List of usage examples for com.amazonaws.services.ec2 AmazonEC2Client authorizeSecurityGroupIngress
@Override
public AuthorizeSecurityGroupIngressResult authorizeSecurityGroupIngress(
AuthorizeSecurityGroupIngressRequest request)
Adds the specified ingress rules to a security group.
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsDataSourceRecovery.java
License:Open Source License
private String recoverVpcSecurityGroup(AwsReportDataSource awsReportDataSource, String vpcId, String ingressPublicIp) { AWSCredentials awsCredentials = AwsCredentialUtil.getAWSCredentials(awsReportDataSource.getAWSAccessKey(), awsReportDataSource.getAWSSecretKey(), awsReportDataSource.getRoleARN()); //Security//from w w w. ja v a2 s . co m AmazonEC2Client amazonEc2Client = new AmazonEC2Client(awsCredentials); SecurityGroup vpcSecurityGroup = null; try { DescribeSecurityGroupsResult describeSecurityGroupsResult = amazonEc2Client.describeSecurityGroups(); if (describeSecurityGroupsResult != null && describeSecurityGroupsResult.getSecurityGroups() != null && describeSecurityGroupsResult.getSecurityGroups().size() > 0) { for (SecurityGroup securityGroup : describeSecurityGroupsResult.getSecurityGroups()) { if (securityGroup.getVpcId() != null && securityGroup.getVpcId().equals(vpcId) && securityGroup.getGroupName().equals(awsProperties.getSecurityGroupName())) { vpcSecurityGroup = securityGroup; break; } } } } catch (Exception ex) { //Have to be empty. } boolean ingressIpMaskExist = false; String vpcSecurityGroupId; if (vpcSecurityGroup != null) { vpcSecurityGroupId = vpcSecurityGroup.getGroupId(); List<IpPermission> ipPermissions = vpcSecurityGroup.getIpPermissions(); if (ipPermissions != null && ipPermissions.size() > 0) { for (IpPermission ipPermission : ipPermissions) { if (ipPermission.getIpRanges() != null && ipPermission.getIpRanges().size() > 0 && ipPermission.getIpRanges().contains(ingressPublicIp)) { ingressIpMaskExist = true; } } } if (!ingressIpMaskExist && ipPermissions != null && ipPermissions.size() > 0) { RevokeSecurityGroupIngressRequest revokeSecurityGroupIngressRequest = new RevokeSecurityGroupIngressRequest() .withGroupId(vpcSecurityGroup.getGroupId()).withIpPermissions() .withIpPermissions(vpcSecurityGroup.getIpPermissions()); amazonEc2Client.revokeSecurityGroupIngress(revokeSecurityGroupIngressRequest); } } else { vpcSecurityGroupId = amazonEc2Client .createSecurityGroup( new CreateSecurityGroupRequest().withGroupName(awsProperties.getSecurityGroupName()) .withVpcId(vpcId).withDescription(awsProperties.getSecurityGroupDescription())) .getGroupId(); } if (!ingressIpMaskExist) { IpPermission ipPermission = new IpPermission().withIpProtocol("tcp").withIpRanges(ingressPublicIp) .withFromPort(0).withToPort(65535); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add(ipPermission); AuthorizeSecurityGroupIngressRequest authorizeRequest = new AuthorizeSecurityGroupIngressRequest() .withIpPermissions(ipPermissions).withGroupId(vpcSecurityGroupId); amazonEc2Client.authorizeSecurityGroupIngress(authorizeRequest); } return vpcSecurityGroupId; }
From source file:n3phele.factory.ec2.VirtualServerResource.java
License:Open Source License
private boolean makeSecurityGroup(String groupName, String id, String secret, URI location, String to, String firstName, String lastName) { AmazonEC2Client client = null; client = getEC2Client(id, secret, location); boolean found = true; boolean failed = false; try {/*w w w . java2 s .com*/ client.createSecurityGroup(new CreateSecurityGroupRequest().withGroupName("n3phele-" + groupName) .withDescription("n3phele " + groupName + " security group")); String ownerId = null; DescribeSecurityGroupsResult newGroupResult = client.describeSecurityGroups(); for (SecurityGroup g : newGroupResult.getSecurityGroups()) { if (g.getGroupName().equals("n3phele-" + groupName)) { ownerId = g.getOwnerId(); } } if (ownerId == null) return false; log.info("found ownerId of " + ownerId); log.info("adding ssh ports"); try { client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest().withGroupName("n3phele-" + groupName) .withCidrIp("0.0.0.0/0").withIpProtocol("tcp").withFromPort(22).withToPort(22)); } catch (Exception e) { log.log(Level.SEVERE, "Create security group " + groupName, e); failed = true; } log.info("adding agent ports"); try { client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest().withGroupName("n3phele-" + groupName) .withCidrIp("0.0.0.0/0").withIpProtocol("tcp").withFromPort(8887).withToPort(8887)); } catch (Exception e) { log.log(Level.SEVERE, "Create security group " + groupName, e); failed = true; } if (!failed) { log.info("adding self access"); try { List<IpPermission> permissions = new ArrayList<IpPermission>(); UserIdGroupPair userIdGroupPairs = new UserIdGroupPair().withUserId(ownerId) .withGroupName("n3phele-" + groupName); permissions.add(new IpPermission().withIpProtocol("icmp").withFromPort(-1).withToPort(-1) .withUserIdGroupPairs(userIdGroupPairs)); permissions.add(new IpPermission().withIpProtocol("tcp").withFromPort(1).withToPort(65535) .withUserIdGroupPairs(userIdGroupPairs)); permissions.add(new IpPermission().withIpProtocol("udp").withFromPort(1).withToPort(65535) .withUserIdGroupPairs(userIdGroupPairs)); log.info("adding icmp/tcp/udp"); client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest("n3phele-" + groupName, permissions)); } catch (Exception e) { log.log(Level.WARNING, "Error adding self access to group " + groupName, e); } } if (failed) { client.deleteSecurityGroup(new DeleteSecurityGroupRequest().withGroupName("n3phele-" + groupName)); found = false; } else { sendSecurityGroupNotificationEmail("n3phele-" + groupName, to, firstName, lastName, location); } } catch (Exception e) { log.log(Level.SEVERE, "Create security group " + groupName, e); client.deleteSecurityGroup(new DeleteSecurityGroupRequest().withGroupName("n3phele-" + groupName)); found = false; } return found; }
From source file:org.apache.airavata.core.gfac.provider.impl.EC2Provider.java
License:Apache License
public EC2Provider(InvocationContext invocationContext) throws ProviderException { ExecutionContext execContext = invocationContext.getExecutionContext(); OMElement omSecurityContextHeader = execContext.getSecurityContextHeader(); ContextHeaderDocument document = null; try {// w w w . j a va 2 s . com document = ContextHeaderDocument.Factory.parse(omSecurityContextHeader.toStringWithConsume()); } catch (XMLStreamException e) { e.printStackTrace(); } catch (XmlException e) { e.printStackTrace(); } SecurityContextDocument.SecurityContext.AmazonWebservices amazonWebservices = document.getContextHeader() .getSecurityContext().getAmazonWebservices(); String access_key = amazonWebservices.getAccessKeyId(); String secret_key = amazonWebservices.getSecretAccessKey(); String ami_id = amazonWebservices.getAmiId(); String ins_id = amazonWebservices.getInstanceId(); String ins_type = amazonWebservices.getInstanceType(); this.username = amazonWebservices.getUsername(); log.info("ACCESS_KEY:" + access_key); log.info("SECRET_KEY:" + secret_key); log.info("AMI_ID:" + ami_id); log.info("INS_ID:" + ins_id); log.info("INS_TYPE:" + ins_type); log.info("USERNAME:" + username); /* * Validation */ if (access_key == null || access_key.isEmpty()) throw new ProviderException("Access Key is empty"); if (secret_key == null || secret_key.isEmpty()) throw new ProviderException("Secret Key is empty"); if ((ami_id == null && ins_id == null) || (ami_id != null && ami_id.isEmpty()) || (ins_id != null && ins_id.isEmpty())) throw new