com.amazonaws.services.ec2.model.IpRange Java Examples
The following examples show how to use
com.amazonaws.services.ec2.model.IpRange.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SecurityGroupsTableProviderTest.java From aws-athena-query-federation with Apache License 2.0 | 6 votes |
|
private SecurityGroup makeSecurityGroup(String id)
{
return new SecurityGroup()
.withGroupId(id)
.withGroupName("name")
.withDescription("description")
.withIpPermissions(new IpPermission()
.withIpProtocol("protocol")
.withFromPort(100)
.withToPort(100)
.withIpv4Ranges(new IpRange().withCidrIp("cidr").withDescription("description"))
.withIpv6Ranges(new Ipv6Range().withCidrIpv6("cidr").withDescription("description"))
.withPrefixListIds(new PrefixListId().withPrefixListId("prefix").withDescription("description"))
.withUserIdGroupPairs(new UserIdGroupPair().withGroupId("group_id").withUserId("user_id"))
);
}
Example #2
| Source File: PredicatesTest.java From fullstop with Apache License 2.0 | 6 votes |
|
@Test
public void testAllTcpFromEverywhereIPv4() throws Exception {
assertThat(pred).accepts(
new IpPermission()
.withFromPort(0)
.withToPort(65535)
.withIpProtocol("tcp")
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
assertThat(pred).accepts(
new IpPermission()
.withFromPort(0)
.withToPort(65535)
.withIpProtocol("6")
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
}
Example #3
| Source File: PredicatesTest.java From fullstop with Apache License 2.0 | 6 votes |
|
@Test
public void testAllUDPFromEverywhereIPv4() throws Exception {
assertThat(pred).accepts(
new IpPermission()
.withIpProtocol("udp")
.withFromPort(0)
.withToPort(65535)
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
assertThat(pred).accepts(
new IpPermission()
.withIpProtocol("17")
.withFromPort(0)
.withToPort(65535)
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
}
Example #4
| Source File: PredicatesTest.java From fullstop with Apache License 2.0 | 6 votes |
|
@Test
public void testAllICMPIPv6FromEverywhereIPv4() throws Exception {
assertThat(pred).rejects(
new IpPermission()
.withIpProtocol("icmpv6")
.withFromPort(-1)
.withToPort(-1)
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
assertThat(pred).rejects(
new IpPermission()
.withIpProtocol("58")
.withFromPort(-1)
.withToPort(-1)
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
}
Example #5
| Source File: PredicatesTest.java From fullstop with Apache License 2.0 | 6 votes |
|
@Test
public void testAllICMPIPv4FromEverywhereIPv4() throws Exception {
assertThat(pred).rejects(
new IpPermission()
.withIpProtocol("icmp")
.withFromPort(-1)
.withToPort(-1)
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
assertThat(pred).rejects(
new IpPermission()
.withIpProtocol("1")
.withFromPort(-1)
.withToPort(-1)
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
}
Example #6
| Source File: SecurityGroupsCheckerImplTest.java From fullstop with Apache License 2.0 | 6 votes |
|
@SuppressWarnings("unchecked")
@Before
public void setUp() throws Exception {
final ClientProvider mockClientProvider = mock(ClientProvider.class);
final AmazonEC2Client mockEC2 = mock(AmazonEC2Client.class);
mockPredicate = (Predicate<IpPermission>) mock(Predicate.class);
when(mockClientProvider.getClient(any(), any(), any())).thenReturn(mockEC2);
