List of usage examples for com.amazonaws.services.ec2.model GroupIdentifier getGroupId
public String getGroupId()
The ID of the security group.
From source file:com.urbancode.terraform.tasks.aws.InstanceTask.java
License:Apache License
private boolean verifySecurityGroups(Instance instance) { boolean result = false; List<String> expectedIds = new ArrayList<String>(); for (SecurityGroupRefTask group : getSecurityGroupRefs()) { expectedIds.add(group.fetchSecurityGroup().getId()); }//from w ww. ja va2s . co m List<String> foundIds = new ArrayList<String>(); List<GroupIdentifier> gids = instance.getSecurityGroups(); if (gids != null && !gids.isEmpty()) { for (GroupIdentifier gid : gids) { foundIds.add(gid.getGroupId()); } } return result; }
From source file:dsmwatcher.DSMWatcher.java
License:Open Source License
public Boolean checkIfIsolated(Instance instance, AmazonEC2Client ec2) throws Exception { boolean inIRSubnet = false; boolean hasDenySG = false; //check for tags on other ENIs List<InstanceNetworkInterface> ienis = instance.getNetworkInterfaces(); for (InstanceNetworkInterface ieni : ienis) { for (String IRSubnet : IRSubnets) { if (IRSubnet.compareTo(ieni.getSubnetId()) == 0) { inIRSubnet = true;/*ww w.java 2 s. co m*/ } } List<GroupIdentifier> inititalSecGroups = ieni.getGroups(); for (GroupIdentifier secGroup : inititalSecGroups) { if (secGroup.getGroupId().equals(denyAllSG)) { DescribeNetworkInterfacesRequest netReq = new DescribeNetworkInterfacesRequest() .withNetworkInterfaceIds(ieni.getNetworkInterfaceId()); DescribeNetworkInterfacesResult netResult = ec2.describeNetworkInterfaces(netReq); List<com.amazonaws.services.ec2.model.NetworkInterface> enis = netResult.getNetworkInterfaces(); for (com.amazonaws.services.ec2.model.NetworkInterface eni : enis) { List<Tag> tagSet = eni.getTagSet(); for (Tag tag : tagSet) { if (tag.getKey().compareTo("InIsolation") == 0) { hasDenySG = true; } } } } } } return (inIRSubnet && hasDenySG); }
From source file:dsmwatcher.DSMWatcher.java
License:Open Source License
public void isolateInstance(Instance instance, AmazonEC2Client ec2) throws Exception { Subnet targetIRSubnet = null;// www . j av a2 s.c o m handleAutoScaledInstance(instance); //check for autoscaling, if autoscaled instance detach first // to prevent heathcheck failure and termination DescribeSubnetsRequest subnetRequest = new DescribeSubnetsRequest().withSubnetIds(instance.getSubnetId()); List<Subnet> sourceSubnet = ec2.describeSubnets(subnetRequest).getSubnets(); String targetAZStr = sourceSubnet.get(0).getAvailabilityZone(); for (String IRSubnet : IRSubnets) { subnetRequest = new DescribeSubnetsRequest().withSubnetIds(IRSubnet); if (targetAZStr .compareTo(ec2.describeSubnets(subnetRequest).getSubnets().get(0).getAvailabilityZone()) == 0) { targetIRSubnet = ec2.describeSubnets(subnetRequest).getSubnets().get(0); } } if (targetIRSubnet == null) { error("Unable to find an isolation subnet for instance " + instance.getInstanceId()); return; } List<InstanceNetworkInterface> ienis = instance.getNetworkInterfaces(); for (InstanceNetworkInterface ieni : ienis) { String eniTag = ""; List<GroupIdentifier> inititalSecGroups = ieni.getGroups(); for (GroupIdentifier secGroup : inititalSecGroups) { eniTag += secGroup.getGroupId() + ","; } eniTag = eniTag.substring(0, eniTag.length() - 1); DescribeNetworkInterfacesRequest netReq = new DescribeNetworkInterfacesRequest() .withNetworkInterfaceIds(ieni.getNetworkInterfaceId()); DescribeNetworkInterfacesResult netResult = ec2.describeNetworkInterfaces(netReq); List<com.amazonaws.services.ec2.model.NetworkInterface> enis = netResult.getNetworkInterfaces(); for (com.amazonaws.services.ec2.model.NetworkInterface eni : enis) { List<Tag> tagSet = eni.getTagSet(); Tag saveSGTag = new Tag().withKey("PreIsolationSG").withValue(eniTag); Tag isolationTag = new Tag().withKey("InIsolation").withValue("True"); tagSet.add(saveSGTag); tagSet.add(isolationTag); CreateTagsRequest ctr = new CreateTagsRequest().withResources(eni.getNetworkInterfaceId()) .withTags(tagSet); ec2.createTags(ctr); ModifyNetworkInterfaceAttributeRequest netReqest = new