List of usage examples for com.amazonaws.services.rds.model RevokeDBSecurityGroupIngressRequest RevokeDBSecurityGroupIngressRequest
public RevokeDBSecurityGroupIngressRequest()
From source file:com.jaspersoft.jasperserver.api.engine.jasperreports.util.AwsDataSourceRecovery.java
License:Open Source License
private void createRDSSecurityGroup(AwsReportDataSource awsReportDataSource) throws Exception { AWSCredentials awsCredentials = AwsCredentialUtil.getAWSCredentials(awsReportDataSource.getAWSAccessKey(), awsReportDataSource.getAWSSecretKey(), awsReportDataSource.getRoleARN()); AmazonRDSClient rdsClient = new AmazonRDSClient(awsCredentials); DescribeDBInstancesRequest describeDBInstancesRequest = new DescribeDBInstancesRequest() .withDBInstanceIdentifier(awsReportDataSource.getDbInstanceIdentifier()); String endpoint = awsReportDataSource.getAWSRegion(); if (endpoint != null) { rdsClient.setEndpoint(RDS + "." + endpoint); }//ww w.ja va 2 s . co m DBInstance dbInstance; DescribeDBInstancesResult describeInstancesResult = rdsClient .describeDBInstances(describeDBInstancesRequest); if (describeInstancesResult != null && describeInstancesResult.getDBInstances() != null && describeInstancesResult.getDBInstances().size() > 0) { dbInstance = describeInstancesResult.getDBInstances().get(0); if (!dbInstance.getDBInstanceStatus().equals(awsDataSourceActiveStatus)) { throw new JSException( messageSource.getMessage("aws.exception.datasource.recovery.instance.not.active", null, LocaleContextHolder.getLocale())); } Map<String, String> awsDSInstanceDetails = new HashMap<String, String>(); awsDSInstanceDetails.put(DB_REGION, parseRegionFromSubRegion(dbInstance.getAvailabilityZone())); DBSubnetGroup dbSubnetGroup = dbInstance.getDBSubnetGroup(); if (dbSubnetGroup != null) { awsDSInstanceDetails.put(DB_VPC_ID, dbSubnetGroup.getVpcId()); } else { awsDSInstanceDetails.put(DB_VPC_ID, null); } String instanceSourceIp = determineSourceIpAddress(awsDSInstanceDetails); if (!isNotEmpty(instanceSourceIp)) { throw new JSException( getErrorMessage("aws.exception.datasource.recovery.public.ip.not.determined")); } //IP that should be added in CIDRIP of JS DB Security Group String ingressIpMask = instanceSourceIp + ingressIpPermission; String vpcSecurityGroupId = null; if (awsDSInstanceDetails.get(DB_VPC_ID) != null) { //Recover VPC Security Group. vpcSecurityGroupId = recoverVpcSecurityGroup(awsReportDataSource, awsDSInstanceDetails.get(DB_VPC_ID), ingressIpMask); } else { //Recover Db Security Group //Fount existing JS DB Security Group Boolean jsSecurityGroupMembershipFount = true; DBSecurityGroup dbSecurityGroup = null; try { DescribeDBSecurityGroupsRequest describeDBSecurityGroupsRequest = new DescribeDBSecurityGroupsRequest() .withDBSecurityGroupName(awsProperties.getSecurityGroupName()); DescribeDBSecurityGroupsResult describeDBSecurityGroupsResult = rdsClient .describeDBSecurityGroups(describeDBSecurityGroupsRequest); dbSecurityGroup = describeDBSecurityGroupsResult.getDBSecurityGroups().get(0); } catch (DBSecurityGroupNotFoundException ex) { jsSecurityGroupMembershipFount = false; } boolean ingressIpMaskExist = false; if (jsSecurityGroupMembershipFount) { List<IPRange> ipRanges = dbSecurityGroup.getIPRanges(); for (IPRange ipRange : ipRanges) { if (ipRange.getCIDRIP().contains(ingressIpMask)) { ingressIpMaskExist = true; break; } } if (!ingressIpMaskExist) { //Remove old ingress Ips for (IPRange ipRange : ipRanges) { RevokeDBSecurityGroupIngressRequest revokeDBSecurityGroupIngressRequest = new RevokeDBSecurityGroupIngressRequest() .withDBSecurityGroupName(awsProperties.getSecurityGroupName()) .withCIDRIP(ipRange.getCIDRIP()); rdsClient.revokeDBSecurityGroupIngress(revokeDBSecurityGroupIngressRequest); } } } else { dbSecurityGroup = rdsClient.createDBSecurityGroup(new CreateDBSecurityGroupRequest() .withDBSecurityGroupName(awsProperties.getSecurityGroupName()) .withDBSecurityGroupDescription(awsProperties.getSecurityGroupDescription())); } //Authorize new ingress Ip if (!ingressIpMaskExist) { rdsClient.authorizeDBSecurityGroupIngress(new AuthorizeDBSecurityGroupIngressRequest() .withDBSecurityGroupName(dbSecurityGroup.getDBSecurityGroupName()) .withCIDRIP(ingressIpMask)); } } if (vpcSecurityGroupId == null) { List<DBSecurityGroupMembership> dbSecurityGroupMemberships = dbInstance.getDBSecurityGroups(); List<String> dbSecurityGroupNames = new ArrayList<String>(); for (DBSecurityGroupMembership dbSecurityGroupMembership : dbSecurityGroupMemberships) { dbSecurityGroupNames.add(dbSecurityGroupMembership.getDBSecurityGroupName()); } //If RDS Instance does not contain JSSecurityGroup that we should assign it to. if (!dbSecurityGroupNames.contains(awsProperties.getSecurityGroupName())) { dbSecurityGroupNames.add(awsProperties.getSecurityGroupName()); ModifyDBInstanceRequest modifyDBInstanceRequest = new ModifyDBInstanceRequest() .withDBSecurityGroups(dbSecurityGroupNames) .withDBInstanceIdentifier(dbInstance.getDBInstanceIdentifier()); modifyDBInstanceRequest.setApplyImmediately(true); rdsClient.modifyDBInstance(modifyDBInstanceRequest); } } else { List<VpcSecurityGroupMembership> vpcSecurityGroupMemberships = dbInstance.getVpcSecurityGroups(); List<String> vpcSecurityGroupIds = new ArrayList<String>(); for (VpcSecurityGroupMembership vpcSecurityGroupMembership : vpcSecurityGroupMemberships) { vpcSecurityGroupIds.add(vpcSecurityGroupMembership.getVpcSecurityGroupId()); } //If RDS Instance does not contain VPC Security Group that we should assign it to. if (!vpcSecurityGroupIds.contains(vpcSecurityGroupId)) { vpcSecurityGroupIds.add(vpcSecurityGroupId); ModifyDBInstanceRequest modifyDBInstanceRequest = new ModifyDBInstanceRequest() .withVpcSecurityGroupIds(vpcSecurityGroupIds) .withDBInstanceIdentifier(dbInstance.getDBInstanceIdentifier()); modifyDBInstanceRequest.setApplyImmediately(true); rdsClient.modifyDBInstance(modifyDBInstanceRequest); } } } }
From source file:org.cloudml.connectors.BeanstalkConnector.java
License:Open Source License
/** * Not used yet!//from ww w . j av a 2s . c om * * @param dbInstanceIdentifier * @param group * @param owner */ public void setSecuretGroup(String dbInstanceIdentifier, String group, String owner) { String groupName = dbInstanceIdentifier + "-security-group"; CreateDBSecurityGroupRequest csg = new CreateDBSecurityGroupRequest(); csg.setDBSecurityGroupName(groupName); csg.setDBSecurityGroupDescription(groupName); rdsClient.createDBSecurityGroup(csg); RevokeDBSecurityGroupIngressRequest rsgi = new RevokeDBSecurityGroupIngressRequest(); rsgi.setDBSecurityGroupName(groupName); rsgi.setEC2SecurityGroupId(group); rsgi.setEC2SecurityGroupOwnerId(owner); rsgi.setRequestCredentials(awsCredentials); //rsgi.set rdsClient.revokeDBSecurityGroupIngress(rsgi); ModifyDBInstanceRequest request = new ModifyDBInstanceRequest(); Collection<String> groups = new ArrayList(); groups.add(groupName); request.setDBSecurityGroups(groups); request.setDBInstanceIdentifier(dbInstanceIdentifier); rdsClient.modifyDBInstance(request); }