public static void AddIPAddressToSecurityGroup() { var ec2Client = new AmazonEC2Client(); //Create and Initialize IpPermission Object var ipPermission = new IpPermission() { IpProtocol = "tcp", FromPort = 3389, //RDP port ToPort = 3389 }; ipPermission.IpRanges.Add(getExternalIp() + "/32"); //Create and initialize AuthorizeSecurityGroupIngress var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = ConfigurationManager.AppSettings["AWSSecurityGroupID"]; ingressRequest.IpPermissions.Add(ipPermission); try { //Authorize Ingress AuthorizeSecurityGroupIngressResponse ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); Console.WriteLine("IP address added to security group"); } catch (Amazon.EC2.AmazonEC2Exception e) { Console.WriteLine("** IP Address already exists in the security group. **"); //Console.WriteLine("Error:" + e); } }
public void AddIngressPermission(IpPermission permission) { var request = new AuthorizeSecurityGroupIngressRequest { GroupId = GetSecurityGroup().GroupId, IpPermissions = { permission } }; try { client.AuthorizeSecurityGroupIngress(request); } catch (AmazonEC2Exception e) { // If the ingress rule already exists then don't complain. The // user might have created it manually or they deleted their // .last-config or .last-ip files. if (e.ErrorCode.Equals("InvalidPermission.Duplicate")) { logger.Warn("Tried to create a duplicate ingress rule for group " + request.GroupId); return; } throw; } }
private PortChangeResult OpenPort(Configs.Rule rule) { var client = new AmazonEC2Client(); AuthorizeSecurityGroupIngressResponse res = null; try { res = client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() { IpPermissions = new List <IpPermission>() { GetIpPermissionRule(rule) }, GroupId = rule.SecurityGroupId }); } catch (AmazonEC2Exception ex) { if (ex.Message.Contains("the specified rule") && ex.Message.Contains("already exists")) { return(new PortChangeResult { Message = $"Success: Connection to port {rule.Port} is (already) OPEN", Color = Color.DarkGreen }); } return(new PortChangeResult { Message = $"Error (Port {rule.Port}): " + ex.Message, Color = Color.DarkRed }); } if (res.HttpStatusCode == HttpStatusCode.OK) { return(new PortChangeResult { Message = $"Success: Connection to port {rule.Port} is OPEN", Color = Color.DarkGreen }); } return(new PortChangeResult { Message = $"Error: couldn't open port {rule.Port}. Code: " + res.HttpStatusCode, Color = Color.DarkRed }); }
private void create_security_group_rule(string key, string secret, Amazon.RegionEndpoint region, string security_group, string serverports, string ipEnpoint = "") { HttpStatusCode ret = HttpStatusCode.OK; string ip = "0.0.0.0"; MailAddress fromMailer = null; MailAddress toMailer = null; string mailhost = ""; int mailport = 0; bool mailssl = false; string mailuser = ""; string mailpass = ""; bool loadConfig = true; string partialmsg = ""; if (ipEnpoint != string.Empty) { ip = get_external_ip(ipEnpoint); } if (loadConfig) { try { fromMailer = new MailAddress(ConfigurationManager.AppSettings["MAIL-FROM"].ToString()); toMailer = new MailAddress(ConfigurationManager.AppSettings["MAIL-TO"].ToString()); mailhost = ConfigurationManager.AppSettings["MAIL-HOST"].ToString(); mailport = int.Parse(ConfigurationManager.AppSettings["MAIL-PORT"].ToString()); mailssl = bool.Parse(ConfigurationManager.AppSettings["MAIL-SSL"].ToString()); mailuser = ConfigurationManager.AppSettings["MAIL-USER"].ToString(); mailpass = ConfigurationManager.AppSettings["MAIL-PASS"].ToString(); ipEnpoint = ConfigurationManager.AppSettings["IP-ENDPOINT"].ToString(); ip = get_external_ip(ipEnpoint); } catch { loadConfig = false; } } if (ip != "") { try { AmazonEC2Client ec2Client = null; AWSCredentials credentials = new Amazon.Runtime.BasicAWSCredentials(key, secret); ec2Client = new AmazonEC2Client(credentials, region); IpRange ipRange = new IpRange { CidrIp = ip + "/32", Description = "Rule created by aws-security-group-access-rule