List of usage examples for com.amazonaws.services.ec2.model DescribeSecurityGroupsResult getSecurityGroups
public java.util.List<SecurityGroup> getSecurityGroups()
Information about the security groups.
From source file:Security.java
License:Open Source License
String createSG(AmazonEC2 ec2) throws IOException { try {/* w w w .j a va2 s . c om*/ securitygroup = "VirualIT_Security_Group" + Virtualize.no_of_days; CreateSecurityGroupRequest reqsec = new CreateSecurityGroupRequest().withGroupName(securitygroup) .withDescription("ssh-tcp-https-http"); CreateSecurityGroupResult ressec = ec2.createSecurityGroup(reqsec); String ipAddr = "0.0.0.0/0"; ArrayList<String> ipRanges = new ArrayList<String>(); ipRanges.add(ipAddr); ArrayList<IpPermission> ipPermissions = new ArrayList<IpPermission>(); IpPermission ipPermission_ssh = new IpPermission(); ipPermission_ssh.setIpProtocol("tcp"); ipPermission_ssh.setFromPort(new Integer(22)); ipPermission_ssh.setToPort(new Integer(22)); IpPermission ipPermission_http = new IpPermission(); ipPermission_http.setIpProtocol("tcp"); ipPermission_http.setFromPort(new Integer(80)); ipPermission_http.setToPort(new Integer(80)); IpPermission ipPermission_https = new IpPermission(); ipPermission_https.setIpProtocol("tcp"); ipPermission_https.setFromPort(new Integer(443)); ipPermission_https.setToPort(new Integer(443)); ipPermission_ssh.setIpRanges(ipRanges); ipPermission_http.setIpRanges(ipRanges); ipPermission_https.setIpRanges(ipRanges); ipPermissions.add(ipPermission_http); ipPermissions.add(ipPermission_https); ipPermissions.add(ipPermission_ssh); try { // Authorize the ports to the used. AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest( securitygroup, ipPermissions); ec2.authorizeSecurityGroupIngress(ingressRequest); System.out.println("Assigned " + ingressRequest); } catch (AmazonServiceException ase) { // Ignore because this likely means the zone has already been authorized. System.err.println(ase.getMessage()); } DescribeSecurityGroupsRequest x = new DescribeSecurityGroupsRequest().withGroupNames(securitygroup); DescribeSecurityGroupsResult secgrp = ec2.describeSecurityGroups(x); for (SecurityGroup s : secgrp.getSecurityGroups()) { if (s.getGroupName().equals(securitygroup)) { System.out.println(s.getIpPermissions()); } } } catch (AmazonServiceException ase) { System.out.println("Caught Exception: " + ase.getMessage()); System.out.println("Reponse Status Code: " + ase.getStatusCode()); System.out.println("Error Code: " + ase.getErrorCode()); System.out.println("Request ID: " + ase.getRequestId()); } return securitygroup; }
From source file:aws.example.ec2.DescribeSecurityGroups.java
License:Open Source License
public static void main(String[] args) { final String USAGE = "To run this example, supply a group id\n" + "Ex: DescribeSecurityGroups <group-id>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1);/* w ww . j a v a2 s. com*/ } String group_id = args[0]; final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient(); DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest().withGroupIds(group_id); DescribeSecurityGroupsResult response = ec2.describeSecurityGroups(request); for (SecurityGroup group : response.getSecurityGroups()) { System.out.printf("Found security group with id %s, " + "vpc id %s " + "and description %s", group.getGroupId(), group.getVpcId(), group.getDescription()); } }
From source file:br.com.ingenieux.mojo.beanstalk.AbstractBeanstalkMojo.java
License:Apache License
/** * Boolean predicate for harmful/placebo options <p/> I really mean harmful - If you mention a * terminated environment settings, Elastic Beanstalk will accept, but this might lead to * inconsistent states, specially when creating / listing environments. <p/> Trust me on this * one./* w ww . ja v a 2 s. c o m*/ * * @param environmentId environment id to lookup * @param optionSetting option setting * @return true if this is not needed */ protected boolean harmfulOptionSettingP(final String environmentId, ConfigurationOptionSetting optionSetting) throws Exception { //aws:autoscaling:launchconfiguration:SecurityGroups['sg-18585f7d'] if (ConfigUtil.optionSettingMatchesP(optionSetting, "aws:autoscaling:launchconfiguration", "SecurityGroups")) { final String securityGroup = optionSetting.getValue(); if (-1 != securityGroup.indexOf(environmentId)) { return true; } if (getLog().isInfoEnabled()) { getLog().info("Probing security group '" + securityGroup + "'"); } Validate.isTrue(securityGroup.matches("^sg-\\p{XDigit}{8}$"), "Invalid Security Group Spec: " + securityGroup); final AmazonEC2 ec2 = this.getClientFactory().getService(AmazonEC2Client.class); final DescribeSecurityGroupsResult describeSecurityGroupsResult = ec2 .describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupIds(securityGroup)); if (!describeSecurityGroupsResult.getSecurityGroups().isEmpty()) { final Predicate<SecurityGroup> predicate = new Predicate<SecurityGroup>() { @Override public boolean apply(SecurityGroup input) { return -1 == input.getGroupName().indexOf(environmentId); } }; return Collections2.filter(describeSecurityGroupsResult.getSecurityGroups(), predicate).isEmpty(); } } boolean bInvalid = isBlank(optionSetting.getValue()); if (!bInvalid) { bInvalid = (optionSetting.getNamespace().equals("aws:cloudformation:template:parameter") && optionSetting.getOptionName().equals("AppSource")); } if (!bInvalid) { bInvalid = (optionSetting.getNamespace().equals("aws:elasticbeanstalk:sns:topics") && optionSetting.getOptionName().equals("Notification Topic ARN")); } /* * TODO: Apply a more general regex instead */ if (!bInvalid && isNotBlank(environmentId)) { bInvalid = (optionSetting.getValue().contains(environmentId)); } return bInvalid; }
From source file:c3.ops.priam.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's// w w w .ja va 2 s .c o m */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.appdynamics.connectors.AWSConnector.java
License:Apache License
private void validateAndConfigureSecurityGroups(List<String> securityGroupNames, AmazonEC2 connector) throws ConnectorException { DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResult describeSecurityGroupsResult = connector .describeSecurityGroups(describeSecurityGroupsRequest.withGroupNames(securityGroupNames)); String controllerIp = "0.0.0.0/0"; int agentPort = controllerServices.getDefaultAgentPort(); // check if any one of the security group // already has agent port and controller ip List<SecurityGroup> securityGroups = describeSecurityGroupsResult.getSecurityGroups(); for (SecurityGroup securityGroup : securityGroups) { List<IpPermission> ipPermissions = securityGroup.getIpPermissions(); for (IpPermission permission : ipPermissions) { if (permission.getIpRanges().contains(controllerIp) && (agentPort >= permission.getFromPort() && agentPort <= permission.getToPort())) { return; }/* ww w .j av a 2 s . c om*/ } } String securityGroup = null; if (securityGroups.contains(Utils.DEFAULT_SECURITY_GROUP)) { securityGroup = Utils.DEFAULT_SECURITY_GROUP; } else { securityGroup = securityGroups.get(0).getGroupName(); } IpPermission ipPermission = new IpPermission(); ipPermission.setFromPort(agentPort); ipPermission.setToPort(agentPort); ipPermission.setIpProtocol("tcp"); ipPermission.setIpRanges(Lists.newArrayList(controllerIp)); connector.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(securityGroup, Lists.newArrayList(ipPermission))); }
From source file:com.axemblr.provisionr.amazon.activities.EnsureSecurityGroupExists.java
License:Apache License
private void synchronizeIngressRules(AmazonEC2 client, String groupName, Network network) { DescribeSecurityGroupsResult result = client .describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupNames(groupName)); Set<IpPermission> existingPermissions = ImmutableSet .copyOf(getOnlyElement(result.getSecurityGroups()).getIpPermissions()); Set<IpPermission> expectedPermissions = ImmutableSet .copyOf(Iterables.transform(network.getIngress(), ConvertRuleToIpPermission.FUNCTION)); authorizeIngressRules(client, groupName, difference(expectedPermissions, existingPermissions)); revokeIngressRules(client, groupName, difference(existingPermissions, expectedPermissions)); }
