List of usage examples for com.amazonaws.services.rds AmazonRDSClient authorizeDBSecurityGroupIngress
@Override
public DBSecurityGroup authorizeDBSecurityGroupIngress(AuthorizeDBSecurityGroupIngressRequest request)
Enables ingress to a DBSecurityGroup using one of two forms of authorization.
From source file:beanstalk.BeansDatabase.java
License:Apache License
public boolean allowIPConnectionWithDB(String AWSKeyId, String AWSSecretKey, String dbIdentifier) {//throws Exception { boolean ret = false; String security_group = "Cloud4SoaSecGroup"; BasicAWSCredentials basic_credentials = new BasicAWSCredentials(AWSKeyId, AWSSecretKey); AmazonRDSClient rDSClient = new AmazonRDSClient(basic_credentials); //1st step-->add group cloud4soa if not exist CreateDBSecurityGroupRequest create_secGroupRequest = new CreateDBSecurityGroupRequest(security_group, "GroupGeneratedByCloud4SoaAdapter"); DBSecurityGroup securityGroup = new DBSecurityGroup(); try {/*from w w w. j a v a 2s . co m*/ securityGroup = rDSClient.createDBSecurityGroup(create_secGroupRequest); } catch (AmazonClientException amazonClientException) { System.out.print("Error when trying to add Security Group.Security Group might exist already!"); } //2nd step--> add IP to list of specific Security Group AuthorizeDBSecurityGroupIngressRequest ip2SecGroup = new AuthorizeDBSecurityGroupIngressRequest( security_group); //allow specific ip //ip2SecGroup.setCIDRIP("91.132.244.150/5"); //allow everyone ip2SecGroup.setCIDRIP("0.0.0.0/0"); try { rDSClient.authorizeDBSecurityGroupIngress(ip2SecGroup); } catch (AmazonClientException amazonClientException) { System.out.print( "Error when trying to add the specific IP address to the security group.IP might be already entered!"); } return ret; }
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsDataSourceRecovery.java
License:Open Source License
private void createRDSSecurityGroup(AwsReportDataSource awsReportDataSource) throws Exception { AWSCredentials awsCredentials = AwsCredentialUtil.getAWSCredentials(awsReportDataSource.getAWSAccessKey(), awsReportDataSource.getAWSSecretKey(), awsReportDataSource.getRoleARN()); AmazonRDSClient rdsClient = new AmazonRDSClient(awsCredentials); DescribeDBInstancesRequest describeDBInstancesRequest = new DescribeDBInstancesRequest() .withDBInstanceIdentifier(awsReportDataSource.getDbInstanceIdentifier()); String endpoint = awsReportDataSource.getAWSRegion(); if (endpoint != null) { rdsClient.setEndpoint(RDS + "." + endpoint); }// w w w .j ava 2 s.c om DBInstance dbInstance; DescribeDBInstancesResult describeInstancesResult = rdsClient .describeDBInstances(describeDBInstancesRequest); if (describeInstancesResult != null && describeInstancesResult.getDBInstances() != null && describeInstancesResult.getDBInstances().size() > 0) { dbInstance = describeInstancesResult.getDBInstances().get(0); if (!dbInstance.getDBInstanceStatus().equals(awsDataSourceActiveStatus)) { throw new JSException( messageSource.getMessage("aws.exception.datasource.recovery.instance.not.active", null, LocaleContextHolder.getLocale())); } Map<String, String> awsDSInstanceDetails = new HashMap<String, String>(); awsDSInstanceDetails.put(DB_REGION, parseRegionFromSubRegion(dbInstance.getAvailabilityZone())); DBSubnetGroup dbSubnetGroup = dbInstance.getDBSubnetGroup(); if (dbSubnetGroup != null) { awsDSInstanceDetails.put(DB_VPC_ID, dbSubnetGroup.getVpcId()); } else { awsDSInstanceDetails.put(DB_VPC_ID, null); } String instanceSourceIp = determineSourceIpAddress(awsDSInstanceDetails); if (!isNotEmpty(instanceSourceIp)) { throw new JSException( getErrorMessage("aws.exception.datasource.recovery.public.ip.not.determined")); } //IP that should be added in CIDRIP of JS DB Security Group String