List of usage examples for com.amazonaws.services.ec2.model DescribeSecurityGroupsRequest DescribeSecurityGroupsRequest
DescribeSecurityGroupsRequest
From source file:Security.java
License:Open Source License
String createSG(AmazonEC2 ec2) throws IOException { try {/*from w ww. ja va 2 s . c o m*/ securitygroup = "VirualIT_Security_Group" + Virtualize.no_of_days; CreateSecurityGroupRequest reqsec = new CreateSecurityGroupRequest().withGroupName(securitygroup) .withDescription("ssh-tcp-https-http"); CreateSecurityGroupResult ressec = ec2.createSecurityGroup(reqsec); String ipAddr = "0.0.0.0/0"; ArrayList<String> ipRanges = new ArrayList<String>(); ipRanges.add(ipAddr); ArrayList<IpPermission> ipPermissions = new ArrayList<IpPermission>(); IpPermission ipPermission_ssh = new IpPermission(); ipPermission_ssh.setIpProtocol("tcp"); ipPermission_ssh.setFromPort(new Integer(22)); ipPermission_ssh.setToPort(new Integer(22)); IpPermission ipPermission_http = new IpPermission(); ipPermission_http.setIpProtocol("tcp"); ipPermission_http.setFromPort(new Integer(80)); ipPermission_http.setToPort(new Integer(80)); IpPermission ipPermission_https = new IpPermission(); ipPermission_https.setIpProtocol("tcp"); ipPermission_https.setFromPort(new Integer(443)); ipPermission_https.setToPort(new Integer(443)); ipPermission_ssh.setIpRanges(ipRanges); ipPermission_http.setIpRanges(ipRanges); ipPermission_https.setIpRanges(ipRanges); ipPermissions.add(ipPermission_http); ipPermissions.add(ipPermission_https); ipPermissions.add(ipPermission_ssh); try { // Authorize the ports to the used. AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest( securitygroup, ipPermissions); ec2.authorizeSecurityGroupIngress(ingressRequest); System.out.println("Assigned " + ingressRequest); } catch (AmazonServiceException ase) { // Ignore because this likely means the zone has already been authorized. System.err.println(ase.getMessage()); } DescribeSecurityGroupsRequest x = new DescribeSecurityGroupsRequest().withGroupNames(securitygroup); DescribeSecurityGroupsResult secgrp = ec2.describeSecurityGroups(x); for (SecurityGroup s : secgrp.getSecurityGroups()) { if (s.getGroupName().equals(securitygroup)) { System.out.println(s.getIpPermissions()); } } } catch (AmazonServiceException ase) { System.out.println("Caught Exception: " + ase.getMessage()); System.out.println("Reponse Status Code: " + ase.getStatusCode()); System.out.println("Error Code: " + ase.getErrorCode()); System.out.println("Request ID: " + ase.getRequestId()); } return securitygroup; }
From source file:aws.example.ec2.DescribeSecurityGroups.java
License:Open Source License
public static void main(String[] args) { final String USAGE = "To run this example, supply a group id\n" + "Ex: DescribeSecurityGroups <group-id>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1);/* w w w .j a v a 2 s. c o m*/ } String group_id = args[0]; final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient(); DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest().withGroupIds(group_id); DescribeSecurityGroupsResult response = ec2.describeSecurityGroups(request); for (SecurityGroup group : response.getSecurityGroups()) { System.out.printf("Found security group with id %s, " + "vpc id %s " + "and description %s", group.getGroupId(), group.getVpcId(), group.getDescription()); } }
From source file:br.com.ingenieux.mojo.beanstalk.AbstractBeanstalkMojo.java
License:Apache License
/** * Boolean predicate for harmful/placebo options <p/> I really mean harmful - If you mention a * terminated environment settings, Elastic Beanstalk will accept, but this might lead to * inconsistent states, specially when creating / listing environments. <p/> Trust me on this * one./*from www . j a v a 2s . c o m*/ * * @param environmentId environment id to lookup * @param optionSetting option setting * @return true if this is not needed */ protected boolean harmfulOptionSettingP(final String environmentId, ConfigurationOptionSetting optionSetting) throws Exception { //aws:autoscaling:launchconfiguration:SecurityGroups['sg-18585f7d'] if (ConfigUtil.optionSettingMatchesP(optionSetting, "aws:autoscaling:launchconfiguration", "SecurityGroups")) { final String securityGroup = optionSetting.getValue(); if (-1 != securityGroup.indexOf(environmentId)) { return true; } if (getLog().isInfoEnabled()) { getLog().info("Probing security group '" + securityGroup + "'"); } Validate.isTrue(securityGroup.matches("^sg-\\p{XDigit}{8}$"), "Invalid Security Group Spec: " + securityGroup); final AmazonEC2 ec2 = this.getClientFactory().getService(AmazonEC2Client.class); final DescribeSecurityGroupsResult describeSecurityGroupsResult = ec2 .describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupIds(securityGroup)); if (!describeSecurityGroupsResult.getSecurityGroups().isEmpty()) { final Predicate<SecurityGroup> predicate = new Predicate<SecurityGroup>() { @Override public boolean apply(SecurityGroup input) { return -1 == input.getGroupName().indexOf(environmentId); } }; return Collections2.filter(describeSecurityGroupsResult.getSecurityGroups(), predicate).isEmpty(); } } boolean bInvalid = isBlank(optionSetting.getValue()); if (!bInvalid) { bInvalid = (optionSetting.getNamespace().equals("aws:cloudformation:template:parameter") && optionSetting.getOptionName().equals("AppSource")); } if (!bInvalid) { bInvalid = (optionSetting.getNamespace().equals("aws:elasticbeanstalk:sns:topics") && optionSetting.getOptionName().equals("Notification Topic ARN")); } /* * TODO: Apply a more general regex instead */ if (!bInvalid && isNotBlank(environmentId)) { bInvalid = (optionSetting.getValue().contains(environmentId)); } return bInvalid; }
From source file:c3.ops.priam.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's/*from w w w . j a v a 2s. co m*/ */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.appdynamics.connectors.AWSConnector.java
License:Apache License
private void validateAndConfigureSecurityGroups(List<String> securityGroupNames, AmazonEC2 connector) throws ConnectorException { DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResult describeSecurityGroupsResult = connector .describeSecurityGroups(describeSecurityGroupsRequest.withGroupNames(securityGroupNames)); String controllerIp = "0.0.0.0/0"; int agentPort = controllerServices.getDefaultAgentPort(); // check if any one of the security group // already has agent port and controller ip List<SecurityGroup> securityGroups = describeSecurityGroupsResult.getSecurityGroups(); for (SecurityGroup securityGroup : securityGroups) { List<IpPermission> ipPermissions = securityGroup.getIpPermissions(); for (IpPermission permission : ipPermissions) { if (permission.getIpRanges().contains(controllerIp) && (agentPort >= permission.getFromPort() && agentPort <= permission.getToPort())) { return; }// www . j a v a2s .c om } } String securityGroup = null; if (securityGroups.contains(Utils.DEFAULT_SECURITY_GROUP)) { securityGroup = Utils.DEFAULT_SECURITY_GROUP; } else { securityGroup = securityGroups.get(0).getGroupName(); } IpPermission ipPermission = new IpPermission(); ipPermission.setFromPort(agentPort); ipPermission.setToPort(agentPort); ipPermission.setIpProtocol("tcp"); ipPermission.setIpRanges(Lists.newArrayList(controllerIp)); connector.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(securityGroup, Lists.newArrayList(ipPermission))); }
From source file:com.axemblr.provisionr.amazon.activities.EnsureSecurityGroupExists.java
License:Apache License
private void synchronizeIngressRules(AmazonEC2 client, String groupName, Network network) { DescribeSecurityGroupsResult result = client .describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupNames(groupName)); Set<IpPermission> existingPermissions = ImmutableSet .copyOf(getOnlyElement(result.getSecurityGroups()).getIpPermissions()); Set<IpPermission> expectedPermissions = ImmutableSet .copyOf(Iterables.transform(network.getIngress(), ConvertRuleToIpPermission.FUNCTION)); authorizeIngressRules(client, groupName, difference(expectedPermissions, existingPermissions)); revokeIngressRules(client, groupName, difference(existingPermissions, expectedPermissions)); }
