public static void AddIPAddressToSecurityGroup()
{
var ec2Client = new AmazonEC2Client();
//Create and Initialize IpPermission Object
var ipPermission = new IpPermission()
{
IpProtocol = "tcp",
FromPort = 3389, //RDP port
ToPort = 3389
};
ipPermission.IpRanges.Add(getExternalIp() + "/32");
//Create and initialize AuthorizeSecurityGroupIngress
var ingressRequest = new AuthorizeSecurityGroupIngressRequest();
ingressRequest.GroupId = ConfigurationManager.AppSettings["AWSSecurityGroupID"];
ingressRequest.IpPermissions.Add(ipPermission);
try
{
//Authorize Ingress
AuthorizeSecurityGroupIngressResponse ingressResponse =
ec2Client.AuthorizeSecurityGroupIngress(ingressRequest);
Console.WriteLine("IP address added to security group");
}
catch (Amazon.EC2.AmazonEC2Exception e)
{
Console.WriteLine("** IP Address already exists in the security group. **");
//Console.WriteLine("Error:" + e);
}
}
public void AddIngressPermission(IpPermission permission)
{
var request = new AuthorizeSecurityGroupIngressRequest
{
GroupId = GetSecurityGroup().GroupId,
IpPermissions = { permission }
};
try
{
client.AuthorizeSecurityGroupIngress(request);
}
catch (AmazonEC2Exception e)
{
// If the ingress rule already exists then don't complain. The
// user might have created it manually or they deleted their
// .last-config or .last-ip files.
if (e.ErrorCode.Equals("InvalidPermission.Duplicate"))
{
logger.Warn("Tried to create a duplicate ingress rule for group " + request.GroupId);
return;
}
throw;
}
}
private PortChangeResult OpenPort(Configs.Rule rule)
{
var client = new AmazonEC2Client();
AuthorizeSecurityGroupIngressResponse res = null;
try
{
res = client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest()
{
IpPermissions = new List <IpPermission>()
{
GetIpPermissionRule(rule)
},
GroupId = rule.SecurityGroupId
});
}
catch (AmazonEC2Exception ex)
{
if (ex.Message.Contains("the specified rule") && ex.Message.Contains("already exists"))
{
return(new PortChangeResult
{
Message = $"Success: Connection to port {rule.Port} is (already) OPEN",
Color = Color.DarkGreen
});
}
return(new PortChangeResult
{
Message = $"Error (Port {rule.Port}): " + ex.Message,
Color = Color.DarkRed
});
}
if (res.HttpStatusCode == HttpStatusCode.OK)
{
return(new PortChangeResult
{
Message = $"Success: Connection to port {rule.Port} is OPEN",
Color = Color.DarkGreen
});
}
return(new PortChangeResult
{
Message = $"Error: couldn't open port {rule.Port}. Code: " + res.HttpStatusCode,
Color = Color.DarkRed
});
}
private void create_security_group_rule(string key, string secret, Amazon.RegionEndpoint region, string security_group, string serverports, string ipEnpoint = "")
{
HttpStatusCode ret = HttpStatusCode.OK;
string ip = "0.0.0.0";
MailAddress fromMailer = null;
MailAddress toMailer = null;
string mailhost = "";
int mailport = 0;
bool mailssl = false;
string mailuser = "";
string mailpass = "";
bool loadConfig = true;
string partialmsg = "";
if (ipEnpoint != string.Empty)
{
ip = get_external_ip(ipEnpoint);
}
if (loadConfig)
{
try
{
fromMailer = new MailAddress(ConfigurationManager.AppSettings["MAIL-FROM"].ToString());
toMailer = new MailAddress(ConfigurationManager.AppSettings["MAIL-TO"].ToString());
mailhost = ConfigurationManager.AppSettings["MAIL-HOST"].ToString();
mailport = int.Parse(ConfigurationManager.AppSettings["MAIL-PORT"].ToString());
mailssl = bool.Parse(ConfigurationManager.AppSettings["MAIL-SSL"].ToString());
mailuser = ConfigurationManager.AppSettings["MAIL-USER"].ToString();
mailpass = ConfigurationManager.AppSettings["MAIL-PASS"].ToString();
ipEnpoint = ConfigurationManager.AppSettings["IP-ENDPOINT"].ToString();
ip = get_external_ip(ipEnpoint);
}
catch { loadConfig = false; }
}
if (ip != "")
{
try
{
AmazonEC2Client ec2Client = null;
AWSCredentials credentials = new Amazon.Runtime.BasicAWSCredentials(key, secret);
ec2Client = new AmazonEC2Client(credentials, region);
IpRange ipRange = new IpRange
{
CidrIp = ip + "/32",
