public string GetCallerIdentity()
{
if (_answer != null)
{
return(_answer);
}
if (Run)
{
var client = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient();
var task = client.GetCallerIdentityAsync(new Amazon.SecurityToken.Model.GetCallerIdentityRequest());
if (task.IsFaulted)
{
Error(task.Exception.Flatten().Message);
Error("You must have assumed a role first.");
Run = false;
return(string.Empty);
}
else
{
_answer = _serializer(task.Result);
return(_answer);
}
}
else
{
Error("Unable to run stsgetcalleridentity. Missing context and/or serializer.");
return(string.Empty);
}
}
async static Task <List <SendDataPoint> > GetSesStatsForAccount(string Account)
{
string strRoleARN = "arn:aws:iam::" + Account + ":role/" + AssumedRoleName;
Amazon.SecurityToken.AmazonSecurityTokenServiceClient stsClient = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient();
var assumeRoleResponse = await stsClient.AssumeRoleAsync(new Amazon.SecurityToken.Model.AssumeRoleRequest {
RoleArn = strRoleARN, RoleSessionName = "TempSession"
});
SessionAWSCredentials sessionCredentials =
new SessionAWSCredentials(assumeRoleResponse.Credentials.AccessKeyId,
assumeRoleResponse.Credentials.SecretAccessKey,
assumeRoleResponse.Credentials.SessionToken);
var regions = new Amazon.RegionEndpoint[] { Amazon.RegionEndpoint.USEast1, Amazon.RegionEndpoint.USWest2, Amazon.RegionEndpoint.EUWest1 };
List <SendDataPoint> lst = new List <SendDataPoint>();
foreach (var region in regions)
{
Console.WriteLine($"Checking {region.ToString()} for account {Account}");
AmazonSimpleEmailServiceClient sesClient = new AmazonSimpleEmailServiceClient(sessionCredentials, region);
var response = await sesClient.GetSendStatisticsAsync();
lst.AddRange(response.SendDataPoints);
}
return(lst);
}
private void TestPreSignedUrlWithSessionToken(RegionEndpoint region, DateTime expires, bool useSigV4, bool expectSigV4Url)
{
using (var sts = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient())
{
AWSCredentials credentials = sts.GetSessionToken().Credentials;
var client = new AmazonS3Client(credentials, region);
var originalUseSigV4 = AWSConfigsS3.UseSignatureVersion4;
AWSConfigsS3.UseSignatureVersion4 = true;
string bucketName = null;
try
{
AWSConfigsS3.UseSignatureVersion4 = true;
bucketName = CreateBucketAndObject(client);
AssertPreSignedUrl(client, bucketName, expires, expectSigV4Url);
}
finally
{
AWSConfigsS3.UseSignatureVersion4 = originalUseSigV4;
if (bucketName != null)
{
DeleteBucket(client, bucketName);
}
}
}
}
public static AWSCredentials CreateTemporaryCredentials()
{
using (var sts = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient())
{
var creds = sts.GetSessionToken().Credentials;
return(creds);
}
}
private void SetCreds()
{
if (creds == null || DateTime.Now >= mfaExpires || AWSConfigs.AWSProfileName != Profile_CBB.Text)
{
AWSConfigs.AWSProfileName = Profile_CBB.Text;
creds = new StoredProfileAWSCredentials(Profile_CBB.Text);
if (AssumeRole_CBB.Text != "none")
{
//Get selected role to assume
ComboboxItem o = (ComboboxItem)AssumeRole_CBB.SelectedItem;
//Create AssumeRole request
Amazon.SecurityToken.Model.AssumeRoleRequest assumeRequest = new Amazon.SecurityToken.Model.AssumeRoleRequest();
assumeRequest.RoleArn = o.Role;
assumeRequest.RoleSessionName = UserName + "@" + AppName;
//Get MFA Device
Amazon.IdentityManagement.AmazonIdentityManagementServiceClient imc = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient(creds);
Amazon.IdentityManagement.Model.ListMFADevicesRequest mfaRequest = new Amazon.IdentityManagement.Model.ListMFADevicesRequest();
Amazon.IdentityManagement.Model.ListMFADevicesResponse mfaResponse = imc.ListMFADevices(mfaRequest);
if (mfaResponse != null)
{
if (mfaResponse.MFADevices.Count > 0)
{
assumeRequest.SerialNumber = mfaResponse.MFADevices[0].SerialNumber;
}
}
//If MFA Device was not obtained
if (assumeRequest.SerialNumber == string.Empty)
{
//Get mfa associated with selected profile
if (MfaDevices.ContainsKey(Profile_CBB.Text))
{
assumeRequest.SerialNumber = MfaDevices[Profile_CBB.Text];
}
else
{
assumeRequest.SerialNumber = MfaDevices["default"];
}
}
//Get MFA code
mfa m = new mfa();
m.ShowDialog();
assumeRequest.TokenCode = mfacode.Trim(); //MFA code
Amazon.SecurityToken.AmazonSecurityTokenServiceClient secClient = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient();
Amazon.SecurityToken.Model.AssumeRoleResponse assumeResponse = secClient.AssumeRole(assumeRequest);
mfaExpires = assumeResponse.Credentials.Expiration;
creds = assumeResponse.Credentials;
}
}
}
public static Credentials AssumeRole(string RoleARN, RegionEndpoint region)
{
Amazon.SecurityToken.AmazonSecurityTokenServiceClient stsClient = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(region);
