List of usage examples for com.amazonaws.services.ec2.model RevokeSecurityGroupIngressRequest RevokeSecurityGroupIngressRequest
public RevokeSecurityGroupIngressRequest()
From source file:com.axemblr.provisionr.amazon.activities.EnsureSecurityGroupExists.java
License:Apache License
private void revokeIngressRules(AmazonEC2 client, String groupName, Set<IpPermission> ipPermissions) { if (!ipPermissions.isEmpty()) { LOG.info(">> Revoking Security Group Ingress Rules: {} for {}", ipPermissions, groupName); RevokeSecurityGroupIngressRequest request = new RevokeSecurityGroupIngressRequest() .withGroupName(groupName).withIpPermissions(ipPermissions); client.revokeSecurityGroupIngress(request); }//from w w w .j a v a2s.c o m }
From source file:com.hpcloud.daas.ec2.AwsConsoleApp.java
License:Open Source License
public static void RevokeSecurityPort(int fromPort, int toPort, String securityGroupName) throws Exception { try {/* www . jav a 2 s. com*/ RevokeSecurityGroupIngressRequest revokeRequest = new RevokeSecurityGroupIngressRequest(); revokeRequest.setFromPort(fromPort); revokeRequest.setIpProtocol("tcp"); revokeRequest.setToPort(toPort); revokeRequest.setGroupName(securityGroupName); ec2.revokeSecurityGroupIngress(revokeRequest); System.out.println( "Security port revoked successfully. from port (" + fromPort + ") - to port(" + toPort + ")"); } catch (AmazonServiceException ase) { System.out.println( "Error : revoking security port : from port(" + fromPort + ") - to port(" + toPort + ")"); System.out.println("Caught Exception: " + ase.getMessage()); System.out.println("Reponse Status Code: " + ase.getStatusCode()); System.out.println("Error Code: " + ase.getErrorCode()); System.out.println("Request ID: " + ase.getRequestId()); } }
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsDataSourceRecovery.java
License:Open Source License
private String recoverVpcSecurityGroup(AwsReportDataSource awsReportDataSource, String vpcId, String ingressPublicIp) { AWSCredentials awsCredentials = AwsCredentialUtil.getAWSCredentials(awsReportDataSource.getAWSAccessKey(), awsReportDataSource.getAWSSecretKey(), awsReportDataSource.getRoleARN()); //Security/*from w w w. j a va 2 s . co m*/ AmazonEC2Client amazonEc2Client = new AmazonEC2Client(awsCredentials); SecurityGroup vpcSecurityGroup = null; try { DescribeSecurityGroupsResult describeSecurityGroupsResult = amazonEc2Client.describeSecurityGroups(); if (describeSecurityGroupsResult != null && describeSecurityGroupsResult.getSecurityGroups() != null && describeSecurityGroupsResult.getSecurityGroups().size() > 0) { for (SecurityGroup securityGroup : describeSecurityGroupsResult.getSecurityGroups()) { if (securityGroup.getVpcId() != null && securityGroup.getVpcId().equals(vpcId) && securityGroup.getGroupName().equals(awsProperties.getSecurityGroupName())) { vpcSecurityGroup = securityGroup; break; } } } } catch (Exception ex) { //Have to be empty. } boolean ingressIpMaskExist = false; String vpcSecurityGroupId; if (vpcSecurityGroup != null) { vpcSecurityGroupId = vpcSecurityGroup.getGroupId(); List<IpPermission> ipPermissions = vpcSecurityGroup.getIpPermissions(); if (ipPermissions != null && ipPermissions.size() > 0) { for (IpPermission ipPermission : ipPermissions) { if (ipPermission.getIpRanges() != null && ipPermission.getIpRanges().size() > 0 && ipPermission.getIpRanges().contains(ingressPublicIp)) { ingressIpMaskExist = true; } } } if (!ingressIpMaskExist && ipPermissions != null && ipPermissions.size() > 0) { RevokeSecurityGroupIngressRequest revokeSecurityGroupIngressRequest = new RevokeSecurityGroupIngressRequest() .withGroupId(vpcSecurityGroup.getGroupId()).withIpPermissions() .withIpPermissions(vpcSecurityGroup.getIpPermissions()); amazonEc2Client.revokeSecurityGroupIngress(revokeSecurityGroupIngressRequest); } } else { vpcSecurityGroupId = amazonEc2Client .createSecurityGroup( new CreateSecurityGroupRequest().withGroupName(awsProperties.getSecurityGroupName()) .withVpcId(vpcId).withDescription(awsProperties.getSecurityGroupDescription())) .getGroupId(); } if (!ingressIpMaskExist) { IpPermission ipPermission = new IpPermission().withIpProtocol("tcp").withIpRanges(ingressPublicIp) .withFromPort(0).withToPort(65535); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add(ipPermission); AuthorizeSecurityGroupIngressRequest authorizeRequest = new AuthorizeSecurityGroupIngressRequest() .withIpPermissions(ipPermissions).withGroupId(vpcSecurityGroupId); amazonEc2Client.authorizeSecurityGroupIngress(authorizeRequest); } return vpcSecurityGroupId; }
