecurityGroupStates that were provided in the request ComputeState
    Collector<SecurityGroupState, ?, Map<String, SecurityGroupState>> convertToMap = Collectors.<SecurityGroupState, String, SecurityGroupState>toMap(sg -> sg.name, sg -> sg);
    Map<String, SecurityGroupState> currentSGNamesToStates = vm.networkInterfaceLinks.stream().map(nicLink -> this.host.getServiceState(null, NetworkInterfaceState.class, UriUtils.buildUri(this.host, nicLink))).<// collect all SecurityGroup States from all NIC states
    SecurityGroupState>flatMap(nicState -> nicState.securityGroupLinks.stream().map(sgLink -> {
        SecurityGroupState sgState = this.host.getServiceState(null, SecurityGroupState.class, UriUtils.buildUri(this.host, sgLink));
        return sgState;
    })).collect(convertToMap);
    // Compare ComputeState after provisioning to the ComputeState in the request
    assertNotNull("Instance should have security groups attached.", instance.getSecurityGroups());
    // Provisioned Instance should have the same number of SecurityGroups as requested
    assertEquals(instance.getSecurityGroups().size(), currentSGNamesToStates.size());
    for (SecurityGroupState currentSGState : currentSGNamesToStates.values()) {
        // Get corresponding requested state
        GroupIdentifier provisionedGroupIdentifier = null;
        for (GroupIdentifier awsGroupIdentifier : instance.getSecurityGroups()) {
            if (awsGroupIdentifier.getGroupId().equals(currentSGState.id)) {
                provisionedGroupIdentifier = awsGroupIdentifier;
                break;
            }
        }
        // Ensure that the requested SecurityGroup was actually provisioned
        assertNotNull(provisionedGroupIdentifier);
        if (currentSGState.name.contains(TestAWSSetupUtils.AWS_NEW_GROUP_PREFIX)) {
            this.sgToCleanUp = currentSGState.id;
            SecurityGroup awsSecurityGroup = getSecurityGroupsIdUsingEC2Client(this.client, provisionedGroupIdentifier.getGroupId());
            assertNotNull(awsSecurityGroup);
            // Validate rules are correctly created as requested
            IpPermission awsIngressRule = awsSecurityGroup.getIpPermissions().get(0);
            IpPermission awsEgressRule = awsSecurityGroup.getIpPermissionsEgress().get(1);
            assertNotNull(awsIngressRule);
            assertNotNull(awsEgressRule);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpProtocol(), currentSGState.ingress.get(0).protocol);
            assertEquals("Error in created ingress rule", awsIngressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.ingress.get(0).ipRangeCidr);
            assertEquals("Error in created egress rule", awsEgressRule.getIpProtocol(), currentSGState.egress.get(0).protocol);
            assertEquals("Error in created egress rule", awsEgressRule.getIpv4Ranges().get(0).getCidrIp(), currentSGState.egress.get(0).ipRangeCidr);
        }
    }
}

Example 5 with SecurityGroup

use of software.amazon.awssdk.services.ec2.model.SecurityGroup in project photon-model by vmware.

the class TestAWSSecurityGroupService method testDefaultSecurityGroupPorts.

/*
     * Create the default CM group, get the group, verify the default
       permissions are in place.  Then delete the default group
     */
@Test
public void testDefaultSecurityGroupPorts() throws Throwable {
    // create the group
    String groupId = this.client.createDefaultSecurityGroup(null);
    // allow the default ports
    this.client.addIngressRules(groupId, this.client.getDefaultRules(this.subnet));
    // get the updated CM group
    SecurityGroup group = this.client.getDefaultSecurityGroup(null);
    List<IpPermission> rules = group.getIpPermissions();
    assertTrue(rules.size() > 0);
    validateDefaultRules(rules);
    // lets delete the default CM group
    this.client.deleteSecurityGroup(groupId);
}