List of usage examples for com.amazonaws.services.ec2 AmazonEC2 describeSecurityGroups
DescribeSecurityGroupsResult describeSecurityGroups(
DescribeSecurityGroupsRequest describeSecurityGroupsRequest);
Describes the specified security groups or all of your security groups.
From source file:Security.java
License:Open Source License
String createSG(AmazonEC2 ec2) throws IOException { try {/* ww w .jav a 2 s . c o m*/ securitygroup = "VirualIT_Security_Group" + Virtualize.no_of_days; CreateSecurityGroupRequest reqsec = new CreateSecurityGroupRequest().withGroupName(securitygroup) .withDescription("ssh-tcp-https-http"); CreateSecurityGroupResult ressec = ec2.createSecurityGroup(reqsec); String ipAddr = "0.0.0.0/0"; ArrayList<String> ipRanges = new ArrayList<String>(); ipRanges.add(ipAddr); ArrayList<IpPermission> ipPermissions = new ArrayList<IpPermission>(); IpPermission ipPermission_ssh = new IpPermission(); ipPermission_ssh.setIpProtocol("tcp"); ipPermission_ssh.setFromPort(new Integer(22)); ipPermission_ssh.setToPort(new Integer(22)); IpPermission ipPermission_http = new IpPermission(); ipPermission_http.setIpProtocol("tcp"); ipPermission_http.setFromPort(new Integer(80)); ipPermission_http.setToPort(new Integer(80)); IpPermission ipPermission_https = new IpPermission(); ipPermission_https.setIpProtocol("tcp"); ipPermission_https.setFromPort(new Integer(443)); ipPermission_https.setToPort(new Integer(443)); ipPermission_ssh.setIpRanges(ipRanges); ipPermission_http.setIpRanges(ipRanges); ipPermission_https.setIpRanges(ipRanges); ipPermissions.add(ipPermission_http); ipPermissions.add(ipPermission_https); ipPermissions.add(ipPermission_ssh); try { // Authorize the ports to the used. AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest( securitygroup, ipPermissions); ec2.authorizeSecurityGroupIngress(ingressRequest); System.out.println("Assigned " + ingressRequest); } catch (AmazonServiceException ase) { // Ignore because this likely means the zone has already been authorized. System.err.println(ase.getMessage()); } DescribeSecurityGroupsRequest x = new DescribeSecurityGroupsRequest().withGroupNames(securitygroup); DescribeSecurityGroupsResult secgrp = ec2.describeSecurityGroups(x); for (SecurityGroup s : secgrp.getSecurityGroups()) { if (s.getGroupName().equals(securitygroup)) { System.out.println(s.getIpPermissions()); } } } catch (AmazonServiceException ase) { System.out.println("Caught Exception: " + ase.getMessage()); System.out.println("Reponse Status Code: " + ase.getStatusCode()); System.out.println("Error Code: " + ase.getErrorCode()); System.out.println("Request ID: " + ase.getRequestId()); } return securitygroup; }
From source file:aws.example.ec2.DescribeSecurityGroups.java
License:Open Source License
public static void main(String[] args) { final String USAGE = "To run this example, supply a group id\n" + "Ex: DescribeSecurityGroups <group-id>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1);//from ww w . jav a2 s.com } String group_id = args[0]; final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient(); DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest().withGroupIds(group_id); DescribeSecurityGroupsResult response = ec2.describeSecurityGroups(request); for (SecurityGroup group : response.getSecurityGroups()) { System.out.printf("Found security group with id %s, " + "vpc id %s " + "and description %s", group.getGroupId(), group.getVpcId(), group.getDescription()); } }
From source file:br.com.ingenieux.mojo.beanstalk.AbstractBeanstalkMojo.java
License:Apache License
/** * Boolean predicate for harmful/placebo options <p/> I really mean harmful - If you mention a * terminated environment settings, Elastic Beanstalk will accept, but this might lead to * inconsistent states, specially when creating / listing environments. <p/> Trust me on this * one.// w w w. j a va 2 s .co m * * @param environmentId environment id to lookup * @param optionSetting option setting * @return true if this is not needed */ protected boolean harmfulOptionSettingP(final String environmentId, ConfigurationOptionSetting optionSetting) throws Exception { //aws:autoscaling:launchconfiguration:SecurityGroups['sg-18585f7d'] if (ConfigUtil.optionSettingMatchesP(optionSetting, "aws:autoscaling:launchconfiguration", "SecurityGroups")) { final String securityGroup = optionSetting.getValue(); if (-1 != securityGroup.indexOf(environmentId)) { return true; } if (getLog().isInfoEnabled()) { getLog().info("Probing security group '" + securityGroup + "'"); } Validate.isTrue(securityGroup.matches("^sg-\\p{XDigit}{8}$"), "Invalid Security Group Spec: " + securityGroup); final AmazonEC2 ec2 = this.getClientFactory().getService(AmazonEC2Client.class); final DescribeSecurityGroupsResult describeSecurityGroupsResult = ec2 .describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupIds(securityGroup)); if (!describeSecurityGroupsResult.getSecurityGroups().isEmpty()) { final Predicate<SecurityGroup> predicate = new Predicate<SecurityGroup>() { @Override public boolean apply(SecurityGroup input) { return -1 == input.getGroupName().indexOf(environmentId); } }; return Collections2.filter(describeSecurityGroupsResult.getSecurityGroups(), predicate).isEmpty(); } } boolean bInvalid = isBlank(optionSetting.getValue()); if (!bInvalid) { bInvalid = (optionSetting.getNamespace().equals("aws:cloudformation:template:parameter") && optionSetting.getOptionName().equals("AppSource")); } if (!bInvalid) { bInvalid = (optionSetting.getNamespace().equals("aws:elasticbeanstalk:sns:topics") && optionSetting.getOptionName().equals("Notification Topic ARN")); } /* * TODO: Apply a more general regex instead */ if (!bInvalid && isNotBlank(environmentId)) { bInvalid = (optionSetting.getValue().contains(environmentId)); } return bInvalid; }
