public static void CreateLambdaFunction(string functionName, string iamRoleName, out string iamRoleArn, out string functionArn)
{
var iamCreateResponse = iamClient.CreateRole(new CreateRoleRequest
{
RoleName = iamRoleName,
AssumeRolePolicyDocument = LAMBDA_ASSUME_ROLE_POLICY
});
iamRoleArn = iamCreateResponse.Role.Arn;
var statement = new Statement(Statement.StatementEffect.Allow);
statement.Actions.Add(S3ActionIdentifiers.PutObject);
statement.Actions.Add(S3ActionIdentifiers.GetObject);
statement.Resources.Add(new Resource("*"));
var policy = new Amazon.Auth.AccessControlPolicy.Policy();
policy.Statements.Add(statement);
iamClient.PutRolePolicy(new PutRolePolicyRequest
{
RoleName = iamRoleName,
PolicyName = "admin",
PolicyDocument = policy.ToJson()
});
// Wait for the role and policy to propagate
Thread.Sleep(5000);
MemoryStream stream = CreateScriptStream();
var uploadRequest = new CreateFunctionRequest
{
FunctionName = functionName,
Code = new FunctionCode
{
ZipFile = stream
},
Handler = "helloworld.handler",
//Mode = Mode.Event,
Runtime = Runtime.Nodejs,
Role = iamCreateResponse.Role.Arn
};
var uploadResponse = Client.CreateFunction(uploadRequest);
createdFunctionNames.Add(functionName);
Assert.IsTrue(uploadResponse.CodeSize > 0);
Assert.IsNotNull(uploadResponse.FunctionArn);
functionArn = uploadResponse.FunctionArn;
}
public void Save(string sourceArn, IAmazonSimpleNotificationService client)
{
ActionIdentifier[] actions = { SNSActionIdentifiers.Subscribe};
var snsPolicy = new Policy()
.WithStatements(GetDefaultStatement(sourceArn))
.WithStatements(new Statement(Statement.StatementEffect.Allow)
.WithPrincipals(_accountIds.Select(a => new Principal(a)).ToArray())
.WithResources(new Resource(sourceArn))
.WithActionIdentifiers(actions));
var attributeValue = snsPolicy.ToJson();
var setQueueAttributesRequest = new SetTopicAttributesRequest(sourceArn, "Policy", attributeValue);
client.SetTopicAttributes(setQueueAttributesRequest);
}
public static void Save(string sourceArn, string queueArn, string queueUrl, IAmazonSQS client)
{
var topicArnWildcard = CreateTopicArnWildcard(sourceArn);
ActionIdentifier[] actions = { SQSActionIdentifiers.SendMessage };
Policy sqsPolicy = new Policy()
.WithStatements(new Statement(Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithResources(new Resource(queueArn))
.WithConditions(ConditionFactory.NewSourceArnCondition(topicArnWildcard))
.WithActionIdentifiers(actions));
SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest();
setQueueAttributesRequest.QueueUrl = queueUrl;
setQueueAttributesRequest.Attributes["Policy"] = sqsPolicy.ToJson();
client.SetQueueAttributes(setQueueAttributesRequest);
}
public void TestAnonymousPrincipal()
{
var policy = new Policy
{
Statements =
{
new Statement(Statement.StatementEffect.Deny)
{
Principals = { Principal.Anonymous }
}
}
};
var json = policy.ToJson();
Console.WriteLine(json);
Assert.IsTrue(json.Contains("\"Principal\" : \"*\""));
var roundTripPolicy = Policy.FromJson(json);
Assert.AreEqual(Principal.Anonymous, roundTripPolicy.Statements[0].Principals[0]);
}
public ISubscribeReponseMessage Subscribe(string queueUrl)
{
var sqsConfig = new AmazonSQSConfig {ServiceURL = SqsServiceUrl};
var snsConfig = new AmazonSimpleNotificationServiceConfig {ServiceURL = SnsServiceUrl};
using (var sqsClient = _awsConfig.CreateAwsClient<AmazonSQSClient>(sqsConfig))
{
var attributesRequest = new GetQueueAttributesRequest(queueUrl, new List<string> {"QueueArn"});
var attributesResponse = sqsClient.GetQueueAttributes(attributesRequest);
using (var snsClient = _awsConfig.CreateAwsClient<AmazonSimpleNotificationServiceClient>(snsConfig))
{
var subribeResonse =