at " + DateTime.Now.ToString() }; var ingressRequest = new AuthorizeSecurityGroupIngressRequest { GroupId = security_group }; var listaPortas = serverports.Split(','); foreach (var item in listaPortas) { var ipPermission = new IpPermission { IpProtocol = "tcp", FromPort = Int16.Parse(item), ToPort = Int16.Parse(item) }; ipPermission.Ipv4Ranges.Add(ipRange); ingressRequest.IpPermissions.Add(ipPermission); } var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); partialmsg += "[AWS Response :: " + ingressResponse.HttpStatusCode.ToString() + "]"; ret = ingressResponse.HttpStatusCode; #region Debug Section /* * switch (ingressResponse.HttpStatusCode) * { * case HttpStatusCode.Continue: partialmsg += ""; break; * case HttpStatusCode.SwitchingProtocols: partialmsg += ""; break; * case HttpStatusCode.OK: partialmsg += ""; break; * case HttpStatusCode.Created: partialmsg += ""; break; * case HttpStatusCode.Accepted: partialmsg += ""; break; * case HttpStatusCode.NonAuthoritativeInformation: partialmsg += ""; break; * case HttpStatusCode.NoContent: partialmsg += ""; break; * case HttpStatusCode.ResetContent: partialmsg += ""; break; * case HttpStatusCode.PartialContent: partialmsg += ""; break; * case HttpStatusCode.MultipleChoices: partialmsg += ""; break; * case HttpStatusCode.MovedPermanently: partialmsg += ""; break; * case HttpStatusCode.Found: partialmsg += ""; break; * case HttpStatusCode.SeeOther: partialmsg += ""; break; * case HttpStatusCode.NotModified: partialmsg += ""; break; * case HttpStatusCode.UseProxy: partialmsg += ""; break; * case HttpStatusCode.Unused: partialmsg += ""; break; * case HttpStatusCode.TemporaryRedirect: partialmsg += ""; break; * case HttpStatusCode.BadRequest: partialmsg += ""; break; * case HttpStatusCode.Unauthorized: partialmsg += ""; break; * case HttpStatusCode.PaymentRequired: partialmsg += ""; break; * case HttpStatusCode.Forbidden: partialmsg += ""; break; * case HttpStatusCode.NotFound: partialmsg += ""; break; * case HttpStatusCode.MethodNotAllowed: partialmsg += ""; break; * case HttpStatusCode.NotAcceptable: partialmsg += ""; break; * case HttpStatusCode.ProxyAuthenticationRequired: partialmsg += ""; break; * case HttpStatusCode.RequestTimeout: partialmsg += ""; break; * case HttpStatusCode.Conflict: partialmsg += ""; break; * case HttpStatusCode.Gone: partialmsg += ""; break; * case HttpStatusCode.LengthRequired: partialmsg += ""; break; * case HttpStatusCode.PreconditionFailed: partialmsg += ""; break; * case HttpStatusCode.RequestEntityTooLarge: partialmsg += ""; break; * case HttpStatusCode.RequestUriTooLong: partialmsg += ""; break; * case HttpStatusCode.UnsupportedMediaType: partialmsg += ""; break; * case HttpStatusCode.RequestedRangeNotSatisfiable: partialmsg += ""; break; * case HttpStatusCode.ExpectationFailed: partialmsg += ""; break; * case HttpStatusCode.UpgradeRequired: partialmsg += ""; break; * case HttpStatusCode.InternalServerError: partialmsg += ""; break; * case HttpStatusCode.NotImplemented: partialmsg += ""; break; * case HttpStatusCode.BadGateway: partialmsg += ""; break; * case HttpStatusCode.ServiceUnavailable: partialmsg += ""; break; * case HttpStatusCode.GatewayTimeout: partialmsg += ""; break; * case HttpStatusCode.HttpVersionNotSupported: partialmsg += ""; break; * } */ #endregion } catch (AmazonEC2Exception ex) { ret = ex.StatusCode; partialmsg += "[ERROR-CODE " + ex.ErrorCode + "] " + ex.Message + "<BR>"; } finally { if (loadConfig) { sendEmail(mailhost, mailport, mailssl, mailuser, mailpass, fromMailer, toMailer, "[aws-security-group-access-rule]" + ret.ToString(), string.Format("Access granted to ports {1} by IP {0}", ip, serverports) ); } } } void sendEmail(string hostname, int port, bool ssl, string user, string pass, MailAddress fromMail, MailAddress toMail, string subject, string message, bool ishtml = false) { MailMessage msg = new MailMessage { Subject = subject, Body = message, IsBodyHtml = ishtml, Priority = MailPriority.High, From = fromMail }; msg.To.Add(toMail); SmtpClient mailClient = new SmtpClient { Host = hostname, Port = port, UseDefaultCredentials = false, Credentials = new NetworkCredential(user, pass), EnableSsl = ssl }; mailClient.Send(msg); } }
