Amazon Redshift
Cluster Management Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Managing Cluster Security Groups Using the AWS SDK for Java

The following example demonstrates common operations on cluster security groups, including:

  • Creating a new cluster security group.

  • Adding ingress rules to a cluster security group.

  • Associating a cluster security group with a cluster by modifying the cluster configuration.

By default, when a new cluster security group is created, it has no ingress rules. This example modifies a new cluster security group by adding two ingress rules. One ingress rule is added by specifying a CIDR/IP range; the other is added by specifying an owner ID and Amazon EC2 security group combination.

For step-by-step instructions to run the following example, see Running Java Examples for Amazon Redshift Using Eclipse. You need to update the code and provide a cluster identifier and AWS account number.

/** * Copyright 2010-2019, Inc. or its affiliates. All Rights Reserved. * * This file is licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. A copy of * the License is located at * * * * This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. */ // snippet-sourcedescription:[CreateAndModifyClusterSecurityGroup demonstrates how to create and modify an Amazon Redshift security group.] // snippet-service:[redshift] // snippet-keyword:[Java] // snippet-keyword:[Amazon Redshift] // snippet-keyword:[Code Sample] // snippet-keyword:[CreateClusterSecurityGroup] // snippet-keyword:[DescribeClusterSecurityGroups] // snippet-sourcetype:[full-example] // snippet-sourcedate:[2019-02-01] // snippet-sourceauthor:[AWS] // snippet-start:[] package; import; import java.util.ArrayList; import java.util.List; import*; public class CreateAndModifyClusterSecurityGroup { public static AmazonRedshift client; public static String clusterSecurityGroupName = "securitygroup1"; public static String clusterIdentifier = "***provide a cluster identifier***"; public static String ownerID = "***provide a 12-digit account number***"; public static void main(String[] args) throws IOException { // Default client using the {@link com.amazonaws.auth.DefaultAWSCredentialsProviderChain} client = AmazonRedshiftClientBuilder.defaultClient(); try { createClusterSecurityGroup(); describeClusterSecurityGroups(); addIngressRules(); associateSecurityGroupWithCluster(); } catch (Exception e) { System.err.println("Operation failed: " + e.getMessage()); } } private static void createClusterSecurityGroup() { CreateClusterSecurityGroupRequest request = new CreateClusterSecurityGroupRequest() .withDescription("my cluster security group") .withClusterSecurityGroupName(clusterSecurityGroupName); client.createClusterSecurityGroup(request); System.out.format("Created cluster security group: '%s'\n", clusterSecurityGroupName); } private static void addIngressRules() { AuthorizeClusterSecurityGroupIngressRequest request = new AuthorizeClusterSecurityGroupIngressRequest() .withClusterSecurityGroupName(clusterSecurityGroupName) .withCIDRIP(""); ClusterSecurityGroup result = client.authorizeClusterSecurityGroupIngress(request); request = new AuthorizeClusterSecurityGroupIngressRequest() .withClusterSecurityGroupName(clusterSecurityGroupName) .withEC2SecurityGroupName("default") .withEC2SecurityGroupOwnerId(ownerID); result = client.authorizeClusterSecurityGroupIngress(request); System.out.format("\nAdded ingress rules to security group '%s'\n", clusterSecurityGroupName); printResultSecurityGroup(result); } private static void associateSecurityGroupWithCluster() { // Get existing security groups used by the cluster. DescribeClustersRequest request = new DescribeClustersRequest() .withClusterIdentifier(clusterIdentifier); DescribeClustersResult result = client.describeClusters(request); List<ClusterSecurityGroupMembership> membershipList = result.getClusters().get(0).getClusterSecurityGroups(); List<String> secGroupNames = new ArrayList<String>(); for (ClusterSecurityGroupMembership mem : membershipList) { secGroupNames.add(mem.getClusterSecurityGroupName()); } // Add new security group to the list. secGroupNames.add(clusterSecurityGroupName); // Apply the change to the cluster. ModifyClusterRequest request2 = new ModifyClusterRequest() .withClusterIdentifier(clusterIdentifier) .withClusterSecurityGroups(secGroupNames); Cluster result2 = client.modifyCluster(request2); System.out.format("\nAssociated security group '%s' to cluster '%s'.", clusterSecurityGroupName, clusterIdentifier); } private static void describeClusterSecurityGroups() { DescribeClusterSecurityGroupsRequest request = new DescribeClusterSecurityGroupsRequest(); DescribeClusterSecurityGroupsResult result = client.describeClusterSecurityGroups(request); printResultSecurityGroups(result.getClusterSecurityGroups()); } private static void printResultSecurityGroups(List<ClusterSecurityGroup> groups) { if (groups == null) { System.out.println("\nDescribe cluster security groups result is null."); return; } System.out.println("\nPrinting security group results:"); for (ClusterSecurityGroup group : groups) { printResultSecurityGroup(group); } } private static void printResultSecurityGroup(ClusterSecurityGroup group) { System.out.format("\nName: '%s', Description: '%s'\n", group.getClusterSecurityGroupName(), group.getDescription()); for (EC2SecurityGroup g : group.getEC2SecurityGroups()) { System.out.format("EC2group: '%s', '%s', '%s'\n", g.getEC2SecurityGroupName(), g.getEC2SecurityGroupOwnerId(), g.getStatus()); } for (IPRange range : group.getIPRanges()) { System.out.format("IPRanges: '%s', '%s'\n", range.getCIDRIP(), range.getStatus()); } } } // snippet-end:[]