ingressIpMask = instanceSourceIp + ingressIpPermission; String vpcSecurityGroupId = null; if (awsDSInstanceDetails.get(DB_VPC_ID) != null) { //Recover VPC Security Group. vpcSecurityGroupId = recoverVpcSecurityGroup(awsReportDataSource, awsDSInstanceDetails.get(DB_VPC_ID), ingressIpMask); } else { //Recover Db Security Group //Fount existing JS DB Security Group Boolean jsSecurityGroupMembershipFount = true; DBSecurityGroup dbSecurityGroup = null; try { DescribeDBSecurityGroupsRequest describeDBSecurityGroupsRequest = new DescribeDBSecurityGroupsRequest() .withDBSecurityGroupName(awsProperties.getSecurityGroupName()); DescribeDBSecurityGroupsResult describeDBSecurityGroupsResult = rdsClient .describeDBSecurityGroups(describeDBSecurityGroupsRequest); dbSecurityGroup = describeDBSecurityGroupsResult.getDBSecurityGroups().get(0); } catch (DBSecurityGroupNotFoundException ex) { jsSecurityGroupMembershipFount = false; } boolean ingressIpMaskExist = false; if (jsSecurityGroupMembershipFount) { List<IPRange> ipRanges = dbSecurityGroup.getIPRanges(); for (IPRange ipRange : ipRanges) { if (ipRange.getCIDRIP().contains(ingressIpMask)) { ingressIpMaskExist = true; break; } } if (!ingressIpMaskExist) { //Remove old ingress Ips for (IPRange ipRange : ipRanges) { RevokeDBSecurityGroupIngressRequest revokeDBSecurityGroupIngressRequest = new RevokeDBSecurityGroupIngressRequest() .withDBSecurityGroupName(awsProperties.getSecurityGroupName()) .withCIDRIP(ipRange.getCIDRIP()); rdsClient.revokeDBSecurityGroupIngress(revokeDBSecurityGroupIngressRequest); } } } else { dbSecurityGroup = rdsClient.createDBSecurityGroup(new CreateDBSecurityGroupRequest() .withDBSecurityGroupName(awsProperties.getSecurityGroupName()) .withDBSecurityGroupDescription(awsProperties.getSecurityGroupDescription())); } //Authorize new ingress Ip if (!ingressIpMaskExist) { rdsClient.authorizeDBSecurityGroupIngress(new AuthorizeDBSecurityGroupIngressRequest() .withDBSecurityGroupName(dbSecurityGroup.getDBSecurityGroupName()) .withCIDRIP(ingressIpMask)); } } if (vpcSecurityGroupId == null) { List<DBSecurityGroupMembership> dbSecurityGroupMemberships = dbInstance.getDBSecurityGroups(); List<String> dbSecurityGroupNames = new ArrayList<String>(); for (DBSecurityGroupMembership dbSecurityGroupMembership : dbSecurityGroupMemberships) { dbSecurityGroupNames.add(dbSecurityGroupMembership.getDBSecurityGroupName()); } //If RDS Instance does not contain JSSecurityGroup that we should assign it to. if (!dbSecurityGroupNames.contains(awsProperties.getSecurityGroupName())) { dbSecurityGroupNames.add(awsProperties.getSecurityGroupName()); ModifyDBInstanceRequest modifyDBInstanceRequest = new ModifyDBInstanceRequest() .withDBSecurityGroups(dbSecurityGroupNames) .withDBInstanceIdentifier(dbInstance.getDBInstanceIdentifier()); modifyDBInstanceRequest.setApplyImmediately(true); rdsClient.modifyDBInstance(modifyDBInstanceRequest); } } else { List<VpcSecurityGroupMembership> vpcSecurityGroupMemberships = dbInstance.getVpcSecurityGroups(); List<String> vpcSecurityGroupIds = new ArrayList<String>(); for (VpcSecurityGroupMembership vpcSecurityGroupMembership : vpcSecurityGroupMemberships) { vpcSecurityGroupIds.add(vpcSecurityGroupMembership.getVpcSecurityGroupId()); } //If RDS Instance does not contain VPC Security Group that we should assign it to. if (!vpcSecurityGroupIds.contains(vpcSecurityGroupId)) { vpcSecurityGroupIds.add(vpcSecurityGroupId); ModifyDBInstanceRequest modifyDBInstanceRequest = new ModifyDBInstanceRequest() .withVpcSecurityGroupIds(vpcSecurityGroupIds) .withDBInstanceIdentifier(dbInstance.getDBInstanceIdentifier()); modifyDBInstanceRequest.setApplyImmediately(true); rdsClient.modifyDBInstance(modifyDBInstanceRequest); } } } }