现在,您可以使用Amazon S3转移经理(开发人员预览版)
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用中的安全组Amazon EC2
创建安全组
要创建安全组,请调用 Ec2ClientcreateSecurityGroup
使用CreateSecurityGroupRequest包含密钥的名称。
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressResponse; import software.amazon.awssdk.services.ec2.model.Ec2Exception; import software.amazon.awssdk.services.ec2.model.IpPermission; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupResponse; import software.amazon.awssdk.services.ec2.model.IpRange;
代码
CreateSecurityGroupRequest createRequest = CreateSecurityGroupRequest.builder() .groupName(groupName) .description(groupDesc) .vpcId(vpcId) .build(); CreateSecurityGroupResponse resp= ec2.createSecurityGroup(createRequest);
请参阅 GitHub 上的完整示例
配置安全组
安全组可以控制对 Amazon EC2 实例的入站 (入口) 流量和出站 (出口) 流量。
要向安全组添加入口规则,请使用 Ec2ClientauthorizeSecurityGroupIngress
方法,提供安全组的名称和访问规则(IpPermission)您要分配给它AuthorizeSecurityGroupIngressRequest对象。以下示例介绍如何将 IP 权限添加到安全组。
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressResponse; import software.amazon.awssdk.services.ec2.model.Ec2Exception; import software.amazon.awssdk.services.ec2.model.IpPermission; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupResponse; import software.amazon.awssdk.services.ec2.model.IpRange;
代码
首先,创建 Ec2Client
Region region = Region.US_WEST_2; Ec2Client ec2 = Ec2Client.builder() .region(region) .build();
然后使用 Ec2ClientauthorizeSecurityGroupIngress
方法,
IpRange ipRange = IpRange.builder() .cidrIp("0.0.0.0/0").build(); IpPermission ipPerm = IpPermission.builder() .ipProtocol("tcp") .toPort(80) .fromPort(80) .ipRanges(ipRange) .build(); IpPermission ipPerm2 = IpPermission.builder() .ipProtocol("tcp") .toPort(22) .fromPort(22) .ipRanges(ipRange) .build(); AuthorizeSecurityGroupIngressRequest authRequest = AuthorizeSecurityGroupIngressRequest.builder() .groupName(groupName) .ipPermissions(ipPerm, ipPerm2) .build(); AuthorizeSecurityGroupIngressResponse authResponse = ec2.authorizeSecurityGroupIngress(authRequest); System.out.printf( "Successfully added ingress policy to Security Group %s", groupName); return resp.groupId(); } catch (Ec2Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; }
要向安全组添加出口规则,请在AuthorizeSecurityGroupEgressRequest到 Ec2ClientauthorizeSecurityGroupEgress
方法。
请参阅 GitHub 上的完整示例
描述安全组
要描述您的安全组或获取相关信息,请致电 Ec2ClientdescribeSecurityGroups
方法。该方法返回 DescribeSecurityGroupsResponse,使用它后,您可以通过调用其 securityGroups
方法(返回一个 SecurityGroup 对象的列表)来访问安全组的列表。
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest; import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsResponse; import software.amazon.awssdk.services.ec2.model.SecurityGroup; import software.amazon.awssdk.services.ec2.model.Ec2Exception;
代码
public static void describeEC2SecurityGroups(Ec2Client ec2, String groupId) { try { DescribeSecurityGroupsRequest request = DescribeSecurityGroupsRequest.builder() .groupIds(groupId).build(); DescribeSecurityGroupsResponse response = ec2.describeSecurityGroups(request); for(SecurityGroup group : response.securityGroups()) { System.out.printf( "Found Security Group with id %s, " + "vpc id %s " + "and description %s", group.groupId(), group.vpcId(), group.description()); } } catch (Ec2Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅 GitHub 上的完整示例
删除安全组
要删除安全组,请调用 Ec2ClientdeleteSecurityGroup
方法,把它传递给DeleteSecurityGroupRequest包含要删除的安全组的 ID。
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.DeleteSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.Ec2Exception;
代码
public static void deleteEC2SecGroup(Ec2Client ec2,String groupId) { try { DeleteSecurityGroupRequest request = DeleteSecurityGroupRequest.builder() .groupId(groupId) .build(); ec2.deleteSecurityGroup(request); System.out.printf( "Successfully deleted Security Group with id %s", groupId); } catch (Ec2Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅 GitHub 上的完整示例
更多信息
-
Amazon EC2个安全组中的Amazon EC2用户指南(适用于 Linux 实例)
-
为您的 Linux 实例授权入站流量中的Amazon EC2用户指南(适用于 Linux 实例)
-
CreateSecurityGroup中的Amazon EC2API 参考
-
DescribeSecurityGroups中的Amazon EC2API 参考
-
DeleteSecurityGroup中的Amazon EC2API 参考
-
AuthorizeSecurityGroupIngress中的Amazon EC2API 参考