List of usage examples for com.amazonaws.services.ec2.model AuthorizeSecurityGroupIngressRequest AuthorizeSecurityGroupIngressRequest
public AuthorizeSecurityGroupIngressRequest(String groupName, java.util.List<IpPermission> ipPermissions)
From source file:Security.java
License:Open Source License
String createSG(AmazonEC2 ec2) throws IOException { try {// w ww . java 2 s.c o m securitygroup = "VirualIT_Security_Group" + Virtualize.no_of_days; CreateSecurityGroupRequest reqsec = new CreateSecurityGroupRequest().withGroupName(securitygroup) .withDescription("ssh-tcp-https-http"); CreateSecurityGroupResult ressec = ec2.createSecurityGroup(reqsec); String ipAddr = "0.0.0.0/0"; ArrayList<String> ipRanges = new ArrayList<String>(); ipRanges.add(ipAddr); ArrayList<IpPermission> ipPermissions = new ArrayList<IpPermission>(); IpPermission ipPermission_ssh = new IpPermission(); ipPermission_ssh.setIpProtocol("tcp"); ipPermission_ssh.setFromPort(new Integer(22)); ipPermission_ssh.setToPort(new Integer(22)); IpPermission ipPermission_http = new IpPermission(); ipPermission_http.setIpProtocol("tcp"); ipPermission_http.setFromPort(new Integer(80)); ipPermission_http.setToPort(new Integer(80)); IpPermission ipPermission_https = new IpPermission(); ipPermission_https.setIpProtocol("tcp"); ipPermission_https.setFromPort(new Integer(443)); ipPermission_https.setToPort(new Integer(443)); ipPermission_ssh.setIpRanges(ipRanges); ipPermission_http.setIpRanges(ipRanges); ipPermission_https.setIpRanges(ipRanges); ipPermissions.add(ipPermission_http); ipPermissions.add(ipPermission_https); ipPermissions.add(ipPermission_ssh); try { // Authorize the ports to the used. AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest( securitygroup, ipPermissions); ec2.authorizeSecurityGroupIngress(ingressRequest); System.out.println("Assigned " + ingressRequest); } catch (AmazonServiceException ase) { // Ignore because this likely means the zone has already been authorized. System.err.println(ase.getMessage()); } DescribeSecurityGroupsRequest x = new DescribeSecurityGroupsRequest().withGroupNames(securitygroup); DescribeSecurityGroupsResult secgrp = ec2.describeSecurityGroups(x); for (SecurityGroup s : secgrp.getSecurityGroups()) { if (s.getGroupName().equals(securitygroup)) { System.out.println(s.getIpPermissions()); } } } catch (AmazonServiceException ase) { System.out.println("Caught Exception: " + ase.getMessage()); System.out.println("Reponse Status Code: " + ase.getStatusCode()); System.out.println("Error Code: " + ase.getErrorCode()); System.out.println("Request ID: " + ase.getRequestId()); } return securitygroup; }
From source file:SecurityGroup.java
License:Open Source License
public void create(String groupName) { AWSCredentials credentials = null;/* w w w. j ava 2 s. c o m*/ try { credentials = new ProfileCredentialsProvider("School").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load the credentials from the credential profiles file. " + "Please make sure that your credentials file is at the correct " + "location (C:\\Users\\Jiabei\\.aws\\credentials), and is in valid format.", e); } // Create the AmazonEC2Client object so we can call various APIs. AmazonEC2 ec2 = new AmazonEC2Client(credentials); Region usEast1 = Region.getRegion(Regions.US_EAST_1); ec2.setRegion(usEast1); // Create a new security group. try { CreateSecurityGroupRequest securityGroupRequest = new CreateSecurityGroupRequest(groupName, "Security created for P2"); CreateSecurityGroupResult result = ec2.createSecurityGroup(securityGroupRequest); System.out.println(String.format("Security group created: [%s]", result.getGroupId())); groupId = result.getGroupId(); } catch (AmazonServiceException ase) { // Likely this means that the group is already created, so ignore. System.out.println(ase.getMessage()); } // Create a range that you would like to populate. List<String> ipRanges = Collections.singletonList("0.0.0.0/0"); // Open all port IpPermission ipPermission = new IpPermission().withIpProtocol("-1").withFromPort(new Integer(0)) .withToPort(new Integer(65535)).withIpRanges(ipRanges); List<IpPermission> ipPermissions = Collections.singletonList(ipPermission); try { // Authorize the ports to the used. AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest( groupName, ipPermissions); ec2.authorizeSecurityGroupIngress(ingressRequest); System.out.println(String.format("Ingress port authroized: [%s]", ipPermissions.toString())); } catch (AmazonServiceException ase) { // Ignore because this likely means the zone has already been authorized. System.out.println(ase.getMessage()); } }
From source file:CreateSecurityGroupApp.java
License:Open Source License
public static void main(String[] args) { /*//w w w .ja va 2s. com * The ProfileCredentialsProvider will return your [New Profile] * credential profile by reading from the credentials file located at * (C:\\Users\\Accolite\\.aws\\credentials). */ AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider("New Profile").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load the credentials from the credential profiles file. " + "Please make sure that your credentials file is at the correct " + "location (C:\\Users\\Accolite\\.aws\\credentials), and is in valid format.", e); } // Create the AmazonEC2Client object so we can call various APIs. AmazonEC2 ec2 = new AmazonEC2Client(credentials); Region usWest2 = Region.getRegion(Regions.US_WEST_2); ec2.setRegion(usWest2); // Create a new security group. try { CreateSecurityGroupRequest securityGroupRequest = new CreateSecurityGroupRequest("Muneer_SG", "My Security Group"); CreateSecurityGroupResult result = ec2.createSecurityGroup(securityGroupRequest); System.out.println(String.format("Security group created: [%s]", result.getGroupId())); } catch (AmazonServiceException ase) { // Likely this means that the group is already created, so ignore. System.out.println(ase.getMessage()); } String ipAddr = "0.0.0.0/0"; // Get the IP of the current host, so that we can limit the Security Group // by default to the ip range associated with your subnet. try { InetAddress addr = InetAddress.getLocalHost(); // Get IP Address ipAddr = addr.getHostAddress() + "/10"; } catch (UnknownHostException e) { } // Create a range that you would like to populate. List<String> ipRanges = Collections.singletonList(ipAddr); // Open up port 23 for TCP traffic to the associated IP from above (e.g. ssh traffic). IpPermission ipPermission = new IpPermission().withIpProtocol("tcp").withFromPort(new Integer(22)) .withToPort(new Integer(22)).withIpRanges(ipRanges); List<IpPermission> ipPermissions = Collections.singletonList(ipPermission); try { // Authorize the ports to the used. AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest( "GettingStartedGroup", ipPermissions); ec2.authorizeSecurityGroupIngress(ingressRequest); System.out.println(String.format("Ingress port authroized: [%s]", ipPermissions.toString())); } catch (AmazonServiceException ase) { // Ignore because this likely means the zone has already been authorized. System.out.println(ase.getMessage()); } }
From source file:advanced.CreateSecurityGroupApp.java
License:Open Source License
/** * @param args//from ww w. j a va2s . co m */ public static void main(String[] args) { // Retrieves the credentials from an AWSCredentials.properties file. AWSCredentials credentials = null; try { credentials = new PropertiesCredentials( InlineTaggingCodeSampleApp.class.getResourceAsStream("AwsCredentials.properties")); } catch (IOException e1) { System.out.println("Credentials were not properly entered into AwsCredentials.properties."); System.out.println(e1.getMessage()); System.exit(-1); } // Create the AmazonEC2Client object so we can call various APIs. AmazonEC2 ec2 = new AmazonEC2Client(credentials); // Create a new security group. try { CreateSecurityGroupRequest securityGroupRequest = new CreateSecurityGroupRequest("GettingStartedGroup", "Getting Started