AWS SDK for Java
Developer Guide

Working with Security Groups in Amazon EC2

Important

This is a preview release and is not recommended for production environments.

Creating a Security Group

To create a security group, call the Ec2Client's createSecurityGroup method with a CreateSecurityGroupRequest that contains the key's name.

Imports

import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupResponse;

Code

Ec2Client ec2 = Ec2Client.create(); CreateSecurityGroupRequest create_request = CreateSecurityGroupRequest.builder() .groupName(group_name) .description(group_desc) .vpcId(vpc_id) .build(); CreateSecurityGroupResponse create_response = ec2.createSecurityGroup(create_request);

See the complete example on GitHub.

Configuring a Security Group

A security group can control both inbound (ingress) and outbound (egress) traffic to your Amazon EC2 instances.

To add ingress rules to your security group, use the Ec2Client's authorizeSecurityGroupIngress method, providing the name of the security group and the access rules (IpPermission) you want to assign to it within an AuthorizeSecurityGroupIngressRequest object. The following example shows how to add IP permissions to a security group.

Imports

import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressResponse; import software.amazon.awssdk.services.ec2.model.IpPermission; import software.amazon.awssdk.services.ec2.model.IpRange;

Code

Ec2Client ec2 = Ec2Client.create(); IpRange ip_range = IpRange.builder() .cidrIp("0.0.0.0/0").build(); IpPermission ip_perm = IpPermission.builder() .ipProtocol("tcp") .toPort(80) .fromPort(80) .ipv4Ranges(ip_range) .build(); IpPermission ip_perm2 = IpPermission.builder() .ipProtocol("tcp") .toPort(22) .fromPort(22) .ipv4Ranges(ip_range) .build(); AuthorizeSecurityGroupIngressRequest auth_request = AuthorizeSecurityGroupIngressRequest.builder() .groupName(group_name) .ipPermissions(ip_perm, ip_perm2) .build(); AuthorizeSecurityGroupIngressResponse auth_response = ec2.authorizeSecurityGroupIngress(auth_request);

To add an egress rule to the security group, provide similar data in an AuthorizeSecurityGroupEgressRequest to the Ec2Client's authorizeSecurityGroupEgress method.

See the complete example on GitHub.

Describing Security Groups

To describe your security groups or get information about them, call the Ec2Client's describeSecurityGroups method. It returns a DescribeSecurityGroupsResponse that you can use to access the list of security groups by calling its securityGroups method, which returns a list of SecurityGroup objects.

Imports

import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest; import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsResponse; import software.amazon.awssdk.services.ec2.model.SecurityGroup;

Code

Ec2Client ec2 = Ec2Client.create(); DescribeSecurityGroupsRequest request = DescribeSecurityGroupsRequest.builder() .groupIds(group_id).build(); DescribeSecurityGroupsResponse response = ec2.describeSecurityGroups(request); for(SecurityGroup group : response.securityGroups()) { System.out.printf( "Found security group with id %s, " + "vpc id %s " + "and description %s", group.groupId(), group.vpcId(), group.description()); }

See the complete example on GitHub.

Deleting a Security Group

To delete a security group, call the Ec2Client's deleteSecurityGroup method, passing it a DeleteSecurityGroupRequest that contains the ID of the security group to delete.

Imports

import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.DeleteSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.DeleteSecurityGroupResponse;

Code

Ec2Client ec2 = Ec2Client.create(); DeleteSecurityGroupRequest request = DeleteSecurityGroupRequest.builder() .groupId(group_id) .build(); DeleteSecurityGroupResponse response = ec2.deleteSecurityGroup(request);

See the complete example on GitHub.

More Information