AWS SDK for Java version 2
Developer Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Working with Security Groups in Amazon EC2

Creating a Security Group

To create a security group, call the Ec2Client's createSecurityGroup method with a CreateSecurityGroupRequest that contains the key's name.

Imports

import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupResponse; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressResponse; import software.amazon.awssdk.services.ec2.model.IpPermission; import software.amazon.awssdk.services.ec2.model.IpRange;

Code

CreateSecurityGroupRequest create_request = CreateSecurityGroupRequest.builder() .groupName(group_name) .description(group_desc) .vpcId(vpc_id) .build(); CreateSecurityGroupResponse create_response = ec2.createSecurityGroup(create_request);

See the complete example on GitHub.

Configuring a Security Group

A security group can control both inbound (ingress) and outbound (egress) traffic to your Amazon EC2 instances.

To add ingress rules to your security group, use the Ec2Client's authorizeSecurityGroupIngress method, providing the name of the security group and the access rules (IpPermission) you want to assign to it within an AuthorizeSecurityGroupIngressRequest object. The following example shows how to add IP permissions to a security group.

Imports

import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupResponse; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressResponse; import software.amazon.awssdk.services.ec2.model.IpPermission; import software.amazon.awssdk.services.ec2.model.IpRange;

Code

First, create an Ec2Client

Ec2Client ec2 = Ec2Client.create();

Then use the Ec2Client's authorizeSecurityGroupIngress method,

IpRange ip_range = IpRange.builder() .cidrIp("0.0.0.0/0").build(); IpPermission ip_perm = IpPermission.builder() .ipProtocol("tcp") .toPort(80) .fromPort(80) .ipRanges(ip_range) // .ipv4Ranges(ip_range) .build(); IpPermission ip_perm2 = IpPermission.builder() .ipProtocol("tcp") .toPort(22) .fromPort(22) .ipRanges(ip_range) .build(); AuthorizeSecurityGroupIngressRequest auth_request = AuthorizeSecurityGroupIngressRequest.builder() .groupName(group_name) .ipPermissions(ip_perm, ip_perm2) .build(); AuthorizeSecurityGroupIngressResponse auth_response = ec2.authorizeSecurityGroupIngress(auth_request);

To add an egress rule to the security group, provide similar data in an AuthorizeSecurityGroupEgressRequest to the Ec2Client's authorizeSecurityGroupEgress method.

See the complete example on GitHub.

Describing Security Groups

To describe your security groups or get information about them, call the Ec2Client's describeSecurityGroups method. It returns a DescribeSecurityGroupsResponse that you can use to access the list of security groups by calling its securityGroups method, which returns a list of SecurityGroup objects.

Imports

import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest; import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsResponse; import software.amazon.awssdk.services.ec2.model.SecurityGroup;

Code

Ec2Client ec2 = Ec2Client.create(); DescribeSecurityGroupsRequest request = DescribeSecurityGroupsRequest.builder() .groupIds(group_id).build(); DescribeSecurityGroupsResponse response = ec2.describeSecurityGroups(request);

See the complete example on GitHub.

Deleting a Security Group

To delete a security group, call the Ec2Client's deleteSecurityGroup method, passing it a DeleteSecurityGroupRequest that contains the ID of the security group to delete.

Imports

import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.DeleteSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.DeleteSecurityGroupResponse;

Code

Ec2Client ec2 = Ec2Client.create(); DeleteSecurityGroupRequest request = DeleteSecurityGroupRequest.builder() .groupId(group_id) .build(); DeleteSecurityGroupResponse response = ec2.deleteSecurityGroup(request);

See the complete example on GitHub.

More Information