// enumerate VPC security group and create a security group for EC2-VPC public void create_lunch_checkstatus_for_istance() { //Create an Amazon EC2 Client Using the the SDK var ec2Client = new AmazonEC2Client(); // enumerate VPC security group string secGroupName = "my-sample-sg-vpc"; SecurityGroup mySG = null; string vpcID = "vpc-7cdc5904"; Amazon.EC2.Model.Filter vpcFilter = new Amazon.EC2.Model.Filter { Name = "vpc-id", Values = new List <string>() { vpcID } }; var dsgRequest = new DescribeSecurityGroupsRequest(); dsgRequest.Filters.Add(vpcFilter); var dsgResponse = ec2Client.DescribeSecurityGroups(dsgRequest); List <SecurityGroup> mySGs = dsgResponse.SecurityGroups; foreach (SecurityGroup item in mySGs) { Console.WriteLine("Existing security group: " + item.GroupId); if (item.GroupName == secGroupName) { mySG = item; } } //create a security group for EC2-VPC if (mySG == null) { var newSGRequest = new CreateSecurityGroupRequest() { GroupName = secGroupName, Description = "My sample security group for EC2-VPC", VpcId = vpcID }; var csgResponse = ec2Client.CreateSecurityGroup(newSGRequest); Console.WriteLine(); Console.WriteLine("New security group: " + csgResponse.GroupId); List <string> Groups = new List <string>() { csgResponse.GroupId }; var newSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = Groups }; var newSgResponse = ec2Client.DescribeSecurityGroups(newSgRequest); mySG = newSgResponse.SecurityGroups[0]; } //Create and initialize an IpPermission object. //iprange = the IP addresses of your local machine string ipRange = "0.0.0.0/0"; List <string> ranges = new List <string>() { ipRange }; var ipPermission = new IpPermission() { IpProtocol = "tcp", //The beginning and end of the port range. This example specifies a single port, 3389, which is used to communicate with Windows over RDP. //it should be changed if u launch a linux instance (use 22 insted ) FromPort = 3389, ToPort = 3389, IpRanges = ranges }; //Create and initialize an AuthorizeSecurityGroupIngressRequest object. var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = mySG.GroupId; ingressRequest.IpPermissions.Add(ipPermission); //Pass the request object to the AuthorizeSecurityGroupIngress method, which returns an AuthorizeSecurityGroupIngressResponse object. var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); Console.WriteLine("New RDP rule for: " + ipRange); //Create and initialize a network interface.for lunch enstance string subnetID = "subnet-048d6c59"; List <string> groups = new List <string>() { mySG.GroupId }; var eni = new InstanceNetworkInterfaceSpecification() { DeviceIndex = 0, SubnetId = subnetID, Groups = groups, AssociatePublicIpAddress = true }; List <InstanceNetworkInterfaceSpecification> enis = new List <InstanceNetworkInterfaceSpecification>() { eni }; string amiID = "ami-06a0d33fc8d328de0"; string keyPairName = "my-sample-key"; var launchRequest = new RunInstancesRequest() { ImageId = amiID, InstanceType = "m3.large", MinCount = 1, MaxCount = 1, KeyName = keyPairName, NetworkInterfaces = enis }; //launch RunInstancesResponse launchResponse = ec2Client.RunInstances(launchRequest); List <String> instanceIds = new List <string>(); foreach (Instance instance in launchResponse.Reservation.Instances) { Console.WriteLine(instance.InstanceId); instanceIds.Add(instance.InstanceId); } //check the status of the enstance var instanceRequest = new DescribeInstancesRequest(); instanceRequest.InstanceIds = new List <string>(); instanceRequest.InstanceIds.AddRange(instanceIds); var response = ec2Client.DescribeInstances(instanceRequest); Console.WriteLine(response.Reservations[0].Instances[0].State.Name); }