Amazon Redshift
管理指南 (API Version 2012-12-01)
AWS 服务或AWS文档中描述的功能,可能因地区/位置而异。点 击 Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

使用适用于 Java 的 AWS 开发工具包管理群集安全组

以下示例演示了可对群集安全组执行的常见操作,包括:

  • 创建新的群集安全组。

  • 向群集安全组添加入口规则。

  • 通过修改群集配置将群集安全组与群集关联起来。

默认情况下,新的群集安全组在创建完成后没有入口规则。此示例通过添加两个入口规则来修改新的群集安全组。一个入口规则是通过指定 CIDR/IP 范围添加的,另一个入口规则是通过指定所有者 ID 和 Amazon EC2 安全组组合添加的。

有关运行以下示例的分步说明,请参阅 使用 Eclipse 运行 Amazon Redshift 的 Java 示例。您需要更新该代码,并提供群集标识符和 AWS 账号。

Copy
import java.io.IOException; import java.util.ArrayList; import java.util.List; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.PropertiesCredentials; import com.amazonaws.services.redshift.AmazonRedshiftClient; import com.amazonaws.services.redshift.model.*; public class CreateAndModifyClusterSecurityGroup { public static AmazonRedshiftClient client; public static String clusterSecurityGroupName = "securitygroup1"; public static String clusterIdentifier = "***provide cluster identifier***"; public static String ownerID = "***provide account id****"; public static void main(String[] args) throws IOException { AWSCredentials credentials = new PropertiesCredentials( CreateAndModifyClusterSecurityGroup.class .getResourceAsStream("AwsCredentials.properties")); client = new AmazonRedshiftClient(credentials); try { createClusterSecurityGroup(); describeClusterSecurityGroups(); addIngressRules(); associateSecurityGroupWithCluster(); } catch (Exception e) { System.err.println("Operation failed: " + e.getMessage()); } } private static void createClusterSecurityGroup() { CreateClusterSecurityGroupRequest request = new CreateClusterSecurityGroupRequest() .withDescription("my cluster security group") .withClusterSecurityGroupName(clusterSecurityGroupName); client.createClusterSecurityGroup(request); System.out.format("Created cluster security group: '%s'\n", clusterSecurityGroupName); } private static void addIngressRules() { AuthorizeClusterSecurityGroupIngressRequest request = new AuthorizeClusterSecurityGroupIngressRequest() .withClusterSecurityGroupName(clusterSecurityGroupName) .withCIDRIP("192.168.40.5/32"); ClusterSecurityGroup result = client.authorizeClusterSecurityGroupIngress(request); request = new AuthorizeClusterSecurityGroupIngressRequest() .withClusterSecurityGroupName(clusterSecurityGroupName) .withEC2SecurityGroupName("default") .withEC2SecurityGroupOwnerId(ownerID); result = client.authorizeClusterSecurityGroupIngress(request); System.out.format("\nAdded ingress rules to security group '%s'\n", clusterSecurityGroupName); printResultSecurityGroup(result); } private static void associateSecurityGroupWithCluster() { // Get existing security groups used by the cluster. DescribeClustersRequest request = new DescribeClustersRequest() .withClusterIdentifier(clusterIdentifier); DescribeClustersResult result = client.describeClusters(request); List<ClusterSecurityGroupMembership> membershipList = result.getClusters().get(0).getClusterSecurityGroups(); List<String> secGroupNames = new ArrayList<String>(); for (ClusterSecurityGroupMembership mem : membershipList) { secGroupNames.add(mem.getClusterSecurityGroupName()); } // Add new security group to the list. secGroupNames.add(clusterSecurityGroupName); // Apply the change to the cluster. ModifyClusterRequest request2 = new ModifyClusterRequest() .withClusterIdentifier(clusterIdentifier) .withClusterSecurityGroups(secGroupNames); Cluster result2 = client.modifyCluster(request2); System.out.format("\nAssociated security group '%s' to cluster '%s'.", clusterSecurityGroupName, clusterIdentifier); } private static void describeClusterSecurityGroups() { DescribeClusterSecurityGroupsRequest request = new DescribeClusterSecurityGroupsRequest(); DescribeClusterSecurityGroupsResult result = client.describeClusterSecurityGroups(request); printResultSecurityGroups(result.getClusterSecurityGroups()); } private static void printResultSecurityGroups(List<ClusterSecurityGroup> groups) { if (groups == null) { System.out.println("\nDescribe cluster security groups result is null."); return; } System.out.println("\nPrinting security group results:"); for (ClusterSecurityGroup group : groups) { printResultSecurityGroup(group); } } private static void printResultSecurityGroup(ClusterSecurityGroup group) { System.out.format("\nName: '%s', Description: '%s'\n", group.getClusterSecurityGroupName(), group.getDescription()); for (EC2SecurityGroup g : group.getEC2SecurityGroups()) { System.out.format("EC2group: '%s', '%s', '%s'\n", g.getEC2SecurityGroupName(), g.getEC2SecurityGroupOwnerId(), g.getStatus()); } for (IPRange range : group.getIPRanges()) { System.out.format("IPRanges: '%s', '%s'\n", range.getCIDRIP(), range.getStatus()); } } }