From source file:com.brighttag.agathon.security.ec2.Ec2SecurityGroupService.java
License:Apache License
private Optional<SecurityGroup> getSecurityGroup(String groupName, String dataCenter) { DescribeSecurityGroupsResult result = client(dataCenter).describeSecurityGroups(); // Specifying non-existent group in the request throws exception. Request all and filter instead. return Iterables.tryFind(result.getSecurityGroups(), withGroupName(groupName)); }
From source file:com.cloudera.director.aws.ec2.EC2InstanceTemplateConfigurationValidator.java
License:Apache License
/** * Validates the configured security group IDs. * * @param client the EC2 client * @param configuration the configuration to be validated * @param accumulator the exception condition accumulator * @param localizationContext the localization context *///from www . j a v a 2 s . c om @VisibleForTesting void checkSecurityGroupIds(AmazonEC2Client client, Configured configuration, PluginExceptionConditionAccumulator accumulator, LocalizationContext localizationContext) { List<String> securityGroupsIds = EC2InstanceTemplate.CSV_SPLITTER .splitToList(configuration.getConfigurationValue(SECURITY_GROUP_IDS, localizationContext)); for (String securityGroupId : securityGroupsIds) { LOG.info(">> Describing security group '{}'", securityGroupId); try { DescribeSecurityGroupsResult result = client .describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupIds(securityGroupId)); checkCount(accumulator, SECURITY_GROUP_IDS, localizationContext, securityGroupId, result.getSecurityGroups()); } catch (AmazonServiceException e) { if (e.getErrorCode().startsWith(INVALID_SECURITY_GROUP)) { addError(accumulator, SECURITY_GROUP_IDS, localizationContext, null, INVALID_SECURITY_GROUP_MSG, securityGroupId); } else { throw Throwables.propagate(e); } } } }
From source file:com.dowdandassociates.gentoo.bootstrap.DefaultSecurityGroupInformation.java
License:Apache License
@PostConstruct private void setup() { log.info("Checking if security group \"" + groupName + "\" is set up."); DescribeSecurityGroupsResult describeResult = ec2Client .describeSecurityGroups(new DescribeSecurityGroupsRequest().withFilters( new Filter().withName("group-name").withValues(groupName), new Filter().withName("ip-permission.cidr").withValues(cidr), new Filter().withName("ip-permission.from-port").withValues(new Integer(port).toString()), new Filter().withName("ip-permission.to-port").withValues(new Integer(port).toString()), new Filter().withName("ip-permission.protocol").withValues("tcp"))); if (!describeResult.getSecurityGroups().isEmpty()) { groupId = describeResult.getSecurityGroups().get(0).getGroupId(); } else {//from w w w.j a v a2s . c o m log.info("Security group \"" + groupName + "\" is not set up. Checking if it exists."); describeResult = ec2Client.describeSecurityGroups(new DescribeSecurityGroupsRequest() .withFilters(new Filter().withName("group-name").withValues(groupName))); if (!describeResult.getSecurityGroups().isEmpty()) { log.info("Security group \"" + groupName + "\" exists."); groupId = describeResult.getSecurityGroups().get(0).getGroupId(); } else { log.info("Security group \"" + groupName + "\" does not exists. Creating it."); groupId = ec2Client.createSecurityGroup( new CreateSecurityGroupRequest().withGroupName(groupName).withDescription(description)) .getGroupId(); } log.info("Authorizing ingress rules for \"" + groupName + "\"."); ec2Client.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() .withGroupName(groupName).withIpPermissions(new IpPermission().withIpProtocol("tcp") .withFromPort(port).withToPort(port).withIpRanges(cidr))); } log.info("Security group \"" + groupName + "\" is set up."); }
From source file:com.github.trask.sandbox.ec2.Ec2Service.java
License:Apache License
public SecurityGroup getSecurityGroup(String groupName) { DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest().withGroupNames(groupName); try {/*from w ww .j ava 2 s.co m*/ DescribeSecurityGroupsResult result = ec2.describeSecurityGroups(request); return result.getSecurityGroups().get(0); } catch (AmazonServiceException e) { return null; } }