securityGroupsChecker = new SecurityGroupsCheckerImpl(mockClientProvider, mockPredicate);
final DescribeSecurityGroupsResult securityGroups = new DescribeSecurityGroupsResult()
.withSecurityGroups(new SecurityGroup()
.withGroupId("sg-12345678")
.withGroupName("my-sec-group")
.withIpPermissions(new IpPermission()
.withIpProtocol("tcp")
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0"))
.withFromPort(0)
.withToPort(65535)
.withIpv6Ranges(new Ipv6Range().withCidrIpv6("::/0"))
.withUserIdGroupPairs(new UserIdGroupPair()
.withUserId("111222333444")
.withGroupId("sg-11223344"))));
when(mockEC2.describeSecurityGroups(any())).thenReturn(securityGroups);
}
Example #7
| Source File: Predicates.java From fullstop with Apache License 2.0 | 5 votes |
|
private static boolean hasExternalSource(final IpPermission rule) {
final boolean hasExternalIpv4Range = rule.getIpv4Ranges().stream()
.map(IpRange::getCidrIp)
.map(Ipv4Range::parseCidr)
.anyMatch(range -> PRIVATE_IPV4_RANGES.stream().noneMatch(privateRange -> privateRange.contains(range)));
final boolean hasExternalIpv6Ranges = rule.getIpv6Ranges().stream()
.map(com.amazonaws.services.ec2.model.Ipv6Range::getCidrIpv6)
.map(Ipv6Range::parseCidr)
.anyMatch(range -> !PRIVATE_IPV6_RANGE.contains(range));
return hasExternalIpv4Range || hasExternalIpv6Ranges;
}
Example #8
| Source File: PredicatesTest.java From fullstop with Apache License 2.0 | 5 votes |
|
@Test
public void testAllTrafficFromPrivateNetworks() throws Exception {
assertThat(pred).rejects(
new IpPermission()
.withIpProtocol("-1")
.withIpv4Ranges(
new IpRange().withCidrIp("10.0.0.0/8"),
new IpRange().withCidrIp("172.31.0.0/16"),
new IpRange().withCidrIp("172.16.0.0/12"),
new IpRange().withCidrIp("192.168.0.0/16"))
.withIpv6Ranges(
new Ipv6Range().withCidrIpv6("fc00::/7"))
);
}
Example #9
| Source File: PredicatesTest.java From fullstop with Apache License 2.0 | 5 votes |
|
@Test
public void testAllTrafficFromPartiallyPrivateNetwork() throws Exception {
assertThat(pred).accepts(
new IpPermission()
.withIpProtocol("-1")
.withIpv4Ranges(
new IpRange().withCidrIp("192.168.0.0/15"))
);
}
Example #10
| Source File: PredicatesTest.java From fullstop with Apache License 2.0 | 5 votes |
|
@Test
public void testAllTrafficFromEverywhereIPv4() throws Exception {
assertThat(pred).accepts(
new IpPermission()
.withIpProtocol("-1")
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
assertThat(pred).accepts(
new IpPermission()
.withIpProtocol(null)
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
}
Example #11
| Source File: PredicatesTest.java From fullstop with Apache License 2.0 | 5 votes |
|
@Test
public void testUnallowedPortFromEverywhereIPv4() throws Exception {
assertThat(pred).accepts(
new IpPermission()
.withFromPort(9100)
.withToPort(9100)
.withIpProtocol("tcp")
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
}
Example #12
| Source File: PredicatesTest.java From fullstop with Apache License 2.0 | 5 votes |
|
@Test
public void testAllowedPortFromEverywhereIPv4() throws Exception {
assertThat(pred).rejects(
new IpPermission()
.withFromPort(443)
.withToPort(443)
.withIpProtocol("tcp")
.withIpv4Ranges(new IpRange().withCidrIp("0.0.0.0/0")));
}
Example #13
| Source File: PublicAccessAutoFix.java From pacbot with Apache License 2.0 | 4 votes |
|
/**
* Creates the security group.