From source file:com.cloudera.director.aws.ec2.EC2InstanceTemplateConfigurationValidator.java
License:Apache License
/** * Validates the configured security group IDs. * * @param client the EC2 client * @param configuration the configuration to be validated * @param accumulator the exception condition accumulator * @param localizationContext the localization context *//*from w w w . j a v a 2s . com*/ @VisibleForTesting void checkSecurityGroupIds(AmazonEC2Client client, Configured configuration, PluginExceptionConditionAccumulator accumulator, LocalizationContext localizationContext) { List<String> securityGroupsIds = EC2InstanceTemplate.CSV_SPLITTER .splitToList(configuration.getConfigurationValue(SECURITY_GROUP_IDS, localizationContext)); for (String securityGroupId : securityGroupsIds) { LOG.info(">> Describing security group '{}'", securityGroupId); try { DescribeSecurityGroupsResult result = client .describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupIds(securityGroupId)); checkCount(accumulator, SECURITY_GROUP_IDS, localizationContext, securityGroupId, result.getSecurityGroups()); } catch (AmazonServiceException e) { if (e.getErrorCode().startsWith(INVALID_SECURITY_GROUP)) { addError(accumulator, SECURITY_GROUP_IDS, localizationContext, null, INVALID_SECURITY_GROUP_MSG, securityGroupId); } else { throw Throwables.propagate(e); } } } }
From source file:com.dowdandassociates.gentoo.bootstrap.DefaultSecurityGroupInformation.java
License:Apache License
@PostConstruct private void setup() { log.info("Checking if security group \"" + groupName + "\" is set up."); DescribeSecurityGroupsResult describeResult = ec2Client .describeSecurityGroups(new DescribeSecurityGroupsRequest().withFilters( new Filter().withName("group-name").withValues(groupName), new Filter().withName("ip-permission.cidr").withValues(cidr), new Filter().withName("ip-permission.from-port").withValues(new Integer(port).toString()), new Filter().withName("ip-permission.to-port").withValues(new Integer(port).toString()), new Filter().withName("ip-permission.protocol").withValues("tcp"))); if (!describeResult.getSecurityGroups().isEmpty()) { groupId = describeResult.getSecurityGroups().get(0).getGroupId(); } else {/*from w ww .jav a 2 s.c o m*/ log.info("Security group \"" + groupName + "\" is not set up. Checking if it exists."); describeResult = ec2Client.describeSecurityGroups(new DescribeSecurityGroupsRequest() .withFilters(new Filter().withName("group-name").withValues(groupName))); if (!describeResult.getSecurityGroups().isEmpty()) { log.info("Security group \"" + groupName + "\" exists."); groupId = describeResult.getSecurityGroups().get(0).getGroupId(); } else { log.info("Security group \"" + groupName + "\" does not exists. Creating it."); groupId = ec2Client.createSecurityGroup( new CreateSecurityGroupRequest().withGroupName(groupName).withDescription(description)) .getGroupId(); } log.info("Authorizing ingress rules for \"" + groupName + "\"."); ec2Client.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() .withGroupName(groupName).withIpPermissions(new IpPermission().withIpProtocol("tcp") .withFromPort(port).withToPort(port).withIpRanges(cidr))); } log.info("Security group \"" + groupName + "\" is set up."); }
From source file:com.github.trask.sandbox.ec2.Ec2Service.java
License:Apache License
public SecurityGroup getSecurityGroup(String groupName) { DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest().withGroupNames(groupName); try {/*ww w .j a v a 2 s .c o m*/ DescribeSecurityGroupsResult result = ec2.describeSecurityGroups(request); return result.getSecurityGroups().get(0); } catch (AmazonServiceException e) { return null; } }
From source file:com.github.vatbub.awsvpnlauncher.Main.java
License:Apache License