snsClient.Subscribe(new SubscribeRequest(TopicArn, "sqs", attributesResponse.QueueARN));
}
var actions = new ActionIdentifier[2];
actions[0] = SQSActionIdentifiers.SendMessage;
actions[1] = SQSActionIdentifiers.ReceiveMessage;
var sqsPolicy =
new Policy().WithStatements(
new Statement(Statement.StatementEffect.Allow).WithPrincipals(Principal.AllUsers)
.WithResources(
new Resource(attributesResponse.QueueARN))
.WithConditions(
ConditionFactory.NewSourceArnCondition(
TopicArn))
.WithActionIdentifiers(actions));
var setQueueAttributesRequest = new SetQueueAttributesRequest();
var attributes = new Dictionary<string, string> {{"Policy", sqsPolicy.ToJson()}};
var attRequest = new SetQueueAttributesRequest(attributesRequest.QueueUrl, attributes);
sqsClient.SetQueueAttributes(attRequest);
return new SubcriptionMessage("Ok");
}
}
public void create_sqs_queue()
{
GetUserNameAndPassword();
var sqsClient = Amazon.AWSClientFactory.CreateAmazonSQSClient(_key, _secret);
var snsTopic = Amazon.AWSClientFactory.CreateAmazonSNSClient(_key, _secret);
var topicArn = "arn:aws:sns:us-east-1:451419498740:Elliott-has-an-awesome-blog";
//Create a new SQS queue
var createQueueRequest = new CreateQueueRequest().WithQueueName("elliotts-blog");
var createQueueResponse = sqsClient.CreateQueue(createQueueRequest);
// keep the queueUrl handy
var queueUrl = createQueueResponse.CreateQueueResult.QueueUrl;
// get the Access Resource Name so we can allow the SNS to put messages on it
var getQueueArnRequest = new GetQueueAttributesRequest()
.WithQueueUrl(queueUrl)
.WithAttributeName("QueueArn");
var getQueueArnResponse = sqsClient.GetQueueAttributes(getQueueArnRequest);
var queueArn = getQueueArnResponse.GetQueueAttributesResult.Attribute[0].Value;
//create a Policy for the SQS queue that allows SNS to publish to it
var allowSnsStatement = new Statement(Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithResources(new Resource(queueArn))
.WithConditions(ConditionFactory.NewSourceArnCondition(topicArn))
.WithActionIdentifiers(SQSActionIdentifiers.SendMessage);
var policy = new Policy("allow sns").WithStatements(new[] {allowSnsStatement});
var attribute = new Attribute().WithName("Policy").WithValue(policy.ToJson());
var setQueueAttributesRequest =
new SetQueueAttributesRequest().WithQueueUrl(queueUrl).WithAttribute(attribute);
sqsClient.SetQueueAttributes(setQueueAttributesRequest);
// ok, now lets create the subscription for sqs with the queueArn we created
var subscribeRequest = new SubscribeRequest()
.WithEndpoint(queueArn)
.WithTopicArn(topicArn)
.WithProtocol("sqs");
snsTopic.Subscribe(subscribeRequest);
}
public virtual void GrantNotificationPermission(AmazonSQSClient sqsClient, string queueArn, string queueUrl,
string topicArn)
{
// Create a policy to allow the queue to receive notifications from the SNS topic
var policy = new Policy("SubscriptionPermission")
{
Statements =
{
new Statement(Statement.StatementEffect.Allow)
{
Actions = {SQSActionIdentifiers.SendMessage},
Principals = {new Principal("*")},
Conditions = {ConditionFactory.NewSourceArnCondition(topicArn)},
Resources = {new Resource(queueArn)}
}
}
};
var attributes = new Dictionary<string, string>();
attributes.Add("Policy", policy.ToJson());
// Create the request to set the queue attributes for policy
var setQueueAttributesRequest = new SetQueueAttributesRequest
{
QueueUrl = queueUrl,
Attributes = attributes
};
// Set the queue policy
sqsClient.SetQueueAttributes(setQueueAttributesRequest);
}
public void LambdaFunctionTest()
{
const string HELLO_SCRIPT =
@"console.log('Loading http')
exports.handler = function (request, response) {
response.write(""Hello, world!"");
response.end();