*
* @param sourceSecurityGroupId the source security group id
* @param vpcId the vpc id
* @param ec2Client the ec 2 client
* @param ipPermissionsToBeAdded the ip permissions to be added
* @param resourceId the resource id
* @param defaultCidrIp the default cidr ip
* @param existingIpPermissions the existing ip permissions
* @return the string
* @throws Exception the exception
*/
public static String createSecurityGroup(String sourceSecurityGroupId, String vpcId, AmazonEC2 ec2Client, Collection<IpPermission> ipPermissionsToBeAdded, String resourceId,String defaultCidrIp,List<IpPermission> existingIpPermissions) throws Exception {
String createdSecurityGroupId = null;
try {
CreateSecurityGroupRequest createsgRequest = new CreateSecurityGroupRequest();
createsgRequest.setGroupName(createSecurityGroupName(pacTag,resourceId));
createsgRequest.setVpcId(vpcId);
createsgRequest.setDescription(createSecurityGroupDescription(sourceSecurityGroupId));
CreateSecurityGroupResult createResult = ec2Client.createSecurityGroup(createsgRequest);
createdSecurityGroupId = createResult.getGroupId();
if (!createdSecurityGroupId.isEmpty()) {
logger.info("Security Group {} created successfully" ,createdSecurityGroupId);
// Authorize newly created securityGroup with Inbound Rules
AuthorizeSecurityGroupIngressRequest authRequest = new AuthorizeSecurityGroupIngressRequest();
authRequest.setGroupId(createdSecurityGroupId);
if(ipPermissionsToBeAdded.isEmpty()){
IpRange ipv4Ranges = new IpRange();
ipv4Ranges.setCidrIp(defaultCidrIp);
for (IpPermission ipPermission : existingIpPermissions) {
if (!ipPermission.getIpv4Ranges().isEmpty()) {
ipPermission.setIpv4Ranges(Arrays.asList(ipv4Ranges));
}
if (!ipPermission.getIpv6Ranges().isEmpty()) {
Ipv6Range ipv6Range = new Ipv6Range();
ipPermission.setIpv6Ranges(Arrays.asList(ipv6Range));
}
if (!ipPermission.getIpv4Ranges().isEmpty() || !ipPermission.getIpv6Ranges().isEmpty()) {
ipPermissionsToBeAdded.add(ipPermission);
}
}
}
authRequest.setIpPermissions(ipPermissionsToBeAdded);
ec2Client.authorizeSecurityGroupIngress(authRequest);
//adding tag
String deleteSgTag = CommonUtils.getPropValue("deleteSgTag");
Map<String, String> tagMap = new HashMap();
tagMap.put(deleteSgTag, "true");
CreateTagsRequest createTagsRequest = new CreateTagsRequest(Arrays.asList(createdSecurityGroupId), new ArrayList<>());
createTagsRequest.setTags(tagMap.entrySet().stream().map(t -> new Tag(t.getKey(), t.getValue())).collect(Collectors.toList()));
try {
ec2Client.createTags(createTagsRequest);
} catch (AmazonServiceException ase) {
logger.error("error tagging sg - > " + resourceId, ase);
throw ase;
}
}
} catch (Exception e) {
logger.error(e.getMessage());
logger.debug(e.getMessage());
throw new RuntimeException(sourceSecurityGroupId+ " SG copy failed");
}
return createdSecurityGroupId;
}
Example #14
| Source File: CreateSecurityGroup.java From aws-doc-sdk-examples with Apache License 2.0 | 4 votes |
|
public static void main(String[] args)
{
final String USAGE =
"To run this example, supply a group name, group description and vpc id\n" +
"Ex: CreateSecurityGroup <group-name> <group-description> <vpc-id>\n";
if (args.length != 3) {
System.out.println(USAGE);
System.exit(1);
}
String group_name = args[0];
String group_desc = args[1];
String vpc_id = args[2];
final AmazonEC2 ec2 = AmazonEC2ClientBuilder.defaultClient();
CreateSecurityGroupRequest create_request = new
CreateSecurityGroupRequest()
.withGroupName(group_name)
.withDescription(group_desc)
.withVpcId(vpc_id);
CreateSecurityGroupResult create_response =
ec2.createSecurityGroup(create_request);
System.out.printf(
"Successfully created security group named %s",
group_name);
IpRange ip_range = new IpRange()
.withCidrIp("0.0.0.0/0");
IpPermission ip_perm = new IpPermission()
.withIpProtocol("tcp")
.withToPort(80)
.withFromPort(80)
.withIpv4Ranges(ip_range);
IpPermission ip_perm2 = new IpPermission()
.withIpProtocol("tcp")
.withToPort(22)
.withFromPort(22)
.withIpv4Ranges(ip_range);
