sgIngressRequest.withIpPermissions(
@Override public void addRules( final String name, final Collection<String> ipRanges, final String protocol, final int fromPort, final int toPort ) { IpPermission ipPermission = new IpPermission(); ipPermission.withIpRanges( ipRanges ) .withIpProtocol( protocol ) .withFromPort( fromPort ) .withToPort( toPort ); try { AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest(); request = request.withGroupName( name ).withIpPermissions( ipPermission ); client.authorizeSecurityGroupIngress( request ); } catch ( Exception e ) { LOG.error( "Error whilt adding rule to security group: {}", name, e ); } }
/*** * Open firewall for a security group * * @param groupName Open firewall for this security group * @param ipRanges Open firewall for this IP range * @param ipProtocol Open firewall for this protocol type (eg. tcp, udp) * @param fromPort Open firewall for port range starting at this port * @param toPort Open firewall for port range ending at this port */ public void addPermissionsToSecurityGroup(String groupName, String ipRanges, String ipProtocol, Integer fromPort, Integer toPort) { final AmazonEC2 amazonEC2 = getEc2Client(); final IpPermission ipPermission = new IpPermission() .withIpRanges(ipRanges) .withIpProtocol(ipProtocol) .withFromPort(fromPort) .withToPort(toPort); final AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest() .withGroupName(groupName) .withIpPermissions(ipPermission); amazonEC2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); LOGGER.info("Added permissions: " + ipPermission + " to security group: " + groupName); }
AuthorizeSecurityGroupIngressRequest() .withGroupName(group_name) .withIpPermissions(ip_perm, ip_perm2);
private void addPublicIngress(AmazonEC2 targetAmazonEC2, String elbGroupId, LoadBalancerDescription sourceDescription) { List<IpPermission> permissions = sourceDescription.getListenerDescriptions().stream().map(l -> new IpPermission() .withIpProtocol("tcp") .withFromPort(l.getListener().getLoadBalancerPort()) .withToPort(l.getListener().getLoadBalancerPort()) .withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")) //TODO(cfieber)-ipv6 ).collect(Collectors.toList()); targetAmazonEC2.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() .withGroupId(elbGroupId) .withIpPermissions(permissions) ); }
@Override public SetPermissionsResult setPermissions(String securityGroupName, List<Permission> permissions) { checkNotBlank(securityGroupName, "securityGroupName"); checkNotNull(permissions, "permissions"); Optional<SecurityGroup> optional = getSecurityGroup(securityGroupName); checkState(optional.isPresent(), "Security group [%s] does not exist", securityGroupName); SecurityGroup group = optional.get(); List<IpPermission> oldPerms = group.getIpPermissions(); List<Permission> oldPermissions = getPermissions(oldPerms); Set<Permission> newSet = new HashSet<Permission>(permissions); Set<Permission> oldSet = new HashSet<Permission>(oldPermissions); Set<Permission> adds = SetUtils.difference(newSet, oldSet); Set<Permission> deletes = SetUtils.difference(oldSet, newSet); Set<Permission> existing = SetUtils.intersection(newSet, oldSet); // Delete any permissions that are not in the list, but exist in the security group if (deletes.size() > 0) { RevokeSecurityGroupIngressRequest revoker = new RevokeSecurityGroupIngressRequest(securityGroupName, getIpPermissions(deletes)); client.revokeSecurityGroupIngress(revoker); } // Add any permissions that are in the list but don't exist in the security group if (adds.size() > 0) { AuthorizeSecurityGroupIngressRequest authorizer = new AuthorizeSecurityGroupIngressRequest(); authorizer.withGroupName(securityGroupName).withIpPermissions(getIpPermissions(adds)); client.authorizeSecurityGroupIngress(authorizer); } return new SetPermissionsResult(adds, deletes, existing); }
/** * Adding peers' IPs as ingress to the running instance SG. The running * instance could be in "classic" or "vpc" */ public void addACL(Collection<String> listIPs, int from, int to) { AmazonEC2 client = null; try { client = getEc2Client(); List<IpPermission> ipPermissions = new ArrayList<IpPermission>(); ipPermissions.add( new IpPermission().withFromPort(from).withIpProtocol("tcp").withIpRanges(listIPs).withToPort(to)); if (this.insEnvIdentity.isClassic()) { client.authorizeSecurityGroupIngress( new AuthorizeSecurityGroupIngressRequest(envVariables.getDynomiteClusterName(), ipPermissions)); logger.info("Done adding ACL to classic: " + StringUtils.join(listIPs, ",")); } else { AuthorizeSecurityGroupIngressRequest sgIngressRequest = new AuthorizeSecurityGroupIngressRequest(); // fetch SG group id for VPC account of the running instances sgIngressRequest.withGroupId(getVpcGroupId()); // Add peer's IPs as ingress to the SG that the running instance // belongs to client.authorizeSecurityGroupIngress(sgIngressRequest.withIpPermissions(ipPermissions)); logger.info("Done adding ACL to vpc: " + StringUtils.join(listIPs, ",")); } } finally { if (client != null) client.shutdown(); } }
.withGroupId(groupId) .withGroupName(groupName) .withIpPermissions(parse(ipPermissions))); } catch (AmazonServiceException e) { if (e.getErrorCode().equals("InvalidPermission.Duplicate")) {
/*** * Open firewall for a security group * * @param groupName Open firewall for this security group * @param ipRanges Open firewall for this IP range * @param ipProtocol Open firewall for this protocol type (eg. tcp, udp) * @param fromPort Open firewall for port range starting at this port * @param toPort Open firewall for port range ending at this port */ public void addPermissionsToSecurityGroup(String groupName, String ipRanges, String ipProtocol, Integer fromPort, Integer toPort) { final AmazonEC2 amazonEC2 = getEc2Client(); final IpPermission ipPermission = new IpPermission() .withIpRanges(ipRanges) .withIpProtocol(ipProtocol) .withFromPort(fromPort) .withToPort(toPort); final AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest() .withGroupName(groupName) .withIpPermissions(ipPermission); amazonEC2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); LOGGER.info("Added permissions: " + ipPermission + " to security group: " + groupName); }
/*** * Open firewall for a security group * * @param groupName Open firewall for this security group * @param ipRanges Open firewall for this IP range * @param ipProtocol Open firewall for this protocol type (eg. tcp, udp) * @param fromPort Open firewall for port range starting at this port * @param toPort Open firewall for port range ending at this port */ public void addPermissionsToSecurityGroup(String groupName, String ipRanges, String ipProtocol, Integer fromPort, Integer toPort) { final AmazonEC2 amazonEC2 = getEc2Client(); final IpPermission ipPermission = new IpPermission() .withIpRanges(ipRanges) .withIpProtocol(ipProtocol) .withFromPort(fromPort) .withToPort(toPort); final AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest() .withGroupName(groupName) .withIpPermissions(ipPermission); amazonEC2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); LOGGER.info("Added permissions: " + ipPermission + " to security group: " + groupName); }
.withIpPermissions(perm); ec2Client.authorizeSecurityGroupIngress(request);
ip.setToPort(22); AuthorizeSecurityGroupIngressRequest r = new AuthorizeSecurityGroupIngressRequest(); r = r.withIpPermissions(ip.withIpRanges("0.0.0.0/0")); r.setGroupId(g.getGroupId()); try {
targetAmazonEC2.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() .withGroupId(appGroup.getGroupId()) .withIpPermissions(newPermission) ); });