From source file:com.lunabeat.dooper.HadoopCluster.java
License:Apache License
/** * * @return boolean success//from w w w . j av a 2 s. c o m */ public boolean removeSecurityGroups() { if (!groupsExist()) { return true; } if (_master != null || _slaves.size() > 0) { return false; } UserIdGroupPair slaveUserIdGroupPair = new UserIdGroupPair().withGroupName(_groupName) .withUserId(_config.get(ClusterConfig.ACCOUNT_ID_KEY)); UserIdGroupPair masterUserIdGroupPair = new UserIdGroupPair().withGroupName(_masterGroupName) .withUserId(_config.get(ClusterConfig.ACCOUNT_ID_KEY)); ArrayList<IpPermission> ipPerms = new ArrayList<IpPermission>(); ipPerms.add(new IpPermission().withToPort(22).withFromPort(22).withIpProtocol(TCP).withIpRanges(ALL_IPS)); ipPerms.add(new IpPermission().withUserIdGroupPairs(masterUserIdGroupPair).withIpProtocol(TCP) .withToPort(HI_PORT).withFromPort(LOW_PORT)); ipPerms.add(new IpPermission().withUserIdGroupPairs(masterUserIdGroupPair).withIpProtocol(UDP) .withToPort(HI_PORT).withFromPort(LOW_PORT)); ipPerms.add(new IpPermission().withUserIdGroupPairs(masterUserIdGroupPair).withIpProtocol(ICMP) .withToPort(-1).withFromPort(-1)); ipPerms.add(new IpPermission().withUserIdGroupPairs(slaveUserIdGroupPair).withIpProtocol(TCP) .withToPort(HI_PORT).withFromPort(LOW_PORT)); ipPerms.add(new IpPermission().withUserIdGroupPairs(slaveUserIdGroupPair).withIpProtocol(UDP) .withToPort(HI_PORT).withFromPort(LOW_PORT)); ipPerms.add(new IpPermission().withUserIdGroupPairs(slaveUserIdGroupPair).withIpProtocol(ICMP) .withToPort(-1).withFromPort(-1)); RevokeSecurityGroupIngressRequest srsgi = new RevokeSecurityGroupIngressRequest().withGroupName(_groupName) .withIpPermissions(ipPerms); _ec2.revokeSecurityGroupIngress(srsgi); RevokeSecurityGroupIngressRequest mrsgi = new RevokeSecurityGroupIngressRequest() .withGroupName(_masterGroupName).withIpPermissions(ipPerms); _ec2.revokeSecurityGroupIngress(mrsgi); _ec2.deleteSecurityGroup(new DeleteSecurityGroupRequest().withGroupName(_groupName)); _ec2.deleteSecurityGroup(new DeleteSecurityGroupRequest().withGroupName(_masterGroupName)); return true; }
From source file:com.nike.cerberus.operation.core.WhitelistCidrForVpcAccessOpertaion.java
License:Apache License
@Override public void run(final WhitelistCidrForVpcAccessCommand command) { final BaseOutputs baseStackOutputs = configStore.getBaseStackOutputs(); logger.info("Revoking the previous ingress rules..."); final DescribeSecurityGroupsResult securityGroupsResult = ec2Client.describeSecurityGroups( new DescribeSecurityGroupsRequest().withGroupIds(baseStackOutputs.getToolsIngressSgId())); securityGroupsResult.getSecurityGroups().forEach(securityGroup -> { if (!securityGroup.getIpPermissions().isEmpty()) { RevokeSecurityGroupIngressRequest revokeIngressRequest = new RevokeSecurityGroupIngressRequest() .withGroupId(baseStackOutputs.getToolsIngressSgId()) .withIpPermissions(securityGroup.getIpPermissions()); ec2Client.revokeSecurityGroupIngress(revokeIngressRequest); }/*w ww . ja v a2s.co m*/ }); logger.info("Done."); logger.info("Authorizing the new ingress rules..."); final List<IpPermission> ipPermissionList = Lists.newArrayListWithCapacity(command.getPorts().size()); command.getPorts().forEach(port -> { IpPermission ipPermission = new IpPermission().withIpRanges(command.getCidrs()).withIpProtocol("tcp") .withFromPort(port).withToPort(port); ipPermissionList.add(ipPermission); }); AuthorizeSecurityGroupIngressRequest ingressRequest = new AuthorizeSecurityGroupIngressRequest() .withGroupId(baseStackOutputs.getToolsIngressSgId()).withIpPermissions(ipPermissionList); ec2Client.authorizeSecurityGroupIngress(ingressRequest); logger.info("Done."); }
From source file:com.urbancode.terraform.tasks.aws.helpers.AWSHelper.java
License:Apache License
