List of usage examples for com.amazonaws.services.ec2.model SecurityGroup getVpcId
public String getVpcId()
[VPC only] The ID of the VPC for the security group.
From source file:aws.example.ec2.DescribeSecurityGroups.java
License:Open Source License
public static void main(String[] args) { final String USAGE = "To run this example, supply a group id\n" + "Ex: DescribeSecurityGroups <group-id>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1);//from w w w . j ava 2 s . co m } String group_id = args[0]; final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient(); DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest().withGroupIds(group_id); DescribeSecurityGroupsResult response = ec2.describeSecurityGroups(request); for (SecurityGroup group : response.getSecurityGroups()) { System.out.printf("Found security group with id %s, " + "vpc id %s " + "and description %s", group.getGroupId(), group.getVpcId(), group.getDescription()); } }
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsDataSourceRecovery.java
License:Open Source License
private String recoverVpcSecurityGroup(AwsReportDataSource awsReportDataSource, String vpcId, String ingressPublicIp) { AWSCredentials awsCredentials = AwsCredentialUtil.getAWSCredentials(awsReportDataSource.getAWSAccessKey(), awsReportDataSource.getAWSSecretKey(), awsReportDataSource.getRoleARN()); //Security/*w ww . jav a 2 s .c o m*/ AmazonEC2Client amazonEc2Client = new AmazonEC2Client(awsCredentials); SecurityGroup vpcSecurityGroup = null; try { DescribeSecurityGroupsResult describeSecurityGroupsResult = amazonEc2Client.describeSecurityGroups(); if (describeSecurityGroupsResult != null && describeSecurityGroupsResult.getSecurityGroups() != null && describeSecurityGroupsResult.getSecurityGroups().size() > 0) { for (SecurityGroup securityGroup : describeSecurityGroupsResult.getSecurityGroups()) { if (securityGroup.getVpcId() != null && securityGroup.getVpcId().equals(vpcId) && securityGroup.getGroupName().equals(awsProperties.getSecurityGroupName())) { vpcSecurityGroup = securityGroup; break; } } } } catch (Exception ex) { //Have to be empty. } boolean ingressIpMaskExist = false; String vpcSecurityGroupId; if (vpcSecurityGroup != null) { vpcSecurityGroupId = vpcSecurityGroup.getGroupId(); List<IpPermission> ipPermissions = vpcSecurityGroup.getIpPermissions(); if (ipPermissions != null && ipPermissions.size() > 0) { for (IpPermission ipPermission : ipPermissions) { if (ipPermission.getIpRanges() != null && ipPermission.getIpRanges().size() > 0 && ipPermission.getIpRanges().contains(ingressPublicIp)) { ingressIpMaskExist = true; } } } if (!ingressIpMaskExist && ipPermissions != null && ipPermissions.size() > 0) { RevokeSecurityGroupIngressRequest revokeSecurityGroupIngressRequest = new RevokeSecurityGroupIngressRequest() .withGroupId(vpcSecurityGroup.getGroupId()).withIpPermissions() .withIpPermissions(vpcSecurityGroup.getIpPermissions()); amazonEc2Client.revokeSecurityGroupIngress(revokeSecurityGroupIngressRequest); } } else { vpcSecurityGroupId = amazonEc2Client .createSecurityGroup( new CreateSecurityGroupRequest().withGroupName(awsProperties.getSecurityGroupName()) .withVpcId(vpcId).withDescription(awsProperties.getSecurityGroupDescription())) .getGroupId(); } if (!ingressIpMaskExist) { IpPermission ipPermission = new IpPermission().withIpProtocol("tcp").withIpRanges(ingressPublicIp) .withFromPort(0).withToPort(65535); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add(ipPermission); AuthorizeSecurityGroupIngressRequest authorizeRequest = new AuthorizeSecurityGroupIngressRequest() .withIpPermissions(ipPermissions).withGroupId(vpcSecurityGroupId); amazonEc2Client.authorizeSecurityGroupIngress(authorizeRequest); } return vpcSecurityGroupId; }
From source file:com.netflix.simianarmy.chaos.BlockAllNetworkTrafficChaosType.java
License:Apache License
/** * Takes the instance off the network.// w w w . ja v a 2 s . c o m */ @Override public void apply(ChaosInstance instance) { String vpcId = getVpcId(instance); if (vpcId == null) { throw new IllegalStateException("canApply should have returned false"); } AWSClient awsClient = (AWSClient) instance.getCloudClient(); SecurityGroup found = null; List<SecurityGroup> securityGroups = awsClient.describeSecurityGroups(blockedSecurityGroupName); for (SecurityGroup sg : securityGroups) { if (Objects.equal(vpcId, sg.getVpcId())) { if (found != null) { throw new IllegalStateException("Duplicate security groups found"); } found = sg; } } String groupId; if (found == null) { LOGGER.info("Auto-creating security group {}", blockedSecurityGroupName); String description = "Empty security group for blocked instances"; groupId = awsClient.createSecurityGroup(vpcId, blockedSecurityGroupName, description); } else { groupId = found.getGroupId(); } String instanceId = instance.getInstanceId(); LOGGER.info("Blocking network traffic by applying security group {} to instance {}", groupId, instanceId); List<String> groups = Lists.newArrayList(); groups.add(groupId); awsClient.setInstanceSecurityGroups(instanceId, groups); }
