@Override public DescribeSecurityGroupsResult describeSecurityGroups() { return describeSecurityGroups(new DescribeSecurityGroupsRequest()); }
@Override public Collection<String> listRuleSets() { DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest(); DescribeSecurityGroupsResult result = null; try { result = client.describeSecurityGroups( request ); } catch ( Exception e ) { LOG.warn( "Error while getting security groups", e ); return new LinkedList<String>(); } Collection<String> groups = new ArrayList<String>(); for( SecurityGroup group : result.getSecurityGroups() ) { groups.add( group.getGroupName() ); } return groups; }
@Override public Collection<IpRule> getRules( final String name, final boolean inbound ) { DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest().withGroupNames( name ); DescribeSecurityGroupsResult result = client.describeSecurityGroups( request ); if( result.getSecurityGroups().size() != 1 ) { return null; } Collection<IpRule> ipRules = new ArrayList<IpRule>(); List<IpPermission> permissions; if( inbound ) { permissions = result.getSecurityGroups().get( 0 ).getIpPermissions(); } else { permissions = result.getSecurityGroups().get( 0 ).getIpPermissionsEgress(); } for( IpPermission permission : permissions ) { ipRules.add( toIpRule( permission ) ); } return ipRules; }
/** * <p> * Describes one or more of your security groups. * </p> * <p> * A security group is for use with instances either in the EC2-Classic * platform or in a specific VPC. For more information, see * <a href="http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html"> Amazon EC2 Security Groups </a> in the <i>Amazon Elastic Compute Cloud User Guide</i> and <a href="http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html"> Security Groups for Your VPC </a> * in the <i>Amazon Virtual Private Cloud User Guide</i> . * </p> * * @return The response from the DescribeSecurityGroups service method, * as returned by AmazonEC2. * * * @throws AmazonClientException * If any internal errors are encountered inside the client while * attempting to make the request or handle the response. For example * if a network connection is not available. * @throws AmazonServiceException * If an error response is returned by AmazonEC2 indicating * either a problem with the data in the request, or a server side issue. */ public DescribeSecurityGroupsResult describeSecurityGroups() throws AmazonServiceException, AmazonClientException { return describeSecurityGroups(new DescribeSecurityGroupsRequest()); }
@Override public DescribeSecurityGroupsResult describeSecurityGroups() { return describeSecurityGroups(new DescribeSecurityGroupsRequest()); }
@Override public List<String> getSecurityGroupNames() { DescribeSecurityGroupsResult result = client.describeSecurityGroups(); List<String> names = newArrayList(); for (SecurityGroup group : result.getSecurityGroups()) { names.add(group.getGroupName()); } Collections.sort(names); return ImmutableList.copyOf(names); }
@Override public Optional<SecurityGroup> getSecurityGroup(String name) { checkNotBlank(name, "name"); List<String> names = getSecurityGroupNames(); if (names.contains(name)) { DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest(); request.setGroupNames(Collections.singletonList(name)); DescribeSecurityGroupsResult result = client.describeSecurityGroups(request); List<SecurityGroup> groups = result.getSecurityGroups(); checkState(groups.size() == 1, "Expected exactly 1 security group but there were %s instead", groups.size()); SecurityGroup group = groups.get(0); return Optional.of(group); } else { return Optional.<SecurityGroup> absent(); } }
@Override public Map<String, SecurityGroupCheckDetails> check(final Collection<String> groupIds, final String account, final Region region) { final DescribeSecurityGroupsRequest describeSecurityGroupsRequest = new DescribeSecurityGroupsRequest(); describeSecurityGroupsRequest.setGroupIds(groupIds); final AmazonEC2Client amazonEC2Client = clientProvider.getClient( AmazonEC2Client.class, account, region); final DescribeSecurityGroupsResult describeSecurityGroupsResult = amazonEC2Client.describeSecurityGroups( describeSecurityGroupsRequest); final ImmutableMap.Builder<String, SecurityGroupCheckDetails> result = ImmutableMap.builder(); for (final SecurityGroup securityGroup : describeSecurityGroupsResult.getSecurityGroups()) { final List<String> offendingRules = securityGroup.getIpPermissions().stream() .filter(isOffending) .map(Object::toString) .collect(toList()); if (!offendingRules.isEmpty()) { final SecurityGroupCheckDetails details = new SecurityGroupCheckDetails( securityGroup.getGroupName(), ImmutableList.copyOf(offendingRules)); result.put(securityGroup.getGroupId(), details); } } return result.build(); } }
final DescribeSecurityGroupsRequest request = new DescribeSecurityGroupsRequest(); request.setGroupIds(securityGroupIds); result = amazonEC2Client.describeSecurityGroups(request); } catch (final AmazonServiceException e) { if (e.getErrorCode().equals(INVALID_GROUP_NOT_FOUND)) {
final String regionName = clientPair.getKey(); final AmazonEC2Client client = clientPair.getValue(); final List<SecurityGroup> securityGroups = client.describeSecurityGroups().getSecurityGroups(); log.debug("Found {} security groups in {}", securityGroups.size(), regionName); ec2SGbuilder.putAll(regionName, securityGroups);
@Override protected void doScan() { rateLimit(); DescribeSecurityGroupsResult result = getClient().describeSecurityGroups(); long now = System.currentTimeMillis(); GraphNodeGarbageCollector gc = newGarbageCollector().bindScannerContext(); result.getSecurityGroups().forEach(sg -> { try { ObjectNode g = convertAwsObject(sg, getRegion()); // non-VPC security groups don't have a VPC String vpcId = Strings.nullToEmpty(sg.getVpcId()); String cypher = "merge (sg:AwsSecurityGroup {aws_arn:{arn}}) set sg+={props}, sg.updateTs={now} return sg"; JsonNode xx = getNeoRxClient() .execCypher(cypher, "arn", g.path(AWS_ARN_ATTRIBUTE).asText(), "props", g, "now", now).blockingFirst(); getShadowAttributeRemover().removeTagAttributes("AwsSecurityGroup", g, xx); gc.updateEarliestTimestamp(xx); if (!vpcId.isEmpty()) { cypher = "match (v:AwsVpc {aws_vpcId: {vpcId}}), (sg:AwsSecurityGroup {aws_arn:{sg_arn}}) merge (sg)-[:RESIDES_IN]->(v)"; getNeoRxClient().execCypher(cypher, "vpcId", vpcId, "sg_arn", g.path("aws_arn").asText()); } incrementEntityCount(); } catch (RuntimeException e) { maybeThrow(e, "problem scanning security groups"); } }); }