Example usage for com.amazonaws.services.ec2.model AuthorizeSecurityGroupIngressRequest withGroupId

List of usage examples for com.amazonaws.services.ec2.model AuthorizeSecurityGroupIngressRequest withGroupId

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.services.ec2.model.*
  5. AuthorizeSecurityGroupIngressRequest
  6. withGroupId

Introduction

In this page you can find the example usage for com.amazonaws.services.ec2.model AuthorizeSecurityGroupIngressRequest withGroupId.

Prototype


public AuthorizeSecurityGroupIngressRequest withGroupId(String groupId)

Source Link

Document

The ID of the security group.

Usage

From source file:com.netflix.dynomitemanager.sidecore.aws.AWSMembership.java

License:Apache License

/**
 * Adding peers' IPs as ingress to the running instance SG.  The running instance could be in "classic" or "vpc"
 *//* w  w  w . j a  va 2s . c  o m*/
public void addACL(Collection<String> listIPs, int from, int to) {
    AmazonEC2 client = null;
    try {
        client = getEc2Client();
        List<IpPermission> ipPermissions = new ArrayList<IpPermission>();
        ipPermissions.add(new IpPermission().withFromPort(from).withIpProtocol("tcp").withIpRanges(listIPs)
                .withToPort(to));

        if (this.insEnvIdentity.isClassic()) {
            client.authorizeSecurityGroupIngress(
                    new AuthorizeSecurityGroupIngressRequest(config.getACLGroupName(), ipPermissions));
            logger.info("Done adding ACL to classic: " + StringUtils.join(listIPs, ","));
        } else {
            AuthorizeSecurityGroupIngressRequest sgIngressRequest = new AuthorizeSecurityGroupIngressRequest();
            sgIngressRequest.withGroupId(getVpcGroupId()); //fetch SG group id for VPC account of the running instances.
            client.authorizeSecurityGroupIngress(sgIngressRequest.withIpPermissions(ipPermissions)); //Adding peers' IPs as ingress to the SG that the running instance belongs to
            logger.info("Done adding ACL to vpc: " + StringUtils.join(listIPs, ","));
        }

    } finally {
        if (client != null)
            client.shutdown();
    }
}

From source file:de.unibi.cebitec.bibigrid.meta.aws.CreateClusterEnvironmentAWS.java

@Override
public CreateClusterEnvironmentAWS createSecurityGroup() {
    CreateTagsRequest tagRequest = new CreateTagsRequest();
    tagRequest.withResources(subnet.getSubnetId()).withTags(cluster.getBibigridid(),
            new Tag("Name", SUBNET_PREFIX + cluster.getClusterId()));
    cluster.getEc2().createTags(tagRequest);

    ///////////////////////////////////////////////////////////////////////
    ///// MASTERIP
    MASTERIP = SubNets.getFirstIP(subnet.getCidrBlock());

    ////////////////////////////////////////////////////////////////////////
    ///// create security group with full internal access / ssh from outside
    log.info("Creating security group...");

    CreateSecurityGroupRequest secReq = new CreateSecurityGroupRequest();
    secReq.withGroupName(SECURITY_GROUP_PREFIX + cluster.getClusterId()).withDescription(cluster.getClusterId())
            .withVpcId(vpc.getVpcId());//from   w  ww .  ja v a2s. c om
    secReqResult = cluster.getEc2().createSecurityGroup(secReq);

    log.info(V, "security group id: {}", secReqResult.getGroupId());

    UserIdGroupPair secGroupSelf = new UserIdGroupPair().withGroupId(secReqResult.getGroupId());

    IpPermission secGroupAccessSsh = new IpPermission();
    secGroupAccessSsh.withIpProtocol("tcp").withFromPort(22).withToPort(22).withIpRanges("0.0.0.0/0");
    IpPermission secGroupSelfAccessTcp = new IpPermission();
    secGroupSelfAccessTcp.withIpProtocol("tcp").withFromPort(0).withToPort(65535)
            .withUserIdGroupPairs(secGroupSelf);
    IpPermission secGroupSelfAccessUdp = new IpPermission();
    secGroupSelfAccessUdp.withIpProtocol("udp").withFromPort(0).withToPort(65535)
            .withUserIdGroupPairs(secGroupSelf);
    IpPermission secGroupSelfAccessIcmp = new IpPermission();
    secGroupSelfAccessIcmp.withIpProtocol("icmp").withFromPort(-1).withToPort(-1)
            .withUserIdGroupPairs(secGroupSelf);

    List<IpPermission> allIpPermissions = new ArrayList<>();
    allIpPermissions.add(secGroupAccessSsh);
    allIpPermissions.add(secGroupSelfAccessTcp);
    allIpPermissions.add(secGroupSelfAccessUdp);
    allIpPermissions.add(secGroupSelfAccessIcmp);
    for (Port port : cluster.getConfig().getPorts()) {
        log.info("{}:{}", port.iprange, "" + port.number);
        IpPermission additionalPortTcp = new IpPermission();
        additionalPortTcp.withIpProtocol("tcp").withFromPort(port.number).withToPort(port.number)
                .withIpRanges(port.iprange);
        allIpPermissions.add(additionalPortTcp);
        IpPermission additionalPortUdp = new IpPermission();
        additionalPortUdp.withIpProtocol("udp").withFromPort(port.number).withToPort(port.number)
                .withIpRanges(port.iprange);
        allIpPermissions.add(additionalPortUdp);
    }

    AuthorizeSecurityGroupIngressRequest ruleChangerReq = new AuthorizeSecurityGroupIngressRequest();
    ruleChangerReq.withGroupId(secReqResult.getGroupId()).withIpPermissions(allIpPermissions);

    tagRequest = new CreateTagsRequest();
    tagRequest.withResources(secReqResult.getGroupId()).withTags(cluster.getBibigridid(),
            new Tag("Name", SECURITY_GROUP_PREFIX + cluster.getClusterId()));
    cluster.getEc2().createTags(tagRequest);

    cluster.getEc2().authorizeSecurityGroupIngress(ruleChangerReq);

    return this;
}