/** Get a list of security group ids for the slave */
private List<String> getEc2SecurityGroups(AmazonEC2 ec2) throws AmazonClientException {
List<String> groupIds = new ArrayList<String>();
DescribeSecurityGroupsResult groupResult =
getSecurityGroupsBy("group-name", securityGroupSet, ec2);
if (groupResult.getSecurityGroups().size() == 0) {
groupResult = getSecurityGroupsBy("group-id", securityGroupSet, ec2);
}
for (SecurityGroup group : groupResult.getSecurityGroups()) {
if (group.getVpcId() != null && !group.getVpcId().isEmpty()) {
List<Filter> filters = new ArrayList<Filter>();
filters.add(new Filter("vpc-id").withValues(group.getVpcId()));
filters.add(new Filter("state").withValues("available"));
filters.add(new Filter("subnet-id").withValues(getSubnetId()));
DescribeSubnetsRequest subnetReq = new DescribeSubnetsRequest();
subnetReq.withFilters(filters);
DescribeSubnetsResult subnetResult = ec2.describeSubnets(subnetReq);
List<Subnet> subnets = subnetResult.getSubnets();
if (subnets != null && !subnets.isEmpty()) {
groupIds.add(group.getGroupId());
}
}
}
if (securityGroupSet.size() != groupIds.size()) {
throw new AmazonClientException(
"Security groups must all be VPC security groups to work in a VPC context");
}
return groupIds;
}
public static void createSecurityGroup(AmazonEC2 ec2, String securityGroup) {
List<SecurityGroup> secGroupList = ec2.describeSecurityGroups().getSecurityGroups();
for (SecurityGroup secGroup : secGroupList) {
// System.out.println(secGroup.getGroupName());
if (securityGroup.equalsIgnoreCase(secGroup.getGroupName())) {
System.out.println("Using Security Group " + securityGroup);
return;
}
}
CreateSecurityGroupRequest createSecurityGroupRequest = new CreateSecurityGroupRequest();
createSecurityGroupRequest
.withGroupName(securityGroup)
.withDescription("My Java Security Group");
CreateSecurityGroupResult createSecurityGroupResult =
ec2.createSecurityGroup(createSecurityGroupRequest);
// SSH
IpPermission ipPermission1 = new IpPermission();
ipPermission1.withIpRanges("0.0.0.0/0").withIpProtocol("tcp").withFromPort(22).withToPort(22);
// http
IpPermission ipPermission2 = new IpPermission();
ipPermission2.withIpRanges("0.0.0.0/0").withIpProtocol("tcp").withFromPort(80).withToPort(80);
// https
IpPermission ipPermission3 = new IpPermission();
ipPermission3.withIpRanges("0.0.0.0/0").withIpProtocol("tcp").withFromPort(443).withToPort(443);
// tcp
IpPermission ipPermission4 = new IpPermission();
ipPermission4
.withIpRanges("0.0.0.0/0")
.withIpProtocol("tcp")
.withFromPort(65535)
.withToPort(65535);
// telnet
IpPermission ipPermission5 = new IpPermission();
ipPermission5.withIpRanges("0.0.0.0/0").withIpProtocol("tcp").withFromPort(23).withToPort(23);
List<IpPermission> permissions = new ArrayList<IpPermission>();
permissions.add(ipPermission1);
permissions.add(ipPermission2);
permissions.add(ipPermission3);
permissions.add(ipPermission4);
permissions.add(ipPermission5);
AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest =
new AuthorizeSecurityGroupIngressRequest();
authorizeSecurityGroupIngressRequest
.withGroupName(securityGroup)
.withIpPermissions(permissions);
ec2.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
System.out.println("Created Security Group " + securityGroup);
}