ModifyNetworkInterfaceAttributeRequest() .withNetworkInterfaceId(eni.getNetworkInterfaceId()).withGroups(denyAllSG); ec2.modifyNetworkInterfaceAttribute(netReqest); } } CreateNetworkInterfaceRequest newENIReq = new CreateNetworkInterfaceRequest() .withSubnetId(targetIRSubnet.getSubnetId()).withGroups(IRSecGrp); CreateNetworkInterfaceResult newENIResult = ec2.createNetworkInterface(newENIReq); AttachNetworkInterfaceRequest attachReq = new AttachNetworkInterfaceRequest() .withNetworkInterfaceId(newENIResult.getNetworkInterface().getNetworkInterfaceId()) .withInstanceId(instance.getInstanceId()) .withDeviceIndex(instance.getNetworkInterfaces().size() + 1); AttachNetworkInterfaceResult attachResults = ec2.attachNetworkInterface(attachReq); NetworkInterfaceAttachmentChanges attachTerm = new NetworkInterfaceAttachmentChanges() .withAttachmentId(attachResults.getAttachmentId()).withDeleteOnTermination(true); ModifyNetworkInterfaceAttributeRequest setDeleteOnTerm = new ModifyNetworkInterfaceAttributeRequest() .withAttachment(attachTerm) .withNetworkInterfaceId(newENIResult.getNetworkInterface().getNetworkInterfaceId()); ec2.modifyNetworkInterfaceAttribute(setDeleteOnTerm); CreateTagsRequest tagNewENIReq = new CreateTagsRequest(); List<Tag> isolationENITags = newENIResult.getNetworkInterface().getTagSet(); Tag newENITag = new Tag().withKey("IRENI").withValue("True"); isolationENITags.add(newENITag); tagNewENIReq.setTags(isolationENITags); tagNewENIReq.withResources(newENIResult.getNetworkInterface().getNetworkInterfaceId()); ec2.createTags(tagNewENIReq); }
From source file:org.apache.airavata.core.gfac.provider.impl.EC2Provider.java
License:Apache License
public EC2Provider(InvocationContext invocationContext) throws ProviderException { ExecutionContext execContext = invocationContext.getExecutionContext(); OMElement omSecurityContextHeader = execContext.getSecurityContextHeader(); ContextHeaderDocument document = null; try {/*from w w w . ja v a 2s .c o m*/ document = ContextHeaderDocument.Factory.parse(omSecurityContextHeader.toStringWithConsume()); } catch (XMLStreamException e) { e.printStackTrace(); } catch (XmlException e) { e.printStackTrace(); } SecurityContextDocument.SecurityContext.AmazonWebservices amazonWebservices = document.getContextHeader() .getSecurityContext().getAmazonWebservices(); String access_key = amazonWebservices.getAccessKeyId(); String secret_key = amazonWebservices.getSecretAccessKey(); String ami_id = amazonWebservices.getAmiId(); String ins_id = amazonWebservices.getInstanceId(); String ins_type = amazonWebservices.getInstanceType(); this.username = amazonWebservices.getUsername(); log.info("ACCESS_KEY:" + access_key); log.info("SECRET_KEY:" + secret_key); log.info("AMI_ID:" + ami_id); log.info("INS_ID:" + ins_id); log.info("INS_TYPE:" + ins_type); log.info("USERNAME:" + username); /* * Validation */ if (access_key == null || access_key.isEmpty()) throw new ProviderException("Access Key is empty"); if (secret_key == null || secret_key.isEmpty()) throw new ProviderException("Secret Key is empty"); if ((ami_id == null && ins_id == null) || (ami_id != null && ami_id.isEmpty()) || (ins_id != null && ins_id.isEmpty())) throw new ProviderException("AMI or Instance ID is empty"); if (this.username == null || this.username.isEmpty()) throw new ProviderException("Username is empty"); /* * Need to start EC2 instance before running it */ AWSCredentials credential = new BasicAWSCredentials(access_key, secret_key); AmazonEC2Client ec2client = new AmazonEC2Client(credential); try { /* * Build key pair before start instance */ buildKeyPair(ec2client); // right now, we can run it on one host if (ami_id != null) this.instance = startInstances(ec2client, ami_id, ins_type, execContext).get(0); else { // already running instance DescribeInstancesRequest describeInstancesRequest = new DescribeInstancesRequest(); DescribeInstancesResult describeInstancesResult = ec2client .describeInstances(describeInstancesRequest.withInstanceIds(ins_id)); if (describeInstancesResult.getReservations().size() == 0 || describeInstancesResult.getReservations().get(0).getInstances().size() == 0) { throw new GfacException("Instance