List of usage examples for com.amazonaws.services.ec2 AmazonEC2Client createSecurityGroup
@Override
public CreateSecurityGroupResult createSecurityGroup(CreateSecurityGroupRequest request)
Creates a security group.
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsDataSourceRecovery.java
License:Open Source License
private String recoverVpcSecurityGroup(AwsReportDataSource awsReportDataSource, String vpcId, String ingressPublicIp) { AWSCredentials awsCredentials = AwsCredentialUtil.getAWSCredentials(awsReportDataSource.getAWSAccessKey(), awsReportDataSource.getAWSSecretKey(), awsReportDataSource.getRoleARN()); //Security//from w w w . j av a 2 s . c om AmazonEC2Client amazonEc2Client = new AmazonEC2Client(awsCredentials); SecurityGroup vpcSecurityGroup = null; try { DescribeSecurityGroupsResult describeSecurityGroupsResult = amazonEc2Client.describeSecurityGroups(); if (describeSecurityGroupsResult != null && describeSecurityGroupsResult.getSecurityGroups() != null && describeSecurityGroupsResult.getSecurityGroups().size() > 0) { for (SecurityGroup securityGroup : describeSecurityGroupsResult.getSecurityGroups()) { if (securityGroup.getVpcId() != null && securityGroup.getVpcId().equals(vpcId) && securityGroup.getGroupName().equals(awsProperties.getSecurityGroupName())) { vpcSecurityGroup = securityGroup; break; } } } } catch (Exception ex) { //Have to be empty. } boolean ingressIpMaskExist = false; String vpcSecurityGroupId; if (vpcSecurityGroup != null) { vpcSecurityGroupId = vpcSecurityGroup.getGroupId(); List<IpPermission> ipPermissions = vpcSecurityGroup.getIpPermissions(); if (ipPermissions != null && ipPermissions.size() > 0) { for (IpPermission ipPermission : ipPermissions) { if (ipPermission.getIpRanges() != null && ipPermission.getIpRanges().size() > 0 && ipPermission.getIpRanges().contains(ingressPublicIp)) { ingressIpMaskExist = true; } } } if (!ingressIpMaskExist && ipPermissions != null && ipPermissions.size() > 0) { RevokeSecurityGroupIngressRequest revokeSecurityGroupIngressRequest = new RevokeSecurityGroupIngressRequest() .withGroupId(vpcSecurityGroup.getGroupId()).withIpPermissions() .withIpPermissions(vpcSecurityGroup.getIpPermissions()); amazonEc2Client.revokeSecurityGroupIngress(revokeSecurityGroupIngressRequest); } } else { vpcSecurityGroupId = amazonEc2Client .createSecurityGroup( new CreateSecurityGroupRequest().withGroupName(awsProperties.getSecurityGroupName()) .withVpcId(vpcId).withDescription(awsProperties.getSecurityGroupDescription())) .getGroupId(); } if (!ingressIpMaskExist) { IpPermission ipPermission = new IpPermission().withIpProtocol("tcp").withIpRanges(ingressPublicIp) .withFromPort(0).withToPort(65535); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add(ipPermission); AuthorizeSecurityGroupIngressRequest authorizeRequest = new AuthorizeSecurityGroupIngressRequest() .withIpPermissions(ipPermissions).withGroupId(vpcSecurityGroupId); amazonEc2Client.authorizeSecurityGroupIngress(authorizeRequest); } return vpcSecurityGroupId; }
From source file:n3phele.factory.ec2.VirtualServerResource.java
License:Open Source License
private boolean makeSecurityGroup(String groupName, String id, String secret, URI location, String to, String firstName, String lastName) { AmazonEC2Client client = null; client = getEC2Client(id, secret, location); boolean found = true; boolean failed = false; try {/* w ww . jav a 2s . c o m*/ client.createSecurityGroup(new CreateSecurityGroupRequest().withGroupName("n3phele-" + groupName) .withDescription("n3phele " + groupName + " security group")); String ownerId = null; DescribeSecurityGroupsResult newGroupResult = client.describeSecurityGroups(); for (SecurityGroup g : newGroupResult.getSecurityGroups()) { if (g.getGroupName().equals("n3phele-" + groupName)) { ownerId = g.getOwnerId(); } } if (ownerId == null) return false; log.info("found ownerId of " + ownerId); log.info("adding ssh ports"); try { client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest().withGroupName("n3phele-" + groupName) .withCidrIp("0.0.0.0/0").withIpProtocol("tcp").withFromPort(22).withToPort(22)); } catch (Exception e) { log.log(Level.SEVERE, "Create security group " + groupName, e); failed = true; } log.info("adding agent ports"); try { client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest().withGroupName("n3phele-" + groupName) .withCidrIp("0.0.0.0/0").withIpProtocol("tcp").withFromPort(8887).withToPort(8887)); } catch (Exception e) { log.log(Level.SEVERE, "Create security group " + groupName, e); failed = true; } if (!failed) { log.info("adding self access"); try { List<IpPermission> permissions = new ArrayList<IpPermission>(); UserIdGroupPair userIdGroupPairs = new UserIdGroupPair().withUserId(ownerId) .withGroupName("n3phele-" + groupName); permissions.add(new IpPermission().withIpProtocol("icmp").withFromPort(-1).withToPort(-1) .withUserIdGroupPairs(userIdGroupPairs)); permissions.add(new IpPermission().withIpProtocol("tcp").withFromPort(1).withToPort(65535) .withUserIdGroupPairs(userIdGroupPairs)); permissions.add(new IpPermission().withIpProtocol("udp").withFromPort(1).withToPort(65535) .withUserIdGroupPairs(userIdGroupPairs)); log.info("adding icmp/tcp/udp"); client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest("n3phele-" + groupName, permissions)); } catch (Exception e) { log.log(Level.WARNING, "Error adding self access to group " + groupName, e); } } if (failed) { client.deleteSecurityGroup(new DeleteSecurityGroupRequest().withGroupName("n3phele-" + groupName)); found = false; } else { sendSecurityGroupNotificationEmail("n3phele-" + groupName, to, firstName, lastName, location); } } catch (Exception e) { log.log(Level.SEVERE, "Create security group " + groupName, e); client.deleteSecurityGroup(new DeleteSecurityGroupRequest().withGroupName("n3phele-" + groupName)); found = false; } return found; }