List of usage examples for com.amazonaws.services.ec2.model AuthorizeSecurityGroupIngressRequest withGroupId
public AuthorizeSecurityGroupIngressRequest withGroupId(String groupId)
The ID of the security group.
From source file:com.netflix.dynomitemanager.sidecore.aws.AWSMembership.java
License:Apache License
/** * Adding peers' IPs as ingress to the running instance SG. The running instance could be in "classic" or "vpc" *//* w w w . j a va 2s . c o m*/ public void addACL(Collection<String> listIPs, int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add(new IpPermission().withFromPort(from).withIpProtocol("tcp").withIpRanges(listIPs) .withToPort(to)); if (this.insEnvIdentity.isClassic()) { client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(config.getACLGroupName(), ipPermissions)); logger.info("Done adding ACL to classic: " + StringUtils.join(listIPs, ",")); } else { AuthorizeSecurityGroupIngressRequest sgIngressRequest = new AuthorizeSecurityGroupIngressRequest(); sgIngressRequest.withGroupId(getVpcGroupId()); //fetch SG group id for VPC account of the running instances. client.authorizeSecurityGroupIngress(sgIngressRequest.withIpPermissions(ipPermissions)); //Adding peers' IPs as ingress to the SG that the running instance belongs to logger.info("Done adding ACL to vpc: " + StringUtils.join(listIPs, ",")); } } finally { if (client != null) client.shutdown(); } }
From source file:de.unibi.cebitec.bibigrid.meta.aws.CreateClusterEnvironmentAWS.java
@Override public CreateClusterEnvironmentAWS createSecurityGroup() { CreateTagsRequest tagRequest = new CreateTagsRequest(); tagRequest.withResources(subnet.getSubnetId()).withTags(cluster.getBibigridid(), new Tag("Name", SUBNET_PREFIX + cluster.getClusterId())); cluster.getEc2().createTags(tagRequest); /////////////////////////////////////////////////////////////////////// ///// MASTERIP MASTERIP = SubNets.getFirstIP(subnet.getCidrBlock()); //////////////////////////////////////////////////////////////////////// ///// create security group with full internal access / ssh from outside log.info("Creating security group..."); CreateSecurityGroupRequest secReq = new CreateSecurityGroupRequest(); secReq.withGroupName(SECURITY_GROUP_PREFIX + cluster.getClusterId()).withDescription(cluster.getClusterId()) .withVpcId(vpc.getVpcId());//from w ww . ja v a2s. c om secReqResult = cluster.getEc2().createSecurityGroup(secReq); log.info(V, "security group id: {}", secReqResult.getGroupId()); UserIdGroupPair secGroupSelf = new UserIdGroupPair().withGroupId(secReqResult.getGroupId()); IpPermission secGroupAccessSsh = new IpPermission(); secGroupAccessSsh.withIpProtocol("tcp").withFromPort(22).withToPort(22).withIpRanges("0.0.0.0/0"); IpPermission secGroupSelfAccessTcp = new IpPermission(); secGroupSelfAccessTcp.withIpProtocol("tcp").withFromPort(0).withToPort(65535) .withUserIdGroupPairs(secGroupSelf); IpPermission secGroupSelfAccessUdp = new IpPermission(); secGroupSelfAccessUdp.withIpProtocol("udp").withFromPort(0).withToPort(65535) .withUserIdGroupPairs(secGroupSelf); IpPermission secGroupSelfAccessIcmp = new IpPermission(); secGroupSelfAccessIcmp.withIpProtocol("icmp").withFromPort(-1).withToPort(-1) .withUserIdGroupPairs(secGroupSelf); List<IpPermission> allIpPermissions = new ArrayList<>(); allIpPermissions.add(secGroupAccessSsh); allIpPermissions.add(secGroupSelfAccessTcp); allIpPermissions.add(secGroupSelfAccessUdp); allIpPermissions.add(secGroupSelfAccessIcmp); for (Port port : cluster.getConfig().getPorts()) { log.info("{}:{}", port.iprange, "" + port.number); IpPermission additionalPortTcp = new IpPermission(); additionalPortTcp.withIpProtocol("tcp").withFromPort(port.number).withToPort(port.number) .withIpRanges(port.iprange); allIpPermissions.add(additionalPortTcp); IpPermission additionalPortUdp = new IpPermission(); additionalPortUdp.withIpProtocol("udp").withFromPort(port.number).withToPort(port.number) .withIpRanges(port.iprange); allIpPermissions.add(additionalPortUdp); } AuthorizeSecurityGroupIngressRequest ruleChangerReq = new AuthorizeSecurityGroupIngressRequest(); ruleChangerReq.withGroupId(secReqResult.getGroupId()).withIpPermissions(allIpPermissions); tagRequest = new CreateTagsRequest(); tagRequest.withResources(secReqResult.getGroupId()).withTags(cluster.getBibigridid(), new Tag("Name", SECURITY_GROUP_PREFIX + cluster.getClusterId())); cluster.getEc2().createTags(tagRequest); cluster.getEc2().authorizeSecurityGroupIngress(ruleChangerReq); return this; }