List of usage examples for com.amazonaws.services.ec2.model IpPermission getIpRanges
@Deprecated
public java.util.List<String> getIpRanges()
One or more IP ranges.
From source file:c3.ops.priam.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's/*from w ww . j a v a 2s . co m*/ */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.appdynamics.connectors.AWSConnector.java
License:Apache License
private void validateAndConfigureSecurityGroups(List<String> securityGroupNames, AmazonEC2 connector) throws ConnectorException { DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResult describeSecurityGroupsResult = connector .describeSecurityGroups(describeSecurityGroupsRequest.withGroupNames(securityGroupNames)); String controllerIp = "0.0.0.0/0"; int agentPort = controllerServices.getDefaultAgentPort(); // check if any one of the security group // already has agent port and controller ip List<SecurityGroup> securityGroups = describeSecurityGroupsResult.getSecurityGroups(); for (SecurityGroup securityGroup : securityGroups) { List<IpPermission> ipPermissions = securityGroup.getIpPermissions(); for (IpPermission permission : ipPermissions) { if (permission.getIpRanges().contains(controllerIp) && (agentPort >= permission.getFromPort() && agentPort <= permission.getToPort())) { return; }//from w w w . ja v a 2 s . c o m } } String securityGroup = null; if (securityGroups.contains(Utils.DEFAULT_SECURITY_GROUP)) { securityGroup = Utils.DEFAULT_SECURITY_GROUP; } else { securityGroup = securityGroups.get(0).getGroupName(); } IpPermission ipPermission = new IpPermission(); ipPermission.setFromPort(agentPort); ipPermission.setToPort(agentPort); ipPermission.setIpProtocol("tcp"); ipPermission.setIpRanges(Lists.newArrayList(controllerIp)); connector.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(securityGroup, Lists.newArrayList(ipPermission))); }
From source file:com.axemblr.provisionr.amazon.functions.ConvertIpPermissionToRule.java
License:Apache License
@Override public Rule apply(IpPermission ipPermission) { final RuleBuilder builder = Rule.builder().cidr(getOnlyElement(ipPermission.getIpRanges())) .protocol(Protocol.valueOf(ipPermission.getIpProtocol().toUpperCase())); if (!ipPermission.getIpProtocol().equals("icmp")) { builder.ports(ipPermission.getFromPort(), ipPermission.getToPort()); }/*from w w w .j a v a 2 s . co m*/ return builder.createRule(); }
From source file:com.brighttag.agathon.security.ec2.Ec2SecurityGroupService.java
License:Apache License
/** * Converts EC2 {@link IpPermission}s to {@link SecurityGroupPermission}s. *///from www. j av a 2 s. c o m private ImmutableSet<SecurityGroupPermission> fromIpPermissions(Iterable<IpPermission> permissions) { return FluentIterable.from(permissions).transform(new Function<IpPermission, SecurityGroupPermission>() { @Override public SecurityGroupPermission apply(IpPermission permission) { return new SecurityGroupPermission(Netmask.fromCidr(permission.getIpRanges()), Range.closed(permission.getFromPort(), permission.getToPort())); } }).toSet(); }
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsDataSourceRecovery.java
License:Open Source License
private String recoverVpcSecurityGroup(AwsReportDataSource awsReportDataSource, String vpcId, String ingressPublicIp) { AWSCredentials awsCredentials = AwsCredentialUtil.getAWSCredentials(awsReportDataSource.getAWSAccessKey(), awsReportDataSource.getAWSSecretKey(), awsReportDataSource.getRoleARN()); //Security/*from w w w .j av a2 s .c o m*/ AmazonEC2Client amazonEc2Client = new AmazonEC2Client(awsCredentials); SecurityGroup vpcSecurityGroup = null; try { DescribeSecurityGroupsResult describeSecurityGroupsResult = amazonEc2Client.describeSecurityGroups(); if (describeSecurityGroupsResult != null && describeSecurityGroupsResult.getSecurityGroups() != null && describeSecurityGroupsResult.getSecurityGroups().size() > 0) { for (SecurityGroup securityGroup : describeSecurityGroupsResult.getSecurityGroups()) { if (securityGroup.getVpcId() != null && securityGroup.getVpcId().equals(vpcId) && securityGroup.getGroupName().equals(awsProperties.getSecurityGroupName())) { vpcSecurityGroup = securityGroup; break; } } } } catch (Exception ex) { //Have to be empty. } boolean ingressIpMaskExist = false; String vpcSecurityGroupId; if (vpcSecurityGroup != null) { vpcSecurityGroupId = vpcSecurityGroup.getGroupId(); List<IpPermission> ipPermissions = vpcSecurityGroup.getIpPermissions(); if (ipPermissions != null && ipPermissions.size() > 0) { for (IpPermission ipPermission : ipPermissions) { if (ipPermission.getIpRanges() != null && ipPermission.getIpRanges().size() > 0 && ipPermission.getIpRanges().contains(ingressPublicIp)) { ingressIpMaskExist = true; } } } if (!ingressIpMaskExist && ipPermissions != null && ipPermissions.size() > 0) { RevokeSecurityGroupIngressRequest revokeSecurityGroupIngressRequest = new RevokeSecurityGroupIngressRequest() .withGroupId(vpcSecurityGroup.getGroupId()).withIpPermissions() .withIpPermissions(vpcSecurityGroup.getIpPermissions()); amazonEc2Client.revokeSecurityGroupIngress(revokeSecurityGroupIngressRequest); } } else { vpcSecurityGroupId = amazonEc2Client .createSecurityGroup( new CreateSecurityGroupRequest().withGroupName(awsProperties.getSecurityGroupName()) .withVpcId(vpcId).withDescription(awsProperties.getSecurityGroupDescription())) .getGroupId(); } if (!ingressIpMaskExist) { IpPermission ipPermission = new IpPermission().withIpProtocol("tcp").withIpRanges(ingressPublicIp) .withFromPort(0).withToPort(65535); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add(ipPermission); AuthorizeSecurityGroupIngressRequest authorizeRequest = new AuthorizeSecurityGroupIngressRequest() .withIpPermissions(ipPermissions).withGroupId(vpcSecurityGroupId); amazonEc2Client.authorizeSecurityGroupIngress(authorizeRequest); } return vpcSecurityGroupId; }
From source file:com.netflix.dynomitemanager.sidecore.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's//from w ww .java2 s .c o m */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); if (this.insEnvIdentity.isClassic()) { DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); logger.info("Fetch current permissions for classic env of running instance"); } else { Filter nameFilter = new Filter().withName("group-name").withValues(config.getACLGroupName()); String vpcid = config.getVpcId(); if (vpcid == null || vpcid.isEmpty()) { throw new IllegalStateException("vpcid is null even though instance is running in vpc."); } Filter vpcFilter = new Filter().withName("vpc-id").withValues(vpcid); //only fetch SG for the vpc id of the running instance DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest().withFilters(nameFilter, vpcFilter); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) for (IpPermission perm : group.getIpPermissions()) if (perm.getFromPort() == from && perm.getToPort() == to) ipPermissions.addAll(perm.getIpRanges()); logger.info("Fetch current permissions for vpc env of running instance"); } return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.netflix.raigad.aws.AWSMembership.java
License:Apache License
/** * List SG ACL's//from w ww. j a va 2s .c o m */ public List<String> listACL(int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<String> ipPermissions = new ArrayList<String>(); DescribeSecurityGroupsRequest req = new DescribeSecurityGroupsRequest() .withGroupNames(Arrays.asList(config.getACLGroupName())); DescribeSecurityGroupsResult result = client.describeSecurityGroups(req); for (SecurityGroup group : result.getSecurityGroups()) { for (IpPermission perm : group.getIpPermissions()) { if (perm.getFromPort() == from && perm.getToPort() == to) { ipPermissions.addAll(perm.getIpRanges()); } } } return ipPermissions; } finally { if (client != null) client.shutdown(); } }