Description = "Rule created by aws-security-group-access-rule at " + DateTime.Now.ToString()
};
var ingressRequest = new AuthorizeSecurityGroupIngressRequest
{
GroupId = security_group
};
var listaPortas = serverports.Split(',');
foreach (var item in listaPortas)
{
var ipPermission = new IpPermission
{
IpProtocol = "tcp",
FromPort = Int16.Parse(item),
ToPort = Int16.Parse(item)
};
ipPermission.Ipv4Ranges.Add(ipRange);
ingressRequest.IpPermissions.Add(ipPermission);
}
var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest);
partialmsg += "[AWS Response :: " + ingressResponse.HttpStatusCode.ToString() + "]";
ret = ingressResponse.HttpStatusCode;
#region Debug Section
/*
* switch (ingressResponse.HttpStatusCode)
* {
* case HttpStatusCode.Continue: partialmsg += ""; break;
* case HttpStatusCode.SwitchingProtocols: partialmsg += ""; break;
* case HttpStatusCode.OK: partialmsg += ""; break;
* case HttpStatusCode.Created: partialmsg += ""; break;
* case HttpStatusCode.Accepted: partialmsg += ""; break;
* case HttpStatusCode.NonAuthoritativeInformation: partialmsg += ""; break;
* case HttpStatusCode.NoContent: partialmsg += ""; break;
* case HttpStatusCode.ResetContent: partialmsg += ""; break;
* case HttpStatusCode.PartialContent: partialmsg += ""; break;
* case HttpStatusCode.MultipleChoices: partialmsg += ""; break;
* case HttpStatusCode.MovedPermanently: partialmsg += ""; break;
* case HttpStatusCode.Found: partialmsg += ""; break;
* case HttpStatusCode.SeeOther: partialmsg += ""; break;
* case HttpStatusCode.NotModified: partialmsg += ""; break;
* case HttpStatusCode.UseProxy: partialmsg += ""; break;
* case HttpStatusCode.Unused: partialmsg += ""; break;
* case HttpStatusCode.TemporaryRedirect: partialmsg += ""; break;
* case HttpStatusCode.BadRequest: partialmsg += ""; break;
* case HttpStatusCode.Unauthorized: partialmsg += ""; break;
* case HttpStatusCode.PaymentRequired: partialmsg += ""; break;
* case HttpStatusCode.Forbidden: partialmsg += ""; break;
* case HttpStatusCode.NotFound: partialmsg += ""; break;
* case HttpStatusCode.MethodNotAllowed: partialmsg += ""; break;
* case HttpStatusCode.NotAcceptable: partialmsg += ""; break;
* case HttpStatusCode.ProxyAuthenticationRequired: partialmsg += ""; break;
* case HttpStatusCode.RequestTimeout: partialmsg += ""; break;
* case HttpStatusCode.Conflict: partialmsg += ""; break;
* case HttpStatusCode.Gone: partialmsg += ""; break;
* case HttpStatusCode.LengthRequired: partialmsg += ""; break;
* case HttpStatusCode.PreconditionFailed: partialmsg += ""; break;
* case HttpStatusCode.RequestEntityTooLarge: partialmsg += ""; break;
* case HttpStatusCode.RequestUriTooLong: partialmsg += ""; break;
* case HttpStatusCode.UnsupportedMediaType: partialmsg += ""; break;
* case HttpStatusCode.RequestedRangeNotSatisfiable: partialmsg += ""; break;
* case HttpStatusCode.ExpectationFailed: partialmsg += ""; break;
* case HttpStatusCode.UpgradeRequired: partialmsg += ""; break;
* case HttpStatusCode.InternalServerError: partialmsg += ""; break;
* case HttpStatusCode.NotImplemented: partialmsg += ""; break;
* case HttpStatusCode.BadGateway: partialmsg += ""; break;
* case HttpStatusCode.ServiceUnavailable: partialmsg += ""; break;
* case HttpStatusCode.GatewayTimeout: partialmsg += ""; break;
* case HttpStatusCode.HttpVersionNotSupported: partialmsg += ""; break;
* }
*/
#endregion
}
catch (AmazonEC2Exception ex)
{
ret = ex.StatusCode;
partialmsg += "[ERROR-CODE " + ex.ErrorCode + "] " + ex.Message + "<BR>";
}
finally
{
if (loadConfig)
{
sendEmail(mailhost, mailport, mailssl, mailuser, mailpass, fromMailer, toMailer,
"[aws-security-group-access-rule]" + ret.ToString(),
string.Format("Access granted to ports {1} by IP {0}",
ip, serverports)
);
}
}
}
void sendEmail(string hostname, int port, bool ssl, string user, string pass, MailAddress fromMail, MailAddress toMail, string subject, string message, bool ishtml = false)
{
MailMessage msg = new MailMessage
{
Subject = subject,
Body = message,