var assumeResult = stsClient.AssumeRoleAsync(new Amazon.SecurityToken.Model.AssumeRoleRequest {
RoleArn = RoleARN, RoleSessionName = Guid.NewGuid().ToString()
});
var creds = assumeResult.Result.Credentials;
return(creds);
}
private static AmazonCognitoSyncClient CreateAuthenticatedClient(string poolId, string poolName, string identityId, out string roleName)
{
string token;
using (var cibClient = new Amazon.CognitoIdentity.AmazonCognitoIdentityClient(new AnonymousAWSCredentials()))
{
var getOpenIdResult = cibClient.GetOpenIdToken(new Amazon.CognitoIdentity.Model.GetOpenIdTokenRequest
{
IdentityId = identityId,
});
token = getOpenIdResult.Token;
}
AWSCredentials credentials = null;
using (var stsClient = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials()))
{
string roleArn;
PrepareRole("RolePolicy", out roleName, out roleArn);
// Add retries to allow the roles and identity to propagate
for (int retries = 0; retries < 5; retries++)
{
Thread.Sleep(1000 * retries);
try
{
var assumeRoleResult = stsClient.AssumeRoleWithWebIdentity(new Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityRequest
{
WebIdentityToken = token,
RoleArn = roleArn,
RoleSessionName = "ProviderSession",
});
credentials = assumeRoleResult.Credentials;
break;
}
catch (Amazon.SecurityToken.AmazonSecurityTokenServiceException e)
{
if (!e.Message.Contains("Not authorized"))
{
throw;
}
}
}
}
var authenticatedClient = new AmazonCognitoSyncClient(credentials);
return(authenticatedClient);
}
public void TestSessionCredentials()
{
using (var sts = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient())
{
AWSCredentials credentials = sts.GetSessionToken().Credentials;
var originalEC2Signature = AWSConfigs.EC2Config.UseSignatureVersion4;
var originalS3Signature = AWSConfigs.S3Config.UseSignatureVersion4;
AWSConfigs.EC2Config.UseSignatureVersion4 = true;
AWSConfigs.S3Config.UseSignatureVersion4 = true;
try
{
using (var ec2 = new Amazon.EC2.AmazonEC2Client(credentials))
{
var regions = ec2.DescribeRegions().Regions;
Console.WriteLine(regions.Count);
}
using (var s3 = new Amazon.S3.AmazonS3Client(credentials))
{
var buckets = s3.ListBuckets().Buckets;
Console.WriteLine(buckets.Count);
}
using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials))
{
var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest {
RegistrationStatus = "REGISTERED"
}).DomainInfos;
Console.WriteLine(domains.Infos.Count);
}
using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials, new Amazon.SimpleWorkflow.AmazonSimpleWorkflowConfig {
SignatureVersion = "4"
}))
{
var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest {
RegistrationStatus = "REGISTERED"
}).DomainInfos;
Console.WriteLine(domains.Infos.Count);
}
}
finally
{
AWSConfigs.EC2Config.UseSignatureVersion4 = originalEC2Signature;
AWSConfigs.S3Config.UseSignatureVersion4 = originalS3Signature;
}
}
}
public void TestSessionCredentials()
{
using (var sts = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient())
{
AWSCredentials credentials = sts.GetSessionToken().Credentials;
var originalEC2Signature = AWSConfigs.EC2Config.UseSignatureVersion4;
var originalS3Signature = AWSConfigs.S3Config.UseSignatureVersion4;
AWSConfigs.EC2Config.UseSignatureVersion4 = true;
AWSConfigs.S3Config.UseSignatureVersion4 = true;
try
{
using (var ec2 = new Amazon.EC2.AmazonEC2Client(credentials))
{
var regions = ec2.DescribeRegions().Regions;
Console.WriteLine(regions.Count);
}
using (var s3 = new Amazon.S3.AmazonS3Client(credentials))
{
var buckets = s3.ListBuckets().Buckets;
Console.WriteLine(buckets.Count);
}
using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials))
{
var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest { RegistrationStatus = "REGISTERED" }).DomainInfos;
Console.WriteLine(domains.Infos.Count);
}
using (var swf = new Amazon.SimpleWorkflow.AmazonSimpleWorkflowClient(credentials, new Amazon.SimpleWorkflow.AmazonSimpleWorkflowConfig { SignatureVersion = "4" }))
{
var domains = swf.ListDomains(new Amazon.SimpleWorkflow.Model.ListDomainsRequest { RegistrationStatus = "REGISTERED" }).DomainInfos;
Console.WriteLine(domains.Infos.Count);
}
}
finally
{
AWSConfigs.EC2Config.UseSignatureVersion4 = originalEC2Signature;
AWSConfigs.S3Config.UseSignatureVersion4 = originalS3Signature;
}
}
}
public string GetCallerIdentity()
{
if (_answer != null)
{
return(_answer);
}
if (Run)
{
var client = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient();
var task = client.GetCallerIdentityAsync(new Amazon.SecurityToken.Model.GetCallerIdentityRequest());
_answer = _serializer(task.Result);
return(_answer);
}
else
{
Error("Unable to get caller identity. Missing context and/or serializer.");
return(string.Empty);
}
}