From source file:com.vb.aws.services.compute.ec2.EC2UtilsImpl.java
/** * This method returns all non-compliant security groups. * Security groups which allow traffic from 0.0.0.0/0 and ports 80,443,ALL are non-compliant. * @param allSecurityGroups/*www .j av a2 s .c o m*/ * @return List<SecurityGroup> returns all non compliant security groups. */ public List<SecurityGroup> getNonComplaintSecurityGroups(List<SecurityGroup> allSecurityGroups) { List<SecurityGroup> nonCompliantSecurityGroups = new ArrayList<SecurityGroup>(); // Check if number of security groups is 0 or null. if (allSecurityGroups.size() != 0 || allSecurityGroups != null) { for (SecurityGroup sg : allSecurityGroups) { Boolean compliantSG = true; List<IpPermission> igressIpPermissions = sg.getIpPermissions(); // Check if igress permissions size greater than 0, if 0 security group is compliant. if (igressIpPermissions.size() > 0) { for (IpPermission ipPermission : igressIpPermissions) { List<String> ipRanges = ipPermission.getIpRanges(); Integer fromPort = ipPermission.getFromPort(); Integer toPort = ipPermission.getFromPort(); // Check if ip ranges greater than 0 and ipRanges contains 0.0.0.0/0, else security group is compliant. if (ipRanges.size() > 0 && ipRanges.contains(SOURCE_IP_ADDRESS)) { if (fromPort == null || toPort == null) { //ALL non compliant. compliantSG = false; nonCompliantSecurityGroups.add(sg); //Need to use Set's instead of ArrayList. Once SecurityGroup is confirmed NON-COMPLIANT no need to check other rules. break; } else if (!(toPort.equals(HTTP_PORT) || toPort.equals(HTTPS_PORT) || fromPort.equals(HTTP_PORT) || fromPort.equals(HTTPS_PORT))) { // All ports other than 80, 443 are non-compliant. compliantSG = false; nonCompliantSecurityGroups.add(sg); //Need to use Set's instead of ArrayList. Once SecurityGroup is confirmed NON-COMPLIANT no need to check other rules. break; } } } } if (compliantSG) { System.out.println( "INFO : SG GROUP : " + sg.getGroupName() + " : " + sg.getGroupId() + " is COMPLIANT."); } else { System.out.println("INFO : SG GROUP : " + sg.getGroupName() + " : " + sg.getGroupId() + " is NON COMPLIANT."); } } } System.out.println("INFO : Number of NON COMPLIANT SECURITY GROUPS : " + nonCompliantSecurityGroups.size()); List<String> allNonCompliantSecurityGroupsNames = nonCompliantSecurityGroups.stream() .map(e -> e.getGroupName()).collect(Collectors.toList()); System.out.println("INFO : NON COMPLIANT SECURITY GROUPS : " + allNonCompliantSecurityGroupsNames); return nonCompliantSecurityGroups; }
From source file:com.zotoh.cloudapi.aws.SecurityGroup.java
License:Open Source License
private List<FirewallRule> toRules(String group, IpPermission p) { List<FirewallRule> lst = LT(); if (p != null) { for (String s : p.getIpRanges()) { lst.add(new FirewallRule(group, s, Protocol.valueOf(p.getIpProtocol().toUpperCase()), p.getFromPort(), p.getToPort())); }//from w w w. ja v a2s . c o m } return lst; }
From source file:datameer.awstasks.aws.ec2.GroupPermission.java
License:Apache License
public boolean matches(IpPermission ipPermission) { boolean sourceAllowed = false; if (!ipPermission.getIpRanges().isEmpty()) { sourceAllowed = ipPermission.getIpRanges().contains(_sourceIp); } else if (!ipPermission.getUserIdGroupPairs().isEmpty()) { sourceAllowed = false;/*from www .j a v a 2 s .c o m*/ } return ipPermission.getFromPort() <= getFromPort() && ipPermission.getToPort() >= getToPort() && getProtocol().equalsIgnoreCase(ipPermission.getIpProtocol()) && sourceAllowed; }