List of usage examples for com.amazonaws.services.ec2.model DescribeNetworkInterfacesRequest DescribeNetworkInterfacesRequest
DescribeNetworkInterfacesRequest
From source file:com.urbancode.terraform.tasks.aws.helpers.AWSHelper.java
License:Apache License
/** * * @param interfaceIds//from w w w. ja v a 2 s . c om * @param vpcId * @param ec2Client * @return */ public List<NetworkInterface> getNetworkInterfaces(List<String> interfaceIds, String vpcId, AmazonEC2 ec2Client) { DescribeNetworkInterfacesRequest request = new DescribeNetworkInterfacesRequest(); if (interfaceIds != null) { request = request.withNetworkInterfaceIds(interfaceIds); } if (vpcId != null && !vpcId.equals("")) { Filter vpcFilter = new Filter().withName("vpc-id").withValues(vpcId); request = request.withFilters(vpcFilter); } DescribeNetworkInterfacesResult result = ec2Client.describeNetworkInterfaces(request); return result.getNetworkInterfaces(); }
From source file:dsmwatcher.DSMWatcher.java
License:Open Source License
public void removeIsolation(Instance instance, AmazonEC2Client ec2) throws Exception { List<InstanceNetworkInterface> ienis = instance.getNetworkInterfaces(); for (InstanceNetworkInterface ieni : ienis) { DescribeNetworkInterfacesRequest netReq = new DescribeNetworkInterfacesRequest() .withNetworkInterfaceIds(ieni.getNetworkInterfaceId()); DescribeNetworkInterfacesResult netResult = ec2.describeNetworkInterfaces(netReq); List<com.amazonaws.services.ec2.model.NetworkInterface> enis = netResult.getNetworkInterfaces(); for (com.amazonaws.services.ec2.model.NetworkInterface eni : enis) { List<Tag> tagSet = eni.getTagSet(); List<Tag> tagSetRemove = new LinkedList<Tag>(); boolean isolatedENI = false; boolean IRENI = false; String origSecGroups = null; List<String> origSecGroupsList = new ArrayList<String>(); for (Tag tag : tagSet) { if (tag.getKey().compareTo("PreIsolationSG") == 0) { origSecGroups = tag.getValue(); tagSetRemove.add(tag); isolatedENI = true;//from ww w .j a v a 2 s .c o m } else if (tag.getKey().compareTo("InIsolation") == 0) { tagSetRemove.add(tag); } else if (tag.getKey().compareTo("IRENI") == 0) { IRENI = true; } } if (isolatedENI) { for (String s : origSecGroups.split(",")) { origSecGroupsList.add(s); } ModifyNetworkInterfaceAttributeRequest netReqest = new ModifyNetworkInterfaceAttributeRequest() .withNetworkInterfaceId(eni.getNetworkInterfaceId()).withGroups(origSecGroupsList); ec2.modifyNetworkInterfaceAttribute(netReqest); DeleteTagsRequest dtr = new DeleteTagsRequest().withResources(eni.getNetworkInterfaceId()) .withTags(tagSetRemove); ec2.deleteTags(dtr); } if (IRENI) { DetachNetworkInterfaceRequest detachNetworkInterfaceRequest = new DetachNetworkInterfaceRequest() .withAttachmentId(eni.getAttachment().getAttachmentId()); ec2.detachNetworkInterface(detachNetworkInterfaceRequest); TimeUnit.SECONDS.sleep(30); if (eni.getStatus().compareTo("available") != 0) { //detach is taking awhile, wait another 30 seconds TimeUnit.SECONDS.sleep(30); } DeleteNetworkInterfaceRequest deleteNetworkInterfaceRequest = new DeleteNetworkInterfaceRequest() .withNetworkInterfaceId(eni.getNetworkInterfaceId()); ec2.deleteNetworkInterface(deleteNetworkInterfaceRequest); } } } log("Instance " + instance.getInstanceId() + " with IP address of " + instance.getPrivateIpAddress() + " has been removed from isolation"); }
From source file:dsmwatcher.DSMWatcher.java
License:Open Source License
public Boolean checkIfIsolated(Instance instance, AmazonEC2Client ec2) throws Exception { boolean inIRSubnet = false; boolean hasDenySG = false; //check for tags on other ENIs List<InstanceNetworkInterface> ienis = instance.getNetworkInterfaces(); for (InstanceNetworkInterface ieni : ienis) { for (String IRSubnet : IRSubnets) { if (IRSubnet.compareTo(ieni.getSubnetId()) == 0) { inIRSubnet = true;//w w w.ja v a 2 s . c o m } } List<GroupIdentifier> inititalSecGroups = ieni.getGroups(); for (GroupIdentifier secGroup : inititalSecGroups) { if (secGroup.getGroupId().equals(denyAllSG)) { DescribeNetworkInterfacesRequest netReq = new DescribeNetworkInterfacesRequest() .withNetworkInterfaceIds(ieni.getNetworkInterfaceId()); DescribeNetworkInterfacesResult netResult = ec2.describeNetworkInterfaces(netReq); List<com.amazonaws.services.ec2.model.NetworkInterface> enis = netResult.getNetworkInterfaces(); for (com.amazonaws.services.ec2.model.NetworkInterface eni : enis) { List<Tag> tagSet = eni.getTagSet(); for (Tag tag : tagSet) { if (tag.getKey().compareTo("InIsolation") == 0) { hasDenySG = true; } } } } } } return (inIRSubnet && hasDenySG); }