ProviderException("AMI or Instance ID is empty"); if (this.username == null || this.username.isEmpty()) throw new ProviderException("Username is empty"); /* * Need to start EC2 instance before running it */ AWSCredentials credential = new BasicAWSCredentials(access_key, secret_key); AmazonEC2Client ec2client = new AmazonEC2Client(credential); try { /* * Build key pair before start instance */ buildKeyPair(ec2client); // right now, we can run it on one host if (ami_id != null) this.instance = startInstances(ec2client, ami_id, ins_type, execContext).get(0); else { // already running instance DescribeInstancesRequest describeInstancesRequest = new DescribeInstancesRequest(); DescribeInstancesResult describeInstancesResult = ec2client .describeInstances(describeInstancesRequest.withInstanceIds(ins_id)); if (describeInstancesResult.getReservations().size() == 0 || describeInstancesResult.getReservations().get(0).getInstances().size() == 0) { throw new GfacException("Instance not found:" + ins_id); } this.instance = describeInstancesResult.getReservations().get(0).getInstances().get(0); // check instance keypair if (this.instance.getKeyName() == null || !this.instance.getKeyName().equals(KEY_PAIR_NAME)) throw new GfacException("Keypair for instance:" + ins_id + " is not valid"); } //TODO send out instance id //execContext.getNotificationService().sendResourceMappingNotifications(this.instance.getPublicDnsName(), "EC2 Instance " + this.instance.getInstanceId() + " is running with public name " + this.instance.getPublicDnsName(), this.instance.getInstanceId()); /* * Make sure port 22 is connectable */ for (GroupIdentifier g : this.instance.getSecurityGroups()) { IpPermission ip = new IpPermission(); ip.setIpProtocol("tcp"); ip.setFromPort(22); ip.setToPort(22); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try { ec2client.authorizeSecurityGroupIngress(r); } catch (AmazonServiceException as) { /* * If exception is from duplicate room, ignore it. */ if (!as.getErrorCode().equals("InvalidPermission.Duplicate")) throw as; } } } catch (Exception e) { throw new ProviderException("Invalied Request", e); } SSHSecurityContextImpl sshContext = ((SSHSecurityContextImpl) invocationContext .getSecurityContext(SSH_SECURITY_CONTEXT)); if (sshContext == null) { sshContext = new SSHSecurityContextImpl(); } sshContext.setUsername(username); sshContext.setKeyPass(""); sshContext.setPrivateKeyLoc(privateKeyFilePath); invocationContext.addSecurityContext(SSH_SECURITY_CONTEXT, sshContext); //set to super class /*setUsername(username); setPassword(""); setKnownHostsFileName(null); setKeyFileName(privateKeyFilePath);*/ // we need to erase gridftp URL since we will forcefully use SFTP // TODO /*execContext.setHost(this.instance.getPublicDnsName()); execContext.getHostDesc().getHostConfiguration().setGridFTPArray(null); execContext.setFileTransferService(new SshFileTransferService(execContext, this.username, privateKeyFilePath));*/ }
From source file:org.apache.airavata.gfac.ec2.EC2Provider.java
License:Apache License
/** * Checks whether the port 22 of the Amazon instance is accessible. * * @param instance Amazon instance id./*from w ww. j a v a 2 s.c om*/ * @param ec2client AmazonEC2Client object */ private void checkConnection(Instance instance, AmazonEC2Client ec2client) { /* Make sure port 22 is connectible */ for (GroupIdentifier g : instance.getSecurityGroups()) { IpPermission ip = new IpPermission(); ip.setIpProtocol("tcp"); ip.setFromPort(SSH_PORT); ip.setToPort(SSH_PORT); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try { ec2client.authorizeSecurityGroupIngress(r); } catch (AmazonServiceException as) { /* If exception is from duplicate room, ignore it. */ if (!as.getErrorCode().equals("InvalidPermission.Duplicate")) throw as; } } }