console.log(""Request completed"");
}";
MemoryStream stream = new MemoryStream();
using (ZipArchive archive = new ZipArchive(stream, ZipArchiveMode.Create, true))
{
var entry = archive.CreateEntry("helloworld.js");
using (var entryStream = entry.Open())
using (var writer = new StreamWriter(entryStream))
{
writer.Write(HELLO_SCRIPT);
}
}
stream.Position = 0;
var functionName = "HelloWorld";
bool uploaded = false;
var iamRoleName = "Lambda-" + DateTime.Now.Ticks;
bool iamRoleCreated = false;
try
{
var iamCreateResponse = iamClient.CreateRole(new CreateRoleRequest
{
RoleName = iamRoleName,
AssumeRolePolicyDocument = LAMBDA_ASSUME_ROLE_POLICY
});
var statement = new Statement(Statement.StatementEffect.Allow);
statement.Actions.Add(S3ActionIdentifiers.PutObject);
statement.Actions.Add(S3ActionIdentifiers.GetObject);
statement.Resources.Add(new Resource("*"));
var policy = new Policy();
policy.Statements.Add(statement);
iamClient.PutRolePolicy(new PutRolePolicyRequest
{
RoleName = iamRoleName,
PolicyName = "admin",
PolicyDocument = policy.ToJson()
});
// Wait for the role and policy to propagate
Thread.Sleep(5000);
var uploadRequest = new UploadFunctionRequest
{
FunctionName = functionName,
FunctionZip = stream,
Handler = "helloworld.handler",
Mode = Mode.Event,
Runtime = Runtime.Nodejs,
Role = iamCreateResponse.Role.Arn
};
var uploadResponse = lambdaClient.UploadFunction(uploadRequest);
uploaded = true;
Assert.IsTrue(uploadResponse.CodeSize > 0);
Assert.IsNotNull(uploadResponse.ConfigurationId);
// List all the functions and make sure the newly uploaded function is in the collection
var listResponse = lambdaClient.ListFunctions();
var function = listResponse.Functions.FirstOrDefault(x => x.FunctionName == functionName);
Assert.IsNotNull(function);
Assert.AreEqual("helloworld.handler", function.Handler);
Assert.AreEqual(iamCreateResponse.Role.Arn, function.Role);
// Get the function with a presigned URL to the uploaded code
var getFunctionResponse = lambdaClient.GetFunction(functionName);
Assert.AreEqual("helloworld.handler", getFunctionResponse.Configuration.Handler);
Assert.IsNotNull(getFunctionResponse.Code.Location);
// Get the function's configuration only
var getFunctionConfiguration = lambdaClient.GetFunctionConfiguration(functionName);
Assert.AreEqual("helloworld.handler", getFunctionConfiguration.Handler);
// Call the function
var invokeResponse = lambdaClient.InvokeAsync(functionName);
Assert.AreEqual(invokeResponse.Status, 202); // Status Code Accepted
}
finally
{
if(uploaded)
lambdaClient.DeleteFunction(functionName);
if (iamRoleCreated)
iamClient.DeleteRole(new DeleteRoleRequest { RoleName = iamRoleName });
}
}
public string SetSqsPolicyForSnsPublish(Uri queueUrl, string queueArn, string mytopicArn)
{
Validate.That(queueUrl).IsNotNull();
Validate.That(queueArn).IsNotNullOrEmpty();
Validate.That(mytopicArn).IsNotNullOrEmpty();
var sqsPolicy = new Policy().WithStatements(
new Statement(Statement.StatementEffect.Allow)
.WithResources(new Resource(queueArn))
.WithPrincipals(Principal.AllUsers)
.WithActionIdentifiers(SQSActionIdentifiers.SendMessage)
.WithConditions(ConditionFactory.NewCondition(ConditionFactory.ArnComparisonType.ArnEquals,
conditionSourceArn, mytopicArn)));
var setQueueAttributesRequest =
new SetQueueAttributesRequest().WithQueueUrl(queueUrl.AbsoluteUri).WithPolicy(sqsPolicy.ToJson());
using (var sqs = amazonSqsFactory())
{
var response = sqs.SetQueueAttributes(setQueueAttributesRequest);
return response.ResponseMetadata.RequestId;
}
}
public void LambdaFunctionTest()
{
const string HELLO_SCRIPT =
@"console.log('Loading http')
exports.handler = function (request, response) {
response.write(""Hello, world!"");
