/** Get a list of security group ids for the slave */
  private List<String> getEc2SecurityGroups(AmazonEC2 ec2) throws AmazonClientException {
    List<String> groupIds = new ArrayList<String>();

    DescribeSecurityGroupsResult groupResult =
        getSecurityGroupsBy("group-name", securityGroupSet, ec2);
    if (groupResult.getSecurityGroups().size() == 0) {
      groupResult = getSecurityGroupsBy("group-id", securityGroupSet, ec2);
    }

    for (SecurityGroup group : groupResult.getSecurityGroups()) {
      if (group.getVpcId() != null && !group.getVpcId().isEmpty()) {
        List<Filter> filters = new ArrayList<Filter>();
        filters.add(new Filter("vpc-id").withValues(group.getVpcId()));
        filters.add(new Filter("state").withValues("available"));
        filters.add(new Filter("subnet-id").withValues(getSubnetId()));

        DescribeSubnetsRequest subnetReq = new DescribeSubnetsRequest();
        subnetReq.withFilters(filters);
        DescribeSubnetsResult subnetResult = ec2.describeSubnets(subnetReq);

        List<Subnet> subnets = subnetResult.getSubnets();
        if (subnets != null && !subnets.isEmpty()) {
          groupIds.add(group.getGroupId());
        }
      }
    }

    if (securityGroupSet.size() != groupIds.size()) {
      throw new AmazonClientException(
          "Security groups must all be VPC security groups to work in a VPC context");
    }

    return groupIds;
  }
Exemple #2
0
  public static void createSecurityGroup(AmazonEC2 ec2, String securityGroup) {

    List<SecurityGroup> secGroupList = ec2.describeSecurityGroups().getSecurityGroups();
    for (SecurityGroup secGroup : secGroupList) {
      // System.out.println(secGroup.getGroupName());
      if (securityGroup.equalsIgnoreCase(secGroup.getGroupName())) {
        System.out.println("Using Security Group " + securityGroup);
        return;
      }
    }

    CreateSecurityGroupRequest createSecurityGroupRequest = new CreateSecurityGroupRequest();

    createSecurityGroupRequest
        .withGroupName(securityGroup)
        .withDescription("My Java Security Group");

    CreateSecurityGroupResult createSecurityGroupResult =
        ec2.createSecurityGroup(createSecurityGroupRequest);

    // SSH
    IpPermission ipPermission1 = new IpPermission();
    ipPermission1.withIpRanges("0.0.0.0/0").withIpProtocol("tcp").withFromPort(22).withToPort(22);
    // http
    IpPermission ipPermission2 = new IpPermission();
    ipPermission2.withIpRanges("0.0.0.0/0").withIpProtocol("tcp").withFromPort(80).withToPort(80);
    // https
    IpPermission ipPermission3 = new IpPermission();
    ipPermission3.withIpRanges("0.0.0.0/0").withIpProtocol("tcp").withFromPort(443).withToPort(443);
    // tcp
    IpPermission ipPermission4 = new IpPermission();
    ipPermission4
        .withIpRanges("0.0.0.0/0")
        .withIpProtocol("tcp")
        .withFromPort(65535)
        .withToPort(65535);
    // telnet
    IpPermission ipPermission5 = new IpPermission();
    ipPermission5.withIpRanges("0.0.0.0/0").withIpProtocol("tcp").withFromPort(23).withToPort(23);

    List<IpPermission> permissions = new ArrayList<IpPermission>();
    permissions.add(ipPermission1);
    permissions.add(ipPermission2);
    permissions.add(ipPermission3);
    permissions.add(ipPermission4);
    permissions.add(ipPermission5);

    AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest =
        new AuthorizeSecurityGroupIngressRequest();

    authorizeSecurityGroupIngressRequest
        .withGroupName(securityGroup)
        .withIpPermissions(permissions);

    ec2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);

    System.out.println("Created Security Group " + securityGroup);
  }