not found:" + ins_id); } this.instance = describeInstancesResult.getReservations().get(0).getInstances().get(0); // check instance keypair if (this.instance.getKeyName() == null || !this.instance.getKeyName().equals(KEY_PAIR_NAME)) throw new GfacException("Keypair for instance:" + ins_id + " is not valid"); } //TODO send out instance id //execContext.getNotificationService().sendResourceMappingNotifications(this.instance.getPublicDnsName(), "EC2 Instance " + this.instance.getInstanceId() + " is running with public name " + this.instance.getPublicDnsName(), this.instance.getInstanceId()); /* * Make sure port 22 is connectable */ for (GroupIdentifier g : this.instance.getSecurityGroups()) { IpPermission ip = new IpPermission(); ip.setIpProtocol("tcp"); ip.setFromPort(22); ip.setToPort(22); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try { ec2client.authorizeSecurityGroupIngress(r); } catch (AmazonServiceException as) { /* * If exception is from duplicate room, ignore it. */ if (!as.getErrorCode().equals("InvalidPermission.Duplicate")) throw as; } } } catch (Exception e) { throw new ProviderException("Invalied Request", e); } SSHSecurityContextImpl sshContext = ((SSHSecurityContextImpl) invocationContext .getSecurityContext(SSH_SECURITY_CONTEXT)); if (sshContext == null) { sshContext = new SSHSecurityContextImpl(); } sshContext.setUsername(username); sshContext.setKeyPass(""); sshContext.setPrivateKeyLoc(privateKeyFilePath); invocationContext.addSecurityContext(SSH_SECURITY_CONTEXT, sshContext); //set to super class /*setUsername(username); setPassword(""); setKnownHostsFileName(null); setKeyFileName(privateKeyFilePath);*/ // we need to erase gridftp URL since we will forcefully use SFTP // TODO /*execContext.setHost(this.instance.getPublicDnsName()); execContext.getHostDesc().getHostConfiguration().setGridFTPArray(null); execContext.setFileTransferService(new SshFileTransferService(execContext, this.username, privateKeyFilePath));*/ }
From source file:org.apache.airavata.gfac.ec2.EC2Provider.java
License:Apache License
/** * Checks whether the port 22 of the Amazon instance is accessible. * * @param instance Amazon instance id.//from www. ja v a2s.c o m * @param ec2client AmazonEC2Client object */ private void checkConnection(Instance instance, AmazonEC2Client ec2client) { /* Make sure port 22 is connectible */ for (GroupIdentifier g : instance.getSecurityGroups()) { IpPermission ip = new IpPermission(); ip.setIpProtocol("tcp"); ip.setFromPort(SSH_PORT); ip.setToPort(SSH_PORT); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try { ec2client.authorizeSecurityGroupIngress(r); } catch (AmazonServiceException as) { /* If exception is from duplicate room, ignore it. */ if (!as.getErrorCode().equals("InvalidPermission.Duplicate")) throw as; } } }
From source file:org.elasticsearch.discovery.ec2.AwsEc2UnicastHostsProvider.java
License:Apache License
@Override public List<DiscoveryNode> buildDynamicNodes() { List<DiscoveryNode> discoNodes = Lists.newArrayList(); DescribeInstancesResult descInstances; try {// w ww. ja v a2 s . c o m // Query EC2 API based on AZ, instance state, and tag. // NOTE: we don't filter by security group during the describe instances request for two reasons: // 1. differences in VPCs require different parameters during query (ID vs Name) // 2. We want to use two different strategies: (all security groups vs. any security groups) descInstances = client.describeInstances(buildDescribeInstancesRequest()); } catch (AmazonClientException e) { logger.info("Exception while retrieving instance list from AWS API: {}", e.getMessage()); logger.debug("Full exception:", e); return discoNodes; } logger.trace("building dynamic unicast discovery nodes..."); for (Reservation reservation : descInstances.getReservations()) { for (Instance instance : reservation.getInstances()) { // lets see if we can filter based on groups if (!groups.isEmpty()) { List<GroupIdentifier> instanceSecurityGroups = instance.getSecurityGroups(); ArrayList<String> securityGroupNames = new ArrayList<String>(); ArrayList<String> securityGroupIds = new ArrayList<String>(); for (GroupIdentifier sg : instanceSecurityGroups) { securityGroupNames.add(sg.getGroupName()); securityGroupIds.add(sg.getGroupId()); } if (bindAnyGroup) { // We check if we can find at least one group name or one group id in groups. if (Collections.disjoint(securityGroupNames, groups) && Collections.disjoint(securityGroupIds, groups)) { logger.trace("filtering out instance {} based on groups {}, not part of {}", instance.getInstanceId(), instanceSecurityGroups, groups); // continue to the next instance continue; } } else { // We need tp match all group names or group ids, otherwise we ignore this instance if (!