response.end();
console.log(""Request completed"");
}";
MemoryStream stream = new MemoryStream();
using (ZipArchive archive = new ZipArchive(stream, ZipArchiveMode.Create, true))
{
var entry = archive.CreateEntry("helloworld.js");
using (var entryStream = entry.Open())
using (var writer = new StreamWriter(entryStream))
{
writer.Write(HELLO_SCRIPT);
}
}
stream.Position = 0;
var functionName = "HelloWorld";
bool uploaded = false;
var iamRoleName = "Lambda-" + DateTime.Now.Ticks;
bool iamRoleCreated = false;
try
{
var iamCreateResponse = iamClient.CreateRole(new CreateRoleRequest
{
RoleName = iamRoleName,
AssumeRolePolicyDocument = LAMBDA_ASSUME_ROLE_POLICY
});
var statement = new Statement(Statement.StatementEffect.Allow);
statement.Actions.Add(S3ActionIdentifiers.PutObject);
statement.Actions.Add(S3ActionIdentifiers.GetObject);
statement.Resources.Add(new Resource("*"));
var policy = new Amazon.Auth.AccessControlPolicy.Policy();
policy.Statements.Add(statement);
iamClient.PutRolePolicy(new PutRolePolicyRequest
{
RoleName = iamRoleName,
PolicyName = "admin",
PolicyDocument = policy.ToJson()
});
// Wait for the role and policy to propagate
Thread.Sleep(5000);
var uploadRequest = new UploadFunctionRequest
{
FunctionName = functionName,
FunctionZip = stream,
Handler = "helloworld.handler",
Mode = Mode.Event,
Runtime = Runtime.Nodejs,
Role = iamCreateResponse.Role.Arn
};
var uploadResponse = lambdaClient.UploadFunction(uploadRequest);
uploaded = true;
Assert.IsTrue(uploadResponse.CodeSize > 0);
Assert.IsNotNull(uploadResponse.ConfigurationId);
// List all the functions and make sure the newly uploaded function is in the collection
var listResponse = lambdaClient.ListFunctions();
var function = listResponse.Functions.FirstOrDefault(x => x.FunctionName == functionName);
Assert.IsNotNull(function);
Assert.AreEqual("helloworld.handler", function.Handler);
Assert.AreEqual(iamCreateResponse.Role.Arn, function.Role);
// Get the function with a presigned URL to the uploaded code
var getFunctionResponse = lambdaClient.GetFunction(functionName);
Assert.AreEqual("helloworld.handler", getFunctionResponse.Configuration.Handler);
Assert.IsNotNull(getFunctionResponse.Code.Location);
// Get the function's configuration only
var getFunctionConfiguration = lambdaClient.GetFunctionConfiguration(functionName);
Assert.AreEqual("helloworld.handler", getFunctionConfiguration.Handler);
// Call the function
var invokeResponse = lambdaClient.InvokeAsync(functionName);
Assert.AreEqual(invokeResponse.Status, 202); // Status Code Accepted
}
finally
{
if (uploaded)
{
lambdaClient.DeleteFunction(functionName);
}
if (iamRoleCreated)
{
iamClient.DeleteRole(new DeleteRoleRequest {
RoleName = iamRoleName
});
}
}
}
public string SetSqsPolicyForSnsPublish(Uri queueUrl, string queueArn, string mytopicArn)
{
queueUrl.Requires("queueUrl").IsNotNull();
queueArn.Requires("queueArn").IsNotNullOrWhiteSpace();
mytopicArn.Requires("mytopicArn").IsNotNullOrWhiteSpace();
var sqsPolicy = new Policy().WithStatements(
new Statement(Statement.StatementEffect.Allow)
.WithResources(new Resource(queueArn))
.WithPrincipals(Principal.AllUsers)
.WithActionIdentifiers(SQSActionIdentifiers.SendMessage)
.WithConditions(ConditionFactory.NewCondition(ConditionFactory.ArnComparisonType.ArnEquals,
ConditionSourceArn, mytopicArn)));
var attributes = new Dictionary<string, string>
{
{QueueAttributeName.Policy, sqsPolicy.ToJson()}
};
var setQueueAttributesRequest = new SetQueueAttributesRequest(queueUrl.AbsoluteUri, attributes);
using (var sqs = amazonSqsFactory())
{
var response = sqs.SetQueueAttributes(setQueueAttributesRequest);
return response.ResponseMetadata.RequestId;
}
}
