List of usage examples for com.amazonaws.services.ec2.model AuthorizeSecurityGroupIngressRequest setCidrIp
public void setCidrIp(String cidrIp)
The IPv4 address range, in CIDR format.
From source file:org.apache.stratos.aws.extension.AWSHelper.java
License:Apache License
/** * Adds inbound rule to the security group which allows users to access load * balancer at specified port and using the specified protocol. Port * specified should be a proxy port mentioned in the port mappings of the * cartridge./*from w ww . j a v a 2s. c om*/ * * @param groupId to which this rule to be added * @param region of the security group * @param protocol with which load balancer can be accessed * @param port at which load balancer can be accessed * @throws LoadBalancerExtensionException */ public void addInboundRuleToSecurityGroup(String groupId, String region, String protocol, int port) throws LoadBalancerExtensionException { if (groupId == null || groupId.isEmpty()) { throw new LoadBalancerExtensionException( "Invalid security group Id for addInboundRuleToSecurityGroup."); } boolean ruleAlreadyPresent = false; DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); List<String> groupIds = new ArrayList<String>(); groupIds.add(groupId); describeSecurityGroupsRequest.setGroupIds(groupIds); SecurityGroup secirutyGroup = null; try { ec2Client.setEndpoint(String.format(Constants.EC2_ENDPOINT_URL_FORMAT, region)); DescribeSecurityGroupsResult describeSecurityGroupsResult = ec2Client .describeSecurityGroups(describeSecurityGroupsRequest); List<SecurityGroup> securityGroups = describeSecurityGroupsResult.getSecurityGroups(); if (securityGroups != null && securityGroups.size() > 0) { secirutyGroup = securityGroups.get(0); } else { log.warn("No Security Groups found for group id " + groupId); } } catch (AmazonClientException e) { log.error("Could not describe security groups.", e); } if (secirutyGroup != null) { List<IpPermission> existingPermissions = secirutyGroup.getIpPermissions(); IpPermission neededPermission = new IpPermission(); neededPermission.setFromPort(port); neededPermission.setToPort(port); neededPermission.setIpProtocol(protocol); Collection<String> ipRanges = new HashSet<String>(); ipRanges.add(this.allowedCidrIpForLBSecurityGroup); neededPermission.setIpRanges(ipRanges); if (existingPermissions.contains(neededPermission)) { ruleAlreadyPresent = true; } } if (!ruleAlreadyPresent) { AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest(); authorizeSecurityGroupIngressRequest.setGroupId(groupId); authorizeSecurityGroupIngressRequest.setCidrIp(this.allowedCidrIpForLBSecurityGroup); authorizeSecurityGroupIngressRequest.setFromPort(port); authorizeSecurityGroupIngressRequest.setToPort(port); authorizeSecurityGroupIngressRequest.setIpProtocol(protocol); try { ec2Client.setEndpoint(String.format(Constants.EC2_ENDPOINT_URL_FORMAT, region)); ec2Client.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); } catch (AmazonClientException e) { throw new LoadBalancerExtensionException( "Could not add inbound rule to security group " + groupId + ".", e); } } else { log.info("Rules already present for security group " + groupId); } }
From source file:org.openinfinity.cloud.service.administrator.EC2Wrapper.java
License:Apache License
public void authorizeIPs(String securityGroupName, String cidrIp, Integer fromPort, Integer toPort, String protocol) {//from w w w . j a v a2 s . co m try { AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest(); if (this.cloudType == InstanceService.CLOUD_TYPE_EUCALYPTUS) { request.setFromPort(fromPort); request.setToPort(toPort); request.setCidrIp(cidrIp); request.setIpProtocol(protocol); } else { IpPermission perm = new IpPermission(); perm.setFromPort(fromPort); perm.setToPort(toPort); perm.setIpProtocol(protocol); List<String> ipRanges = new ArrayList<String>(); ipRanges.add(cidrIp); perm.setIpRanges(ipRanges); List<IpPermission> permList = new ArrayList<IpPermission>(); permList.add(perm); request.setIpPermissions(permList); } request.setGroupName(securityGroupName); ec2.authorizeSecurityGroupIngress(request); } catch (Exception e) { String message = e.getMessage(); LOG.error("Could not set authorized IP:s to security group: " + message); ExceptionUtil.throwSystemException(message, e); } }