AuthorizeSecurityGroupIngressRequest auth_request = new
AuthorizeSecurityGroupIngressRequest()
.withGroupName(group_name)
.withIpPermissions(ip_perm, ip_perm2);
AuthorizeSecurityGroupIngressResult auth_response =
ec2.authorizeSecurityGroupIngress(auth_request);
System.out.printf(
"Successfully added ingress policy to security group %s",
group_name);
}
Example #15
| Source File: EC2Application.java From tutorials with MIT License | 4 votes |
|
public static void main(String[] args) {
// Set up the client
AmazonEC2 ec2Client = AmazonEC2ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.withRegion(Regions.US_EAST_1)
.build();
// Create a security group
CreateSecurityGroupRequest createSecurityGroupRequest = new CreateSecurityGroupRequest().withGroupName("BaeldungSecurityGroup")
.withDescription("Baeldung Security Group");
ec2Client.createSecurityGroup(createSecurityGroupRequest);
// Allow HTTP and SSH traffic
IpRange ipRange1 = new IpRange().withCidrIp("0.0.0.0/0");
IpPermission ipPermission1 = new IpPermission().withIpv4Ranges(Arrays.asList(new IpRange[] { ipRange1 }))
.withIpProtocol("tcp")
.withFromPort(80)
.withToPort(80);
IpPermission ipPermission2 = new IpPermission().withIpv4Ranges(Arrays.asList(new IpRange[] { ipRange1 }))
.withIpProtocol("tcp")
.withFromPort(22)
.withToPort(22);
AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest()
.withGroupName("BaeldungSecurityGroup")
.withIpPermissions(ipPermission1, ipPermission2);
ec2Client.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
// Create KeyPair
CreateKeyPairRequest createKeyPairRequest = new CreateKeyPairRequest()
.withKeyName("baeldung-key-pair");
CreateKeyPairResult createKeyPairResult = ec2Client.createKeyPair(createKeyPairRequest);
String privateKey = createKeyPairResult
.getKeyPair()
.getKeyMaterial(); // make sure you keep it, the private key, Amazon doesn't store the private key
// See what key-pairs you've got
DescribeKeyPairsRequest describeKeyPairsRequest = new DescribeKeyPairsRequest();
DescribeKeyPairsResult describeKeyPairsResult = ec2Client.describeKeyPairs(describeKeyPairsRequest);
// Launch an Amazon Instance
RunInstancesRequest runInstancesRequest = new RunInstancesRequest().withImageId("ami-97785bed") // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html | https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/usingsharedamis-finding.html
.withInstanceType("t2.micro") // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html
.withMinCount(1)
.withMaxCount(1)
.withKeyName("baeldung-key-pair") // optional - if not present, can't connect to instance
.withSecurityGroups("BaeldungSecurityGroup");
String yourInstanceId = ec2Client.runInstances(runInstancesRequest).getReservation().getInstances().get(0).getInstanceId();
// Start an Instance
StartInstancesRequest startInstancesRequest = new StartInstancesRequest()
.withInstanceIds(yourInstanceId);
ec2Client.startInstances(startInstancesRequest);
// Monitor Instances
MonitorInstancesRequest monitorInstancesRequest = new MonitorInstancesRequest()
.withInstanceIds(yourInstanceId);
ec2Client.monitorInstances(monitorInstancesRequest);
UnmonitorInstancesRequest unmonitorInstancesRequest = new UnmonitorInstancesRequest()
.withInstanceIds(yourInstanceId);
ec2Client.unmonitorInstances(unmonitorInstancesRequest);
// Reboot an Instance
RebootInstancesRequest rebootInstancesRequest = new RebootInstancesRequest()
.withInstanceIds(yourInstanceId);
ec2Client.rebootInstances(rebootInstancesRequest);
// Stop an Instance
StopInstancesRequest stopInstancesRequest = new StopInstancesRequest()
.withInstanceIds(yourInstanceId);
ec2Client.stopInstances(stopInstancesRequest)
.getStoppingInstances()
.get(0)
.getPreviousState()
.getName();
// Describe an Instance
DescribeInstancesRequest describeInstancesRequest = new DescribeInstancesRequest();
DescribeInstancesResult response = ec2Client.describeInstances(describeInstancesRequest);
System.out.println(response.getReservations()
.get(0)
.getInstances()
.get(0)
.getKernelId());
}
