List of usage examples for com.amazonaws.services.ec2.model IpPermission getFromPort
public Integer getFromPort()
The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.
From source file:c3.ops.priam.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's/*from ww w . j ava 2 s .c om*/ */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.appdynamics.connectors.AWSConnector.java
License:Apache License
private void validateAndConfigureSecurityGroups(List<String> securityGroupNames, AmazonEC2 connector) throws ConnectorException { DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResult describeSecurityGroupsResult = connector .describeSecurityGroups(describeSecurityGroupsRequest.withGroupNames(securityGroupNames)); String controllerIp = "0.0.0.0/0"; int agentPort = controllerServices.getDefaultAgentPort(); // check if any one of the security group // already has agent port and controller ip List<SecurityGroup> securityGroups = describeSecurityGroupsResult.getSecurityGroups(); for (SecurityGroup securityGroup : securityGroups) { List<IpPermission> ipPermissions = securityGroup.getIpPermissions(); for (IpPermission permission : ipPermissions) { if (permission.getIpRanges().contains(controllerIp) && (agentPort >= permission.getFromPort() && agentPort <= permission.getToPort())) { return; }// ww w . ja va 2 s . co m } } String securityGroup = null; if (securityGroups.contains(Utils.DEFAULT_SECURITY_GROUP)) { securityGroup = Utils.DEFAULT_SECURITY_GROUP; } else { securityGroup = securityGroups.get(0).getGroupName(); } IpPermission ipPermission = new IpPermission(); ipPermission.setFromPort(agentPort); ipPermission.setToPort(agentPort); ipPermission.setIpProtocol("tcp"); ipPermission.setIpRanges(Lists.newArrayList(controllerIp)); connector.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(securityGroup, Lists.newArrayList(ipPermission))); }
From source file:com.axemblr.provisionr.amazon.functions.ConvertIpPermissionToRule.java
License:Apache License
@Override public Rule apply(IpPermission ipPermission) { final RuleBuilder builder = Rule.builder().cidr(getOnlyElement(ipPermission.getIpRanges())) .protocol(Protocol.valueOf(ipPermission.getIpProtocol().toUpperCase())); if (!ipPermission.getIpProtocol().equals("icmp")) { builder.ports(ipPermission.getFromPort(), ipPermission.getToPort()); }/*ww w . j a v a 2 s . co m*/ return builder.createRule(); }
From source file:com.brighttag.agathon.security.ec2.Ec2SecurityGroupService.java
License:Apache License
/** * Converts EC2 {@link IpPermission}s to {@link SecurityGroupPermission}s. *///from w w w. j a v a 2 s.c o m private ImmutableSet<SecurityGroupPermission> fromIpPermissions(Iterable<IpPermission> permissions) { return FluentIterable.from(permissions).transform(new Function<IpPermission, SecurityGroupPermission>() { @Override public SecurityGroupPermission apply(IpPermission permission) { return new SecurityGroupPermission(Netmask.fromCidr(permission.getIpRanges()), Range.closed(permission.getFromPort(), permission.getToPort())); } }).toSet(); }
From source file:com.netflix.dynomitemanager.sidecore.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's// ww w . ja va 2s . com */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); if (this.insEnvIdentity.isClassic()) { DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); logger.info("Fetch current permissions for classic env of running instance"); } else { Filter nameFilter = new Filter().withName("group-name").withValues(config.getACLGroupName()); String vpcid = config.getVpcId(); if (vpcid == null || vpcid.isEmpty()) { throw new IllegalStateException("vpcid is null even though instance is running in vpc."); } Filter vpcFilter = new Filter().withName("vpc-id").withValues(vpcid); //only fetch SG for the vpc id of the running instance DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest().withFilters(nameFilter, vpcFilter); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); logger.info("Fetch current permissions for vpc env of running instance"); } return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.netflix.raigad.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's// w w w .j a v a2s . c o m */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) { for (IpPermission perm : group.getIpPermissions()) { if (perm.getFromPort() == from && perm.getToPort() == to) { ipPermissions.addAll(perm.getIpRanges()); } } } return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.vb.aws.services.compute.ec2.EC2UtilsImpl.java
