in priam/src/main/java/com/netflix/priam/aws/AWSMembership.java [237:274]
public void removeACL(Collection<String> listIPs, int from, int to) {
AmazonEC2 client = null;
try {
client = getEc2Client();
List<IpPermission> ipPermissions = new ArrayList<>();
ipPermissions.add(
new IpPermission()
.withFromPort(from)
.withIpProtocol("tcp")
.withIpRanges(listIPs)
.withToPort(to));
if (isClassic()) {
client.revokeSecurityGroupIngress(
new RevokeSecurityGroupIngressRequest(
config.getACLGroupName(), ipPermissions));
if (logger.isInfoEnabled()) {
logger.info(
"Done removing from ACL within classic env for running instance: "
+ StringUtils.join(listIPs, ","));
}
} else {
RevokeSecurityGroupIngressRequest req = new RevokeSecurityGroupIngressRequest();
// fetch SG group id for vpc account of the running instance.
req.withGroupId(getVpcGoupId());
// Adding peers' IPs as ingress to the running instance SG
client.revokeSecurityGroupIngress(req.withIpPermissions(ipPermissions));
if (logger.isInfoEnabled()) {
logger.info(
"Done removing from ACL within vpc env for running instance: "
+ StringUtils.join(listIPs, ","));
}
}
} finally {
if (client != null) client.shutdown();
}
}