Work with security groups in Amazon EC2 - AWS SDK for Java version 2

Work with security groups in Amazon EC2

Create a security group

To create a security group, call the Ec2Client’s createSecurityGroup method with a CreateSecurityGroupRequest that contains the key’s name.

Imports

import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressResponse; import software.amazon.awssdk.services.ec2.model.Ec2Exception; import software.amazon.awssdk.services.ec2.model.IpPermission; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupResponse; import software.amazon.awssdk.services.ec2.model.IpRange;

Code

CreateSecurityGroupRequest createRequest = CreateSecurityGroupRequest.builder() .groupName(groupName) .description(groupDesc) .vpcId(vpcId) .build(); CreateSecurityGroupResponse resp= ec2.createSecurityGroup(createRequest);

See the complete example on GitHub.

Configure a security group

A security group can control both inbound (ingress) and outbound (egress) traffic to your Amazon EC2 instances.

To add ingress rules to your security group, use the Ec2Client’s authorizeSecurityGroupIngress method, providing the name of the security group and the access rules (IpPermission) you want to assign to it within an AuthorizeSecurityGroupIngressRequest object. The following example shows how to add IP permissions to a security group.

Imports

import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressResponse; import software.amazon.awssdk.services.ec2.model.Ec2Exception; import software.amazon.awssdk.services.ec2.model.IpPermission; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupResponse; import software.amazon.awssdk.services.ec2.model.IpRange;

Code

First, create an Ec2Client

Region region = Region.US_WEST_2; Ec2Client ec2 = Ec2Client.builder() .region(region) .build();

Then use the Ec2Client’s authorizeSecurityGroupIngress method,

IpRange ipRange = IpRange.builder() .cidrIp("0.0.0.0/0").build(); IpPermission ipPerm = IpPermission.builder() .ipProtocol("tcp") .toPort(80) .fromPort(80) .ipRanges(ipRange) .build(); IpPermission ipPerm2 = IpPermission.builder() .ipProtocol("tcp") .toPort(22) .fromPort(22) .ipRanges(ipRange) .build(); AuthorizeSecurityGroupIngressRequest authRequest = AuthorizeSecurityGroupIngressRequest.builder() .groupName(groupName) .ipPermissions(ipPerm, ipPerm2) .build(); AuthorizeSecurityGroupIngressResponse authResponse = ec2.authorizeSecurityGroupIngress(authRequest);

To add an egress rule to the security group, provide similar data in an AuthorizeSecurityGroupEgressRequest to the Ec2Client’s authorizeSecurityGroupEgress method.

See the complete example on GitHub.

Describe security groups

To describe your security groups or get information about them, call the Ec2Client’s describeSecurityGroups method. It returns a DescribeSecurityGroupsResponse that you can use to access the list of security groups by calling its securityGroups method, which returns a list of SecurityGroup objects.

Imports

import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest; import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsResponse; import software.amazon.awssdk.services.ec2.model.SecurityGroup; import software.amazon.awssdk.services.ec2.model.Ec2Exception;

Code

public static void describeEC2SecurityGroups(Ec2Client ec2, String groupId) { try { DescribeSecurityGroupsRequest request = DescribeSecurityGroupsRequest.builder() .groupIds(groupId).build(); DescribeSecurityGroupsResponse response = ec2.describeSecurityGroups(request); for(SecurityGroup group : response.securityGroups()) { System.out.printf( "Found security group with id %s, " + "vpc id %s " + "and description %s", group.groupId(), group.vpcId(), group.description()); } } catch (Ec2Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); }

See the complete example on GitHub.

Delete a security group

To delete a security group, call the Ec2Client’s deleteSecurityGroup method, passing it a DeleteSecurityGroupRequest that contains the ID of the security group to delete.

Imports

import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.DeleteSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.DeleteSecurityGroupResponse; import software.amazon.awssdk.services.ec2.model.Ec2Exception;

Code

public static void deleteEC2SecGroup(Ec2Client ec2,String groupId) { try { DeleteSecurityGroupRequest request = DeleteSecurityGroupRequest.builder() .groupId(groupId) .build(); DeleteSecurityGroupResponse response = ec2.deleteSecurityGroup(request); System.out.printf( "Successfully deleted security group with id %s", groupId); } catch (Ec2Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); }

See the complete example on GitHub.

More information