本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
在中使用安全组 Amazon EC2
创建安全组
要创建安全组,请使用包含密钥名称的 Ec2Client createSecurityGroup
方法调用。CreateSecurityGroupRequest
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressResponse; import software.amazon.awssdk.services.ec2.model.Ec2Exception; import software.amazon.awssdk.services.ec2.model.IpPermission; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupResponse; import software.amazon.awssdk.services.ec2.model.IpRange;
代码
CreateSecurityGroupRequest createRequest = CreateSecurityGroupRequest.builder() .groupName(groupName) .description(groupDesc) .vpcId(vpcId) .build(); CreateSecurityGroupResponse resp= ec2.createSecurityGroup(createRequest);
请参阅上的完整示例
配置安全组
安全组可以控制您的 Amazon EC2 实例的入站(入口)和出站(出口)流量。
要向您的安全组添加入口规则,请使用 Ec2Client authorizeSecurityGroupIngress
的方法,在对象中提供安全组的名称和要分配给它的访问规则 (IpPermission
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressRequest; import software.amazon.awssdk.services.ec2.model.AuthorizeSecurityGroupIngressResponse; import software.amazon.awssdk.services.ec2.model.Ec2Exception; import software.amazon.awssdk.services.ec2.model.IpPermission; import software.amazon.awssdk.services.ec2.model.CreateSecurityGroupResponse; import software.amazon.awssdk.services.ec2.model.IpRange;
代码
首先,创建一个 Ec2Client
Region region = Region.US_WEST_2; Ec2Client ec2 = Ec2Client.builder() .region(region) .build();
然后使用 Ec2Client 的 authorizeSecurityGroupIngress
方法,
IpRange ipRange = IpRange.builder() .cidrIp("0.0.0.0/0").build(); IpPermission ipPerm = IpPermission.builder() .ipProtocol("tcp") .toPort(80) .fromPort(80) .ipRanges(ipRange) .build(); IpPermission ipPerm2 = IpPermission.builder() .ipProtocol("tcp") .toPort(22) .fromPort(22) .ipRanges(ipRange) .build(); AuthorizeSecurityGroupIngressRequest authRequest = AuthorizeSecurityGroupIngressRequest.builder() .groupName(groupName) .ipPermissions(ipPerm, ipPerm2) .build(); AuthorizeSecurityGroupIngressResponse authResponse = ec2.authorizeSecurityGroupIngress(authRequest); System.out.printf( "Successfully added ingress policy to Security Group %s", groupName); return resp.groupId(); } catch (Ec2Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; }
要向安全组添加出口规则,请在 Ec2Client 的AuthorizeSecurityGroupEgressRequestauthorizeSecurityGroupEgress
请参阅上的完整示例
描述安全组
要描述您的安全组或获取相关信息,请调用 Ec2Client 的 describeSecurityGroups
方法。它返回一个 DescribeSecurityGroupsResponsesecurityGroups
方法来访问安全组列表,该方法返回SecurityGroup
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest; import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsResponse; import software.amazon.awssdk.services.ec2.model.SecurityGroup; import software.amazon.awssdk.services.ec2.model.Ec2Exception;
代码
public static void describeEC2SecurityGroups(Ec2Client ec2, String groupId) { try { DescribeSecurityGroupsRequest request = DescribeSecurityGroupsRequest.builder() .groupIds(groupId).build(); DescribeSecurityGroupsResponse response = ec2.describeSecurityGroups(request); for(SecurityGroup group : response.securityGroups()) { System.out.printf( "Found Security Group with id %s, " + "vpc id %s " + "and description %s", group.groupId(), group.vpcId(), group.description()); } } catch (Ec2Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅上的完整示例
删除安全组
要删除安全组,请调用 Ec2Client deleteSecurityGroup
的方法,将其传递给DeleteSecurityGroupRequest
导入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.ec2.Ec2Client; import software.amazon.awssdk.services.ec2.model.DeleteSecurityGroupRequest; import software.amazon.awssdk.services.ec2.model.Ec2Exception;
代码
public static void deleteEC2SecGroup(Ec2Client ec2,String groupId) { try { DeleteSecurityGroupRequest request = DeleteSecurityGroupRequest.builder() .groupId(groupId) .build(); ec2.deleteSecurityGroup(request); System.out.printf( "Successfully deleted Security Group with id %s", groupId); } catch (Ec2Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
请参阅上的完整示例
更多信息
-
Amazon EC2 Linux 实例 Amazon EC2 用户指南中的@@ 安全组
-
CreateSecurityGroup在 Amazon EC2 API 参考中
-
DescribeSecurityGroups在 Amazon EC2 API 参考中
-
DeleteSecurityGroup在 Amazon EC2 API 参考中
-
AuthorizeSecurityGroupIngress在 Amazon EC2 API 参考中