IsBodyHtml = ishtml,
Priority = MailPriority.High,
From = fromMail
};
msg.To.Add(toMail);
SmtpClient mailClient = new SmtpClient
{
Host = hostname,
Port = port,
UseDefaultCredentials = false,
Credentials = new NetworkCredential(user, pass),
EnableSsl = ssl
};
mailClient.Send(msg);
}
}
// enumerate VPC security group and create a security group for EC2-VPC
public void create_lunch_checkstatus_for_istance()
{
//Create an Amazon EC2 Client Using the the SDK
var ec2Client = new AmazonEC2Client();
// enumerate VPC security group
string secGroupName = "my-sample-sg-vpc";
SecurityGroup mySG = null;
string vpcID = "vpc-7cdc5904";
Amazon.EC2.Model.Filter vpcFilter = new Amazon.EC2.Model.Filter
{
Name = "vpc-id",
Values = new List <string>()
{
vpcID
}
};
var dsgRequest = new DescribeSecurityGroupsRequest();
dsgRequest.Filters.Add(vpcFilter);
var dsgResponse = ec2Client.DescribeSecurityGroups(dsgRequest);
List <SecurityGroup> mySGs = dsgResponse.SecurityGroups;
foreach (SecurityGroup item in mySGs)
{
Console.WriteLine("Existing security group: " + item.GroupId);
if (item.GroupName == secGroupName)
{
mySG = item;
}
}
//create a security group for EC2-VPC
if (mySG == null)
{
var newSGRequest = new CreateSecurityGroupRequest()
{
GroupName = secGroupName,
Description = "My sample security group for EC2-VPC",
VpcId = vpcID
};
var csgResponse = ec2Client.CreateSecurityGroup(newSGRequest);
Console.WriteLine();
Console.WriteLine("New security group: " + csgResponse.GroupId);
List <string> Groups = new List <string>()
{
csgResponse.GroupId
};
var newSgRequest = new DescribeSecurityGroupsRequest()
{
GroupIds = Groups
};
var newSgResponse = ec2Client.DescribeSecurityGroups(newSgRequest);
mySG = newSgResponse.SecurityGroups[0];
}
//Create and initialize an IpPermission object.
//iprange = the IP addresses of your local machine
string ipRange = "0.0.0.0/0";
List <string> ranges = new List <string>()
{
ipRange
};
var ipPermission = new IpPermission()
{
IpProtocol = "tcp",
//The beginning and end of the port range. This example specifies a single port, 3389, which is used to communicate with Windows over RDP.
//it should be changed if u launch a linux instance (use 22 insted )
FromPort = 3389,
ToPort = 3389,
IpRanges = ranges
};
//Create and initialize an AuthorizeSecurityGroupIngressRequest object.
var ingressRequest = new AuthorizeSecurityGroupIngressRequest();
ingressRequest.GroupId = mySG.GroupId;
ingressRequest.IpPermissions.Add(ipPermission);
//Pass the request object to the AuthorizeSecurityGroupIngress method, which returns an AuthorizeSecurityGroupIngressResponse object.
var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest);
Console.WriteLine("New RDP rule for: " + ipRange);
//Create and initialize a network interface.for lunch enstance
string subnetID = "subnet-048d6c59";
List <string> groups = new List <string>()
{
mySG.GroupId
};
var eni = new InstanceNetworkInterfaceSpecification()
{
DeviceIndex = 0,
SubnetId = subnetID,
Groups = groups,
AssociatePublicIpAddress = true
};
List <InstanceNetworkInterfaceSpecification> enis = new List <InstanceNetworkInterfaceSpecification>()
{
eni
};
string amiID = "ami-06a0d33fc8d328de0";
string keyPairName = "my-sample-key";
var launchRequest = new RunInstancesRequest()
{
ImageId = amiID,
InstanceType = "m3.large",
MinCount = 1,
MaxCount = 1,
KeyName = keyPairName,
NetworkInterfaces = enis
};
//launch
RunInstancesResponse launchResponse = ec2Client.RunInstances(launchRequest);
List <String> instanceIds = new List <string>();
foreach (Instance instance in launchResponse.Reservation.Instances)
{
Console.WriteLine(instance.InstanceId);
instanceIds.Add(instance.InstanceId);
}
//check the status of the enstance
var instanceRequest = new DescribeInstancesRequest();
instanceRequest.InstanceIds = new List <string>();
instanceRequest.InstanceIds.AddRange(instanceIds);
var response = ec2Client.DescribeInstances(instanceRequest);
Console.WriteLine(response.Reservations[0].Instances[0].State.Name);
}