From source file:com.netflix.simianarmy.client.aws.AWSClient.java
License:Apache License
/** {@inheritDoc} */ @Override//from w w w. j av a 2 s.co m public String findSecurityGroup(String instanceId, String groupName) { String vpcId = getVpcId(instanceId); SecurityGroup found = null; List<SecurityGroup> securityGroups = describeSecurityGroups(vpcId, groupName); for (SecurityGroup sg : securityGroups) { if (Objects.equal(vpcId, sg.getVpcId())) { if (found != null) { throw new IllegalStateException("Duplicate security groups found"); } found = sg; } } if (found == null) { return null; } return found.getGroupId(); }
From source file:com.netflix.spinnaker.clouddriver.aws.security.DefaultAWSAccountInfoLookup.java
License:Apache License
@Override public String findAccountId() { AmazonEC2 ec2 = amazonClientProvider.getAmazonEC2(credentialsProvider, AmazonClientProvider.DEFAULT_REGION); try {/*from ww w . j a va 2 s. c o m*/ List<Vpc> vpcs = ec2.describeVpcs().getVpcs(); boolean supportsByName = false; if (vpcs.isEmpty()) { supportsByName = true; } else { for (Vpc vpc : vpcs) { if (vpc.getIsDefault()) { supportsByName = true; break; } } } DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest(); if (supportsByName) { request.withGroupNames(DEFAULT_SECURITY_GROUP_NAME); } DescribeSecurityGroupsResult result = ec2.describeSecurityGroups(request); for (SecurityGroup sg : result.getSecurityGroups()) { //if there is a vpcId or it is the default security group it won't be an EC2 cross account group if ((sg.getVpcId() != null && sg.getVpcId().length() > 0) || DEFAULT_SECURITY_GROUP_NAME.equals(sg.getGroupName())) { return sg.getOwnerId(); } } throw new IllegalArgumentException("Unable to lookup accountId with provided credentials"); } catch (AmazonServiceException ase) { if ("AccessDenied".equals(ase.getErrorCode())) { String message = ase.getMessage(); Matcher matcher = IAM_ARN_PATTERN.matcher(message); if (matcher.matches()) { return matcher.group(1); } } throw ase; } }
From source file:ec2.DescribeSecurityGroups.java
License:Open Source License
public static void main(String[] args) { final String USAGE = "To run this example, supply a group id\n" + "Ex: DescribeSecurityGroups <group-id>\n"; if (args.length != 1) { System.out.println(USAGE); System.exit(1);//from www. j a v a 2s. c o m } String groupId = args[0]; final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient(); DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest().withGroupIds(groupId); DescribeSecurityGroupsResult response = ec2.describeSecurityGroups(request); for (SecurityGroup group : response.getSecurityGroups()) { System.out.printf("Found security group with id %s, vpc id %s and description %s", group.getGroupId(), group.getVpcId(), group.getDescription()); } }
From source file:hudson.plugins.ec2.SlaveTemplate.java
License:Open Source License
/** * Get a list of security group ids for the slave *//*from w w w .j a va 2s .c o m*/ private List<String> getEc2SecurityGroups(AmazonEC2 ec2) throws AmazonClientException { List<String> group_ids = new ArrayList<String>(); DescribeSecurityGroupsResult group_result = getSecurityGroupsBy("group-name", securityGroupSet, ec2); if (group_result.getSecurityGroups().size() == 0) { group_result = getSecurityGroupsBy("group-id", securityGroupSet, ec2); } for (SecurityGroup group : group_result.getSecurityGroups()) { if (group.getVpcId() != null && !group.getVpcId().isEmpty()) { List<Filter> filters = new ArrayList<Filter>(); filters.add(new Filter("vpc-id").withValues(group.getVpcId())); filters.add(new Filter("state").withValues("available")); filters.add(new Filter("subnet-id").withValues(getSubnetId())); DescribeSubnetsRequest subnet_req = new DescribeSubnetsRequest(); subnet_req.withFilters(filters); DescribeSubnetsResult subnet_result = ec2.describeSubnets(subnet_req); List<Subnet> subnets = subnet_result.getSubnets(); if (subnets != null && !subnets.isEmpty()) { group_ids.add(group.getGroupId()); } } } if (securityGroupSet.size() != group_ids.size()) { throw new AmazonClientException( "Security groups must all be VPC security groups to work in a VPC context"); } return group_ids; }