Security Group"); ec2.createSecurityGroup(securityGroupRequest); } catch (AmazonServiceException ase) { // Likely this means that the group is already created, so ignore. System.out.println(ase.getMessage()); } String ipAddr = "0.0.0.0/0"; // Get the IP of the current host, so that we can limit the Security Group // by default to the ip range associated with your subnet. try { InetAddress addr = InetAddress.getLocalHost(); // Get IP Address ipAddr = addr.getHostAddress() + "/10"; } catch (UnknownHostException e) { } //System.exit(-1); // Create a range that you would like to populate. ArrayList<String> ipRanges = new ArrayList<String>(); ipRanges.add(ipAddr); // Open up port 23 for TCP traffic to the associated IP from above (e.g. ssh traffic). ArrayList<IpPermission> ipPermissions = new ArrayList<IpPermission>(); IpPermission ipPermission = new IpPermission(); ipPermission.setIpProtocol("tcp"); ipPermission.setFromPort(new Integer(22)); ipPermission.setToPort(new Integer(22)); ipPermission.setIpRanges(ipRanges); ipPermissions.add(ipPermission); try { // Authorize the ports to the used. AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest( "GettingStartedGroup", ipPermissions); ec2.authorizeSecurityGroupIngress(ingressRequest); } catch (AmazonServiceException ase) { // Ignore because this likely means the zone has already been authorized. System.out.println(ase.getMessage()); } }
From source file:aws.sample.CreateSecurityGroupApp.java
License:Open Source License
/** * @param args//from w w w . j av a 2 s .c o m */ public static void main(String[] args) { // Retrieves the credentials from an AWSCredentials.properties file. AWSCredentials credentials = null; try { credentials = new PropertiesCredentials( InlineGettingStartedCodeSampleApp.class.getResourceAsStream("AwsCredentials.properties")); } catch (IOException e1) { System.out.println("Credentials were not properly entered into AwsCredentials.properties."); System.out.println(e1.getMessage()); System.exit(-1); } // Create the AmazonEC2Client object so we can call various APIs. AmazonEC2 ec2 = new AmazonEC2Client(credentials); // Create a new security group. try { CreateSecurityGroupRequest securityGroupRequest = new CreateSecurityGroupRequest("GettingStartedGroup", "Getting Started Security Group"); ec2.createSecurityGroup(securityGroupRequest); } catch (AmazonServiceException ase) { // Likely this means that the group is already created, so ignore. System.out.println(ase.getMessage()); } String ipAddr = "0.0.0.0/0"; // Get the IP of the current host, so that we can limit the Security Group // by default to the ip range associated with your subnet. try { InetAddress addr = InetAddress.getLocalHost(); // Get IP Address ipAddr = addr.getHostAddress() + "/10"; } catch (UnknownHostException e) { } // System.exit(-1); // Create a range that you would like to populate. ArrayList<String> ipRanges = new ArrayList<String>(); ipRanges.add(ipAddr); // Open up port 23 for TCP traffic to the associated IP from above (e.g. ssh traffic). ArrayList<IpPermission> ipPermissions = new ArrayList<IpPermission>(); IpPermission ipPermission = new IpPermission(); ipPermission.setIpProtocol("tcp"); ipPermission.setFromPort(new Integer(22)); ipPermission.setToPort(new Integer(22)); ipPermission.setIpRanges(ipRanges); ipPermissions.add(ipPermission); try { // Authorize the ports to the used. AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest( "GettingStartedGroup", ipPermissions); ec2.authorizeSecurityGroupIngress(ingressRequest); } catch (AmazonServiceException ase) { // Ignore because this likely means the zone has already been authorized. System.out.println(ase.getMessage()); } }
From source file:c3.ops.priam.aws.AWSMembership.java
License:Apache License