From source file:c3.ops.priam.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's// www .ja v a 2 s. co m */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.appdynamics.connectors.AWSConnector.java
License:Apache License
private void validateAndConfigureSecurityGroups(List<String> securityGroupNames, AmazonEC2 connector) throws ConnectorException { DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResult describeSecurityGroupsResult = connector .describeSecurityGroups(describeSecurityGroupsRequest.withGroupNames(securityGroupNames)); String controllerIp = "0.0.0.0/0"; int agentPort = controllerServices.getDefaultAgentPort(); // check if any one of the security group // already has agent port and controller ip List<SecurityGroup> securityGroups = describeSecurityGroupsResult.getSecurityGroups(); for (SecurityGroup securityGroup : securityGroups) { List<IpPermission> ipPermissions = securityGroup.getIpPermissions(); for (IpPermission permission : ipPermissions) { if (permission.getIpRanges().contains(controllerIp) && (agentPort >= permission.getFromPort() && agentPort <= permission.getToPort())) { return; }/*from w w w .j ava2 s .com*/ } } String securityGroup = null; if (securityGroups.contains(Utils.DEFAULT_SECURITY_GROUP)) { securityGroup = Utils.DEFAULT_SECURITY_GROUP; } else { securityGroup = securityGroups.get(0).getGroupName(); } IpPermission ipPermission = new IpPermission(); ipPermission.setFromPort(agentPort); ipPermission.setToPort(agentPort); ipPermission.setIpProtocol("tcp"); ipPermission.setIpRanges(Lists.newArrayList(controllerIp)); connector.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(securityGroup, Lists.newArrayList(ipPermission))); }
From source file:com.axemblr.provisionr.amazon.activities.EnsureSecurityGroupExists.java
License:Apache License
private void synchronizeIngressRules(AmazonEC2 client, String groupName, Network network) { DescribeSecurityGroupsResult result = client .describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupNames(groupName)); Set<IpPermission> existingPermissions = ImmutableSet .copyOf(getOnlyElement(result.getSecurityGroups()).getIpPermissions()); Set<IpPermission> expectedPermissions = ImmutableSet .copyOf(Iterables.transform(network.getIngress(), ConvertRuleToIpPermission.FUNCTION)); authorizeIngressRules(client, groupName, difference(expectedPermissions, existingPermissions)); revokeIngressRules(client, groupName, difference(existingPermissions, expectedPermissions)); }
From source file:com.haskins.cloudtrailviewer.dialog.resourcedetail.detailpanels.EC2SecurityGroupDetail.java
License:Open Source License
@Override public String retrieveDetails(ResourceDetailRequest detailRequest) { String response = null;/*from ww w. jav a 2s . c om*/ try { AmazonEC2 ec2Client = new AmazonEC2Client(credentials); ec2Client.setRegion(Region.getRegion(Regions.fromName(detailRequest.getRegion()))); DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest(); request.setGroupIds(Collections.singletonList(detailRequest.getResourceName())); DescribeSecurityGroupsResult result = ec2Client.describeSecurityGroups(request); buildUI(result); } catch (IllegalArgumentException | AmazonClientException e) { response = e.getMessage(); LOGGER.log(Level.WARNING, "Problem retrieving EC2 Securuty Group details from AWS", e); } return response; }
From source file:com.netflix.dynomitemanager.sidecore.aws.AWSMembership.java
License:Apache License
protected String getVpcGroupId() { AmazonEC2 client = null; try {/*from ww w . j av a2s .com*/ client = getEc2Client(); Filter nameFilter = new Filter().withName("group-name").withValues(config.getACLGroupName()); //SG Filter vpcFilter = new Filter().withName("vpc-id").withValues(config.getVpcId()); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest().withFilters(nameFilter, vpcFilter); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) { logger.debug(String.format("got group-id:%s for group-name:%s,vpc-id:%s", group.getGroupId(), config.getACLGroupName(), config.getVpcId())); return group.getGroupId(); } logger.error(String.format("unable to get group-id for group-name=%s vpc-id=%s", config.getACLGroupName(), config.getVpcId())); return ""; } finally { if (client != null) client.shutdown(); } }
From source file:com.netflix.dynomitemanager.sidecore.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's/*from w w w.j a va 2s .co m*/ */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); if (this.insEnvIdentity.isClassic()) { DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); logger.info("Fetch current permissions for classic env of running instance"); } else { Filter nameFilter = new Filter().withName("group-name").withValues(config.getACLGroupName()); String vpcid = config.getVpcId(); if (vpcid == null || vpcid.isEmpty()) { throw new IllegalStateException("vpcid is null even though instance is running in vpc."); } Filter vpcFilter = new Filter().withName("vpc-id").withValues(vpcid); //only fetch SG for the vpc id of the running instance DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest().withFilters(nameFilter, vpcFilter); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); logger.info("Fetch current permissions for vpc env of running instance"); } return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.netflix.raigad.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's/*from w w w .j av a2s .c om*/ */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) { for (IpPermission perm : group.getIpPermissions()) { if (perm.getFromPort() == from && perm.getToPort() == to) { ipPermissions.addAll(perm.getIpRanges()); } } } return ipPermissions; } finally { if (client != null) client.shutdown(); } }