(securityGroupNames.containsAll(groups) || securityGroupIds.containsAll(groups))) { logger.trace("filtering out instance {} based on groups {}, does not include all of {}", instance.getInstanceId(), instanceSecurityGroups, groups); // continue to the next instance continue; } } } String address = null; switch (hostType) { case PRIVATE_DNS: address = instance.getPrivateDnsName(); break; case PRIVATE_IP: address = instance.getPrivateIpAddress(); break; case PUBLIC_DNS: address = instance.getPublicDnsName(); break; case PUBLIC_IP: address = instance.getPublicDnsName(); break; } if (address != null) { try { TransportAddress[] addresses = transportService.addressesFromString(address); // we only limit to 1 addresses, makes no sense to ping 100 ports for (int i = 0; (i < addresses.length && i < UnicastZenPing.LIMIT_PORTS_COUNT); i++) { logger.trace("adding {}, address {}, transport_address {}", instance.getInstanceId(), address, addresses[i]); discoNodes.add(new DiscoveryNode("#cloud-" + instance.getInstanceId() + "-" + i, addresses[i], Version.CURRENT)); } } catch (Exception e) { logger.warn("failed ot add {}, address {}", e, instance.getInstanceId(), address); } } else { logger.trace("not adding {}, address is null, host_type {}", instance.getInstanceId(), hostType); } } } logger.debug("using dynamic discovery nodes {}", discoNodes); return discoNodes; }
From source file:org.finra.dm.dao.impl.Ec2DaoImpl.java
License:Apache License
/** * Adds the security groups to an EC2 instance. * * @param ec2InstanceId, the ec2 instance id. * @param securityGroups, security groups to be added. * @param awsParams, awsParamsDto object * * @return updated security groups./*from w w w. ja v a 2 s . c o m*/ */ @Override public List<String> addSecurityGroupsToEc2Instance(String ec2InstanceId, List<String> securityGroups, AwsParamsDto awsParams) { Set<String> updatedSecurityGroups = new HashSet<>(); for (String securityGroup : securityGroups) { updatedSecurityGroups.add(securityGroup); } // Get existing security groups DescribeInstanceAttributeRequest describeInstanceAttributeRequest = new DescribeInstanceAttributeRequest() .withInstanceId(ec2InstanceId).withAttribute(InstanceAttributeName.GroupSet); DescribeInstanceAttributeResult describeInstanceAttributeResult = ec2Operations .describeInstanceAttribute(getEc2Client(awsParams), describeInstanceAttributeRequest); List<GroupIdentifier> groups = describeInstanceAttributeResult.getInstanceAttribute().getGroups(); for (GroupIdentifier groupIdentifier : groups) { updatedSecurityGroups.add(groupIdentifier.getGroupId()); } // Add security group on master EC2 instance ModifyInstanceAttributeRequest modifyInstanceAttributeRequest = new ModifyInstanceAttributeRequest() .withInstanceId(ec2InstanceId).withGroups(updatedSecurityGroups); ec2Operations.modifyInstanceAttribute(getEc2Client(awsParams), modifyInstanceAttributeRequest); return new ArrayList<>(updatedSecurityGroups); }
From source file:org.occiware.clouddriver.util.InstanceDataFactory.java
License:Apache License
/** * * @param groups//from ww w . j a v a 2 s .c o m * @return */ private static List<GroupIdentifierDO> buildSecurityGroupsDatas(List<GroupIdentifier> groups) { GroupIdentifierDO groupIdentifierDO; List<GroupIdentifierDO> groupIdentifierDOs = new ArrayList<>(); for (GroupIdentifier group : groups) { groupIdentifierDO = new GroupIdentifierDO(); groupIdentifierDO.setGroupId(group.getGroupId()); groupIdentifierDO.setGroupName(group.getGroupName()); groupIdentifierDOs.add(groupIdentifierDO); } return groupIdentifierDOs; }