/** * Adds a iplist to the SG./*from ww w .ja v a 2 s . co m*/ */ public void addACL(Collection<String> listIPs, int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add(new IpPermission().withFromPort(from).withIpProtocol("tcp").withIpRanges(listIPs) .withToPort(to)); client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(config.getACLGroupName(), ipPermissions)); logger.info("Done adding ACL to: " + StringUtils.join(listIPs, ",")); } finally { if (client != null) client.shutdown(); } }
From source file:ch.admin.isb.hermes5.tools.deploysupport.DeploySupport.java
License:Apache License
public void addIpToEC2SecurityGroup() { List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); System.out.println("adding tcp rule " + clientIpRange + " " + targetPort); ipPermissions.add(ec2TcpPermission()); AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest( ec2securityGroupName, ipPermissions); try {//from w w w .j av a 2 s . c om ec2().authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); audit("Opened Port: " + targetPort); } catch (Exception e) { audit("Unable to opened port: " + targetPort); e.printStackTrace(); } }
From source file:com.appdynamics.connectors.AWSConnector.java
License:Apache License
private void validateAndConfigureSecurityGroups(List<String> securityGroupNames, AmazonEC2 connector) throws ConnectorException { DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResult describeSecurityGroupsResult = connector .describeSecurityGroups(describeSecurityGroupsRequest.withGroupNames(securityGroupNames)); String controllerIp = "0.0.0.0/0"; int agentPort = controllerServices.getDefaultAgentPort(); // check if any one of the security group // already has agent port and controller ip List<SecurityGroup> securityGroups = describeSecurityGroupsResult.getSecurityGroups(); for (SecurityGroup securityGroup : securityGroups) { List<IpPermission> ipPermissions = securityGroup.getIpPermissions(); for (IpPermission permission : ipPermissions) { if (permission.getIpRanges().contains(controllerIp) && (agentPort >= permission.getFromPort() && agentPort <= permission.getToPort())) { return; }//from w w w. ja v a2 s . c o m } } String securityGroup = null; if (securityGroups.contains(Utils.DEFAULT_SECURITY_GROUP)) { securityGroup = Utils.DEFAULT_SECURITY_GROUP; } else { securityGroup = securityGroups.get(0).getGroupName(); } IpPermission ipPermission = new IpPermission(); ipPermission.setFromPort(agentPort); ipPermission.setToPort(agentPort); ipPermission.setIpProtocol("tcp"); ipPermission.setIpRanges(Lists.newArrayList(controllerIp)); connector.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(securityGroup, Lists.newArrayList(ipPermission))); }
From source file:com.brighttag.agathon.security.ec2.Ec2SecurityGroupService.java
License:Apache License
@Override public void authorizeIngressRules(String groupName, String dataCenter, SecurityGroupPermission permission) { client(dataCenter).authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(groupName, toIpPermissions(permission))); }
From source file:com.github.trask.sandbox.ec2.Ec2Service.java
License:Apache License
public void syncInboundRules(SecurityGroup securityGroup, List<IpPermission> ipPermissions) { List<WrappedIpPermission> revokeWrappedIpPermissions = wrap(securityGroup.getIpPermissions()); revokeWrappedIpPermissions.removeAll(wrap(ipPermissions)); List<WrappedIpPermission> authorizeWrappedIpPermissions = wrap(ipPermissions); authorizeWrappedIpPermissions.removeAll(wrap(securityGroup.getIpPermissions())); // revoke must be done first in case one of multiple UserIdGroupPairs for // a single IpPermission is being revoked if (!revokeWrappedIpPermissions.isEmpty()) { RevokeSecurityGroupIngressRequest request = new RevokeSecurityGroupIngressRequest( securityGroup.getGroupName(), new ArrayList<IpPermission>(unwrap(revokeWrappedIpPermissions))); ec2.revokeSecurityGroupIngress(request); }/* w w w .j a v a 2s. c o m*/ if (!authorizeWrappedIpPermissions.isEmpty()) { AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest( securityGroup.getGroupName(), new ArrayList<IpPermission>(unwrap(authorizeWrappedIpPermissions))); ec2.authorizeSecurityGroupIngress(request); } }