/** * This method returns all non-compliant security groups. * Security groups which allow traffic from 0.0.0.0/0 and ports 80,443,ALL are non-compliant. * @param allSecurityGroups//from ww w . j av a 2 s. c om * @return List<SecurityGroup> returns all non compliant security groups. */ public List<SecurityGroup> getNonComplaintSecurityGroups(List<SecurityGroup> allSecurityGroups) { List<SecurityGroup> nonCompliantSecurityGroups = new ArrayList<SecurityGroup>(); // Check if number of security groups is 0 or null. if (allSecurityGroups.size() != 0 || allSecurityGroups != null) { for (SecurityGroup sg : allSecurityGroups) { Boolean compliantSG = true; List<IpPermission> igressIpPermissions = sg.getIpPermissions(); // Check if igress permissions size greater than 0, if 0 security group is compliant. if (igressIpPermissions.size() > 0) { for (IpPermission ipPermission : igressIpPermissions) { List<String> ipRanges = ipPermission.getIpRanges(); Integer fromPort = ipPermission.getFromPort(); Integer toPort = ipPermission.getFromPort(); // Check if ip ranges greater than 0 and ipRanges contains 0.0.0.0/0, else security group is compliant. if (ipRanges.size() > 0 && ipRanges.contains(SOURCE_IP_ADDRESS)) { if (fromPort == null || toPort == null) { //ALL non compliant. compliantSG = false; nonCompliantSecurityGroups.add(sg); //Need to use Set's instead of ArrayList. Once SecurityGroup is confirmed NON-COMPLIANT no need to check other rules. break; } else if (!(toPort.equals(HTTP_PORT) || toPort.equals(HTTPS_PORT) || fromPort.equals(HTTP_PORT) || fromPort.equals(HTTPS_PORT))) { // All ports other than 80, 443 are non-compliant. compliantSG = false; nonCompliantSecurityGroups.add(sg); //Need to use Set's instead of ArrayList. Once SecurityGroup is confirmed NON-COMPLIANT no need to check other rules. break; } } } } if (compliantSG) { System.out.println( "INFO : SG GROUP : " + sg.getGroupName() + " : " + sg.getGroupId() + " is COMPLIANT."); } else { System.out.println("INFO : SG GROUP : " + sg.getGroupName() + " : " + sg.getGroupId() + " is NON COMPLIANT."); } } } System.out.println("INFO : Number of NON COMPLIANT SECURITY GROUPS : " + nonCompliantSecurityGroups.size()); List<String> allNonCompliantSecurityGroupsNames = nonCompliantSecurityGroups.stream() .map(e -> e.getGroupName()).collect(Collectors.toList()); System.out.println("INFO : NON COMPLIANT SECURITY GROUPS : " + allNonCompliantSecurityGroupsNames); return nonCompliantSecurityGroups; }
From source file:com.zotoh.cloudapi.aws.SecurityGroup.java
License:Open Source License
private List<FirewallRule> toRules(String group, IpPermission p) { List<FirewallRule> lst = LT(); if (p != null) { for (String s : p.getIpRanges()) { lst.add(new FirewallRule(group, s, Protocol.valueOf(p.getIpProtocol().toUpperCase()), p.getFromPort(), p.getToPort())); }//from ww w. ja v a 2s . c o m } return lst; }
From source file:datameer.awstasks.aws.ec2.GroupPermission.java
License:Apache License
public boolean matches(IpPermission ipPermission) { boolean sourceAllowed = false; if (!ipPermission.getIpRanges().isEmpty()) { sourceAllowed = ipPermission.getIpRanges().contains(_sourceIp); } else if (!ipPermission.getUserIdGroupPairs().isEmpty()) { sourceAllowed = false;//from w w w .j a v a 2 s. c o m } return ipPermission.getFromPort() <= getFromPort() && ipPermission.getToPort() >= getToPort() && getProtocol().equalsIgnoreCase(ipPermission.getIpProtocol()) && sourceAllowed; }
From source file:org.apache.provisionr.amazon.functions.ConvertIpPermissionToRule.java
License:Apache License
@Override public Rule apply(IpPermission ipPermission) { checkNotNull(ipPermission, "ipPermission is null"); final RuleBuilder builder = Rule.builder().cidr(getOnlyElement(ipPermission.getIpRanges())) .protocol(Protocol.valueOf(ipPermission.getIpProtocol().toUpperCase())); if (!ipPermission.getIpProtocol().equalsIgnoreCase("icmp")) { builder.ports(ipPermission.getFromPort(), ipPermission.getToPort()); }/* w w w . j a v a 2 s.c o m*/ return builder.createRule(); }