public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { ReplaceNetworkAclAssociationResponse response = new ReplaceNetworkAclAssociationResponse(); int originalDepth = context.CurrentDepth; int targetDepth = originalDepth + 1; if (context.IsStartOfDocument) { targetDepth = 2; } while (context.ReadAtDepth(originalDepth)) { if (context.IsStartElement || context.IsAttribute) { if (context.TestExpression("newAssociationId", targetDepth)) { var unmarshaller = StringUnmarshaller.Instance; response.NewAssociationId = unmarshaller.Unmarshall(context); continue; } } } return(response); }
private void replaceNetworkAclAssociations(IList <NetworkAclAssociation> desiredAclAssociations, string networkAclId) { foreach (NetworkAclAssociation networkAclAssociation in desiredAclAssociations) { ReplaceNetworkAclAssociationRequest replaceNetworkAclAssociationRequest = new ReplaceNetworkAclAssociationRequest(); replaceNetworkAclAssociationRequest.AssociationId = networkAclAssociation.NetworkAclAssociationId; replaceNetworkAclAssociationRequest.NetworkAclId = networkAclId; // Note: This turns the asynchronous call into a synchronous one ReplaceNetworkAclAssociationResponse replaceNetworkAclAssociationResponse = EC2_CLIENT.ReplaceNetworkAclAssociationAsync(replaceNetworkAclAssociationRequest).GetAwaiter().GetResult(); } }
private async Task BlockSubnetsInAZ(string vpcId, List <string> subnetIds) { //Find all existing network acl associations matching the subnets identified above DescribeNetworkAclsResponse describeNetworkAclsResult = await ec2Client.DescribeNetworkAclsAsync(new DescribeNetworkAclsRequest() { Filters = new List <Amazon.EC2.Model.Filter> { new Amazon.EC2.Model.Filter { Name = "association.subnet-id", Values = subnetIds } } }); // The describe will return all associations of an ACL, which can be associated with a subnet not in the filter IEnumerable <string> associationsToUpdate = describeNetworkAclsResult.NetworkAcls.SelectMany(x => x.Associations).Where(x => subnetIds.Contains(x.SubnetId)).Select(x => x.NetworkAclAssociationId); //create new network acl CreateNetworkAclResponse createNetworkAclResponse = await ec2Client.CreateNetworkAclAsync(new CreateNetworkAclRequest() { VpcId = vpcId }); // add both ingress and egress denying to all the traffic to the new ACL string networkAclId = createNetworkAclResponse.NetworkAcl.NetworkAclId; await CreateNetworkAclEntry(networkAclId, 100, "0.0.0.0/0", true, "-1", CreatePortRange(0, 65535), RuleAction.Deny); await CreateNetworkAclEntry(networkAclId, 101, "0.0.0.0/0", false, "-1", CreatePortRange(0, 65535), RuleAction.Deny); // update all subnets to be associated with the new ACL foreach (string existingAssociation in associationsToUpdate) { // associates the specified network ACL with the subnet for the specified network ACL association ReplaceNetworkAclAssociationResponse replaceNetworkAclAssociationResponse = await ec2Client.ReplaceNetworkAclAssociationAsync(new ReplaceNetworkAclAssociationRequest() { AssociationId = existingAssociation, NetworkAclId = networkAclId }); } }
public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { ReplaceNetworkAclAssociationResponse response = new ReplaceNetworkAclAssociationResponse(); int targetDepth = 2; while (context.Read()) { if (context.IsStartElement || context.IsAttribute) { if (context.TestExpression("newAssociationId", targetDepth)) { response.NewAssociationId = StringUnmarshaller.GetInstance().Unmarshall(context); continue; } } } return(response); }