in priam/src/main/java/com/netflix/priam/aws/AWSMembership.java [166:202]
public void addACL(Collection<String> listIPs, int from, int to) {
AmazonEC2 client = null;
try {
client = getEc2Client();
List<IpPermission> ipPermissions = new ArrayList<>();
ipPermissions.add(
new IpPermission()
.withFromPort(from)
.withIpProtocol("tcp")
.withIpRanges(listIPs)
.withToPort(to));
if (isClassic()) {
client.authorizeSecurityGroupIngress(
new AuthorizeSecurityGroupIngressRequest(
config.getACLGroupName(), ipPermissions));
if (logger.isInfoEnabled()) {
logger.info("Done adding ACL to classic: " + StringUtils.join(listIPs, ","));
}
} else {
AuthorizeSecurityGroupIngressRequest sgIngressRequest =
new AuthorizeSecurityGroupIngressRequest();
sgIngressRequest.withGroupId(getVpcGoupId());
// fetch SG group id for vpc account of the running instance.
client.authorizeSecurityGroupIngress(
sgIngressRequest.withIpPermissions(
ipPermissions)); // Adding peers' IPs as ingress to the running
// instance SG
if (logger.isInfoEnabled()) {
logger.info("Done adding ACL to vpc: " + StringUtils.join(listIPs, ","));
}
}
} finally {
if (client != null) client.shutdown();
}
}