/** * Launches a new VPN server on AWS EC2 if everything is configured * * @see PropertyNotConfiguredException/* ww w . j a va 2 s . c o m*/ * @see #terminate() */ private static void launch() { File privateKey = new File(prefs.getPreference(Property.privateKeyFile)); vpnPassword = prefs.getPreference(Property.openvpnPassword); if (!privateKey.exists() && !privateKey.isFile()) { throw new IllegalArgumentException("The file specified as " + Property.privateKeyFile.toString() + " does not exist or is not a file."); } FOKLogger.info(Main.class.getName(), "Preparing..."); try { // Check if our security group exists already FOKLogger.info(Main.class.getName(), "Checking for the required security group..."); DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest() .withGroupNames(securityGroupName); List<String> securityGroups = new ArrayList<>(); boolean created = false; // will become true if the security group had to be created to avoid duplicate logs String securityGroupId; try { DescribeSecurityGroupsResult describeSecurityGroupsResult = client .describeSecurityGroups(describeSecurityGroupsRequest); securityGroupId = describeSecurityGroupsResult.getSecurityGroups().get(0).getGroupId(); } catch (AmazonEC2Exception e) { // Security group does not exist, create the security group created = true; FOKLogger.info(Main.class.getName(), "Creating the required security group..."); CreateSecurityGroupRequest createSecurityGroupRequest = new CreateSecurityGroupRequest() .withGroupName(securityGroupName).withDescription( "This security group was automatically created to run a OpenVPN Access Server."); CreateSecurityGroupResult createSecurityGroupResult = client .createSecurityGroup(createSecurityGroupRequest); securityGroupId = createSecurityGroupResult.getGroupId(); IpRange ipRange = new IpRange().withCidrIp("0.0.0.0/0"); IpPermission sshPermission1 = new IpPermission().withIpv4Ranges(ipRange).withIpProtocol("tcp") .withFromPort(22).withToPort(22); IpPermission sshPermission2 = new IpPermission().withIpv4Ranges(ipRange).withIpProtocol("tcp") .withFromPort(943).withToPort(943); IpPermission httpsPermission1 = new IpPermission().withIpv4Ranges(ipRange).withIpProtocol("tcp") .withFromPort(443).withToPort(443); IpPermission httpsPermission2 = new IpPermission().withIpv4Ranges(ipRange).withIpProtocol("udp") .withFromPort(1194).withToPort(1194); AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest() .withGroupName(securityGroupName).withIpPermissions(sshPermission1) .withIpPermissions(sshPermission2).withIpPermissions(httpsPermission1) .withIpPermissions(httpsPermission2); // retry while the security group is not yet ready int retries = 0; long lastPollTime = System.currentTimeMillis(); boolean requestIsFailing = true; do { // we're waiting if (System.currentTimeMillis() - lastPollTime >= Math.pow(2, retries) * 100) { retries = retries + 1; lastPollTime = System.currentTimeMillis(); try { client.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); // no exception => we made it requestIsFailing = false; } catch (AmazonEC2Exception e2) { FOKLogger.info(Main.class.getName(), "Still waiting for the security group to be created, api error message is currently: " + e2.getMessage()); requestIsFailing = true; } } } while (requestIsFailing); FOKLogger.info(Main.class.getName(), "The required security group has been successfully created!"); } if (!created) { FOKLogger.info(Main.class.getName(), "The required security group already exists, we can continue"); } securityGroups.add(securityGroupId); securityGroups.add(securityGroupId); FOKLogger.info(Main.class.getName(), "Creating the RunInstanceRequest..."); RunInstancesRequest request = new RunInstancesRequest(getAmiId(awsRegion), 1, 1); request.setInstanceType(InstanceType.T2Micro); request.setKeyName(prefs.getPreference(Property.awsKeyPairName)); request.setSecurityGroupIds(securityGroups); FOKLogger.info(Main.class.getName(), "Starting the EC2 instance..."); RunInstancesResult result = client.runInstances(request); List<Instance> instances = result.getReservation().getInstances(); // SSH config FOKLogger.info(Main.class.getName(), "Configuring SSH..."); Properties sshConfig = new Properties(); sshConfig.put("StrictHostKeyChecking", "no"); JSch jsch = new