/** * * @param groupId/* w ww. j ava2 s . c o m*/ * @param protocol * @param startPort * @param endPort * @param cidr * @param inbound * @param ec2Client */ public void deleteRuleForSecurityGroup(String groupId, String protocol, int startPort, int endPort, String cidr, boolean inbound, AmazonEC2 ec2Client) { IpPermission perm = new IpPermission().withFromPort(startPort).withToPort(endPort).withIpProtocol(protocol) .withIpRanges(cidr); try { if (inbound) { RevokeSecurityGroupIngressRequest request = new RevokeSecurityGroupIngressRequest() .withGroupId(groupId).withIpPermissions(perm); ec2Client.revokeSecurityGroupIngress(request); } else { RevokeSecurityGroupEgressRequest request = new RevokeSecurityGroupEgressRequest() .withGroupId(groupId).withIpPermissions(perm); ec2Client.revokeSecurityGroupEgress(request); } } catch (AmazonServiceException e) { log.error("Failed to delete Rule on Security Group " + groupId); if (!"InvalidGroup.NotFound".equals(e.getErrorCode())) { throw e; } } }
From source file:jp.classmethod.aws.gradle.ec2.AmazonEC2RevokeSecurityGroupIngressTask.java
License:Apache License
@TaskAction public void revokeIngress() { // to enable conventionMappings feature String groupId = getGroupId(); Object ipPermissions = getIpPermissions(); if (groupId == null) { throw new GradleException("groupId is not specified"); }// www .ja va2s .com if (ipPermissions == null) { throw new GradleException("ipPermissions is not specified"); } AmazonEC2PluginExtension ext = getProject().getExtensions().getByType(AmazonEC2PluginExtension.class); AmazonEC2 ec2 = ext.getClient(); try { ec2.revokeSecurityGroupIngress(new RevokeSecurityGroupIngressRequest().withGroupId(groupId) .withIpPermissions(parse(ipPermissions))); } catch (AmazonServiceException e) { if (e.getErrorCode().equals("InvalidPermission.NotFound")) { getLogger().warn(e.getMessage()); } else { throw e; } } }
From source file:org.apache.usergrid.chop.api.store.amazon.AmazonIpRuleManager.java
License:Apache License
@Override public void deleteRules(final String name, final Collection<IpRule> ipRules) { if (ipRules == null || ipRules.size() == 0) { return;/*from ww w. jav a 2s .c o m*/ } Collection<IpPermission> permissions = new ArrayList<IpPermission>(ipRules.size()); for (IpRule rule : ipRules) { permissions.add(toIpPermission(rule)); } RevokeSecurityGroupIngressRequest request = new RevokeSecurityGroupIngressRequest(); request = request.withGroupName(name).withIpPermissions(permissions); client.revokeSecurityGroupIngress(request); }
From source file:org.apache.usergrid.chop.api.store.amazon.AmazonIpRuleManager.java
License:Apache License
@Override public void deleteRules(final String name, final Collection<String> ipRanges, final String protocol, final int port) { IpPermission permission = new IpPermission(); permission = permission.withIpProtocol(protocol).withFromPort(port).withToPort(port).withIpRanges(ipRanges); RevokeSecurityGroupIngressRequest request = new RevokeSecurityGroupIngressRequest(); request = request.withGroupName(name).withIpPermissions(permission); client.revokeSecurityGroupIngress(request); }
From source file:org.openinfinity.cloud.service.administrator.EC2Wrapper.java
License:Apache License
public void revokeGroup(String securityGroupName, String sourceGroupName, String sourceGroupOwner, Integer fromPort, Integer toPort, String protocol) { try {//from w ww . ja va 2 s .co m RevokeSecurityGroupIngressRequest request = new RevokeSecurityGroupIngressRequest(); UserIdGroupPair pair = new UserIdGroupPair(); pair.setGroupName(sourceGroupName); pair.setUserId(sourceGroupOwner); List<UserIdGroupPair> idList = new ArrayList<UserIdGroupPair>(); idList.add(pair); IpPermission perm = new IpPermission(); perm.setUserIdGroupPairs(idList); perm.setFromPort(fromPort); perm.setToPort(toPort); perm.setIpProtocol(protocol); List<IpPermission> permList = new ArrayList<IpPermission>(); permList.add(perm); request.setIpPermissions(permList); request.setGroupName(securityGroupName); ec2.revokeSecurityGroupIngress(request); } catch (Exception e) { String message = e.getMessage(); LOG.error("Could not set authorized IP:s to security group: " + message); ExceptionUtil.throwSystemException(message, e); } }