From source file:dsmwatcher.DSMWatcher.java
License:Open Source License
public void isolateInstance(Instance instance, AmazonEC2Client ec2) throws Exception { Subnet targetIRSubnet = null;//from www .j av a 2 s .c o m handleAutoScaledInstance(instance); //check for autoscaling, if autoscaled instance detach first // to prevent heathcheck failure and termination DescribeSubnetsRequest subnetRequest = new DescribeSubnetsRequest().withSubnetIds(instance.getSubnetId()); List<Subnet> sourceSubnet = ec2.describeSubnets(subnetRequest).getSubnets(); String targetAZStr = sourceSubnet.get(0).getAvailabilityZone(); for (String IRSubnet : IRSubnets) { subnetRequest = new DescribeSubnetsRequest().withSubnetIds(IRSubnet); if (targetAZStr .compareTo(ec2.describeSubnets(subnetRequest).getSubnets().get(0).getAvailabilityZone()) == 0) { targetIRSubnet = ec2.describeSubnets(subnetRequest).getSubnets().get(0); } } if (targetIRSubnet == null) { error("Unable to find an isolation subnet for instance " + instance.getInstanceId()); return; } List<InstanceNetworkInterface> ienis = instance.getNetworkInterfaces(); for (InstanceNetworkInterface ieni : ienis) { String eniTag = ""; List<GroupIdentifier> inititalSecGroups = ieni.getGroups(); for (GroupIdentifier secGroup : inititalSecGroups) { eniTag += secGroup.getGroupId() + ","; } eniTag = eniTag.substring(0, eniTag.length() - 1); DescribeNetworkInterfacesRequest netReq = new DescribeNetworkInterfacesRequest() .withNetworkInterfaceIds(ieni.getNetworkInterfaceId()); DescribeNetworkInterfacesResult netResult = ec2.describeNetworkInterfaces(netReq); List<com.amazonaws.services.ec2.model.NetworkInterface> enis = netResult.getNetworkInterfaces(); for (com.amazonaws.services.ec2.model.NetworkInterface eni : enis) { List<Tag> tagSet = eni.getTagSet(); Tag saveSGTag = new Tag().withKey("PreIsolationSG").withValue(eniTag); Tag isolationTag = new Tag().withKey("InIsolation").withValue("True"); tagSet.add(saveSGTag); tagSet.add(isolationTag); CreateTagsRequest ctr = new CreateTagsRequest().withResources(eni.getNetworkInterfaceId()) .withTags(tagSet); ec2.createTags(ctr); ModifyNetworkInterfaceAttributeRequest netReqest = new ModifyNetworkInterfaceAttributeRequest() .withNetworkInterfaceId(eni.getNetworkInterfaceId()).withGroups(denyAllSG); ec2.modifyNetworkInterfaceAttribute(netReqest); } } CreateNetworkInterfaceRequest newENIReq = new CreateNetworkInterfaceRequest() .withSubnetId(targetIRSubnet.getSubnetId()).withGroups(IRSecGrp); CreateNetworkInterfaceResult newENIResult = ec2.createNetworkInterface(newENIReq); AttachNetworkInterfaceRequest attachReq = new AttachNetworkInterfaceRequest() .withNetworkInterfaceId(newENIResult.getNetworkInterface().getNetworkInterfaceId()) .withInstanceId(instance.getInstanceId()) .withDeviceIndex(instance.getNetworkInterfaces().size() + 1); AttachNetworkInterfaceResult attachResults = ec2.attachNetworkInterface(attachReq); NetworkInterfaceAttachmentChanges attachTerm = new NetworkInterfaceAttachmentChanges() .withAttachmentId(attachResults.getAttachmentId()).withDeleteOnTermination(true); ModifyNetworkInterfaceAttributeRequest setDeleteOnTerm = new ModifyNetworkInterfaceAttributeRequest() .withAttachment(attachTerm) .withNetworkInterfaceId(newENIResult.getNetworkInterface().getNetworkInterfaceId()); ec2.modifyNetworkInterfaceAttribute(setDeleteOnTerm); CreateTagsRequest tagNewENIReq = new CreateTagsRequest(); List<Tag> isolationENITags = newENIResult.getNetworkInterface().getTagSet(); Tag newENITag = new Tag().withKey("IRENI").withValue("True"); isolationENITags.add(newENITag); tagNewENIReq.setTags(isolationENITags); tagNewENIReq.withResources(newENIResult.getNetworkInterface().getNetworkInterfaceId()); ec2.createTags(tagNewENIReq); }