JSch(); jsch.addIdentity(privateKey.getAbsolutePath()); int retries = 0; for (Instance instance : instances) { // write the instance id to a properties file to be able to terminate it later on again prefs.reload(); if (prefs.getPreference("instanceIDs", "").equals("")) { prefs.setPreference("instanceIDs", instance.getInstanceId()); } else { prefs.setPreference("instanceIDs", prefs.getPreference("instanceIDs", "") + ";" + instance.getInstanceId()); } // Connect to the instance using ssh FOKLogger.info(Main.class.getName(), "Waiting for the instance to boot..."); long lastPrintTime = System.currentTimeMillis(); DescribeInstancesRequest describeInstancesRequest = new DescribeInstancesRequest(); List<String> instanceId = new ArrayList<>(1); instanceId.add(instance.getInstanceId()); describeInstancesRequest.setInstanceIds(instanceId); DescribeInstancesResult describeInstancesResult; newInstance = instance; do { // we're waiting if (System.currentTimeMillis() - lastPrintTime >= Math.pow(2, retries) * 100) { retries = retries + 1; describeInstancesResult = client.describeInstances(describeInstancesRequest); newInstance = describeInstancesResult.getReservations().get(0).getInstances().get(0); lastPrintTime = System.currentTimeMillis(); if (newInstance.getState().getCode() != 16) { FOKLogger.info(Main.class.getName(), "Still waiting for the instance to boot, current instance state is " + newInstance.getState().getName()); } } } while (newInstance.getState().getCode() != 16); FOKLogger.info(Main.class.getName(), "Instance is " + newInstance.getState().getName()); // generate the ssh ip of the instance String sshIp = newInstance.getPublicDnsName(); FOKLogger.info(Main.class.getName(), "The instance id is " + newInstance.getInstanceId()); FOKLogger.info(Main.class.getName(), "The instance ip is " + newInstance.getPublicIpAddress()); FOKLogger.info(Main.class.getName(), "Connecting using ssh to " + sshUsername + "@" + sshIp); FOKLogger.info(Main.class.getName(), "The instance will need some time to configure ssh on its end so some connection timeouts are normal"); boolean retry; session = jsch.getSession(sshUsername, sshIp, 22); session.setConfig(sshConfig); do { try { session.connect(); retry = false; } catch (Exception e) { FOKLogger.info(Main.class.getName(), e.getClass().getName() + ": " + e.getMessage() + ", retrying, Press Ctrl+C to cancel"); retry = true; } } while (retry); FOKLogger.info(Main.class.getName(), "----------------------------------------------------------------------"); FOKLogger.info(Main.class.getName(), "The following is the out- and input of the ssh session."); FOKLogger.info(Main.class.getName(), "Please note that out- and input may appear out of sync."); FOKLogger.info(Main.class.getName(), "----------------------------------------------------------------------"); PipedInputStream sshIn = new PipedInputStream(); PipedOutputStream sshIn2 = new PipedOutputStream(sshIn); PrintStream sshInCommandStream = new PrintStream(sshIn2); Channel channel = session.openChannel("shell"); channel.setInputStream(sshIn); channel.setOutputStream(new MyPrintStream()); channel.connect(); sshInCommandStream.print("yes\n"); sshInCommandStream.print("yes\n"); sshInCommandStream.print("1\n"); sshInCommandStream.print("\n"); sshInCommandStream.print("\n"); sshInCommandStream.print("yes\n"); sshInCommandStream.print("yes\n"); sshInCommandStream.print("\n"); sshInCommandStream.print("\n"); sshInCommandStream.print("\n"); sshInCommandStream.print("\n"); sshInCommandStream.print("echo \"" + adminUsername + ":" + vpnPassword + "\" | sudo chpasswd\n"); sshInCommandStream.print("exit\n"); NullOutputStream nullOutputStream = new NullOutputStream(); Thread watchForSSHDisconnectThread = new Thread(() -> { while (channel.isConnected()) { nullOutputStream.write(0); } // disconnected cont(); }); watchForSSHDisconnectThread.setName("watchForSSHDisconnectThread"); watchForSSHDisconnectThread.start(); } } catch (JSchException | IOException e) { e.printStackTrace(); if (session != null) { session.disconnect(); } System.exit(1); } }