从java中的另一个安全组创建Aws安全组入站规则

时间:2017-04-21 05:31:31

标签: java amazon-web-services

我有多个 AWS安全组,我想在另一个安全组的1个安全组中创建入站流量规则。我可以从AWS控制台执行此操作,但我想使用java api自动执行此操作。我该怎么办?

  

对于使用Cidr Blocks的简单规则,我使用了 AuthorizeSecurityGroupIngressRequest ,但在此我无法找到实现此目的的方法。

示例代码:

AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest =new AuthorizeSecurityGroupIngressRequest();
authorizeSecurityGroupIngressRequest.withFromPort(securityGroupIngressRequestParam.getFromPort());
authorizeSecurityGroupIngressRequest.withIpProtocol(securityGroupIngressRequestParam.getIpProtocols().getName());
authorizeSecurityGroupIngressRequest.withToPort(securityGroupIngressRequestParam.getToPort());
authorizeSecurityGroupIngressRequest.withCidrIp(securityGroupIngressRequestParam.getCidrBlock());
authorizeSecurityGroupIngressRequest.setGroupId(securityGroupIngressRequestParam.getSecurityGroupId());
amazonEc2Client.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);

1 个答案:

答案 0 :(得分:0)

经过Aws Apis的一些尝试和错误后,我找到了适合我的解决方案。

我们可以使用模型 IpPermission 而不是设置规则详细信息,并提供api来添加sourceSecurityGroupId。

   AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest();

    IpPermission ipPermission = new IpPermission();
    ipPermission.withFromPort(securityGroupIngressRequestParam.getFromPort()).withToPort(securityGroupIngressRequestParam.getToPort())
        .withIpProtocol(securityGroupIngressRequestParam.getIpProtocols().getName());

    if (!StringUtil.isEmpty(securityGroupIngressRequestParam.getCidrBlock())) {
      ipPermission.withIpRanges(securityGroupIngressRequestParam.getCidrBlock());
    } else if (!StringUtil.isEmpty(securityGroupIngressRequestParam.getSourceSecurityGroupId())) {
      UserIdGroupPair userIdGroupPairs = new UserIdGroupPair();
      userIdGroupPairs.setGroupId(securityGroupIngressRequestParam.getSourceSecurityGroupId());
      ipPermission.withUserIdGroupPairs(userIdGroupPairs);
    } else {
      // TODO throw exception
    }

    authorizeSecurityGroupIngressRequest.withIpPermissions(ipPermission);
    authorizeSecurityGroupIngressRequest.setGroupId(securityGroupIngressRequestParam.getSecurityGroupId());

    amazonEc2Client.authorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
相关问题
最新问题