public void SetSecurityGroupRules(string groupId, List <IpPermission> ipPermissions)
{
var request = new AuthorizeSecurityGroupIngressRequest
{
GroupId = groupId,
IpPermissions = ipPermissions
};
_ec2Client.AuthorizeSecurityGroupIngress(request);
}
private static string CreateSecurityGroup(IAmazonEC2 client, string vpcId, string groupName)
{
// Create a new empty group
var newSgRequest = new CreateSecurityGroupRequest()
{
GroupName = groupName,
Description = "Security group for AWS Talk",
VpcId = vpcId
};
// Get a handle to the newly created group
var newSgResponse = client.CreateSecurityGroup(newSgRequest);
var groups = new List <string>()
{
newSgResponse.GroupId
};
var createdSgRequest = new DescribeSecurityGroupsRequest()
{
GroupIds = groups
};
var createdSgResponse = client.DescribeSecurityGroups(createdSgRequest);
SecurityGroup theNewGroup = createdSgResponse.SecurityGroups[0];
// Add permissions to the group
var ingressRequest = new AuthorizeSecurityGroupIngressRequest();
ingressRequest.GroupId = theNewGroup.GroupId;
ingressRequest.IpPermissions.Add(new IpPermission()
{
IpProtocol = "tcp", FromPort = 3389, ToPort = 3389, IpRanges = new List <string>()
{
"0.0.0.0/0"
}
}); // RDP
ingressRequest.IpPermissions.Add(new IpPermission()
{
IpProtocol = "tcp", FromPort = 9999, ToPort = 9999, IpRanges = new List <string>()
{
"0.0.0.0/0"
}
}); // Worker API
client.AuthorizeSecurityGroupIngress(ingressRequest);
return(newSgResponse.GroupId);
}
SecurityGroup AddSGIPrermissions(IAmazonEC2 ec2, SecurityGroup SG)
{
string ipRange = "0.0.0.0/0";
List <string> ranges = new List <string>()
{
ipRange
};
var ipPermission1 = new IpPermission();
ipPermission1.IpProtocol = "tcp";
ipPermission1.FromPort = 22;
ipPermission1.ToPort = 22;
ipPermission1.IpRanges = ranges;
var ipPermission2 = new IpPermission();
ipPermission2.IpProtocol = "tcp";
ipPermission2.FromPort = 3389;
ipPermission2.ToPort = 3389;
ipPermission2.IpRanges = ranges;
// MessageBox.Show(SG.GroupId);
// foreach ( IpPermission ipper in SG.IpPermissions)
// {
// ipper.FromPort
//
// }
try
{
SG.IpPermissions.Add(ipPermission1);
SG.IpPermissions.Add(ipPermission2);
AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest();
authorizeSecurityGroupIngressRequest.GroupId = SG.GroupId;
//authorizeSecurityGroupIngressRequest.GroupName = MySG.GroupName;
authorizeSecurityGroupIngressRequest.IpPermissions.Add(ipPermission1);
authorizeSecurityGroupIngressRequest.IpPermissions.Add(ipPermission2);
ec2.AuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest);
}
catch (Exception ex)
{
}
return(SG);
}
private Amazon.EC2.Model.AuthorizeSecurityGroupIngressResponse CallAWSServiceOperation(IAmazonEC2 client, Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "Amazon Elastic Compute Cloud (EC2)", "AuthorizeSecurityGroupIngress");
try
{
#if DESKTOP
return(client.AuthorizeSecurityGroupIngress(request));
#elif CORECLR
return(client.AuthorizeSecurityGroupIngressAsync(request).GetAwaiter().GetResult());
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
/// <summary>
/// This method will create a VPC, a public subnet, private subnet and a NAT EC2 instance to allow EC2 instances in the private
/// subnet to establish outbound connections to the internet.
/// </summary>
/// <param name="ec2Client">The ec2client used to create the VPC</param>
/// <param name="request">The properties used to create the VPC.</param>
/// <returns>The response contains all the VPC objects that were created.</returns>
public static LaunchVPCWithPublicAndPrivateSubnetsResponse LaunchVPCWithPublicAndPrivateSubnets(IAmazonEC2 ec2Client, LaunchVPCWithPublicAndPrivateSubnetsRequest request)
{
LaunchVPCWithPublicAndPrivateSubnetsResponse response = new LaunchVPCWithPublicAndPrivateSubnetsResponse();
LaunchVPCWithPublicSubnet(ec2Client, request, response);
response.PrivateSubnet = ec2Client.CreateSubnet(new CreateSubnetRequest()
{
AvailabilityZone = request.PrivateSubnetAvailabilityZone ?? response.PublicSubnet.AvailabilityZone,
CidrBlock = request.PrivateSubnetCiderBlock,
VpcId = response.VPC.VpcId
}).Subnet;
WriteProgress(request.ProgressCallback, "Created private subnet {0}", response.PublicSubnet.SubnetId);
WaitTillTrue(((Func <bool>)(() => (ec2Client.DescribeSubnets(new DescribeSubnetsRequest()
{
SubnetIds = new List <string>()
{
response.PrivateSubnet.SubnetId
}
}).Subnets.Count == 1))));
ec2Client.CreateTags(new CreateTagsRequest()
{
Resources = new List <string>()
{
response.PrivateSubnet.SubnetId
},
Tags = new List <Tag>()
{
new Tag()
{
Key = "Name", Value = "Private"
}
}
});
WriteProgress(request.ProgressCallback, "Launching NAT instance");
response.NATInstance = LaunchNATInstance(ec2Client, new LaunchNATInstanceRequest()
{
InstanceType = request.InstanceType,
KeyName = request.KeyName,
SubnetId = response.PublicSubnet.SubnetId
});
WriteProgress(request.ProgressCallback, "NAT instance is available");
var defaultRouteTable = GetDefaultRouteTable(ec2Client, response.VPC.VpcId);
if (defaultRouteTable == null)
{
throw new AmazonEC2Exception("No default route table found for VPC");
}
ec2Client.CreateRoute(new CreateRouteRequest()
{
RouteTableId = defaultRouteTable.RouteTableId,
DestinationCidrBlock = "0.0.0.0/0",
InstanceId = response.NATInstance.InstanceId
});
WriteProgress(request.ProgressCallback, "Added route to the NAT instance in the default route table");
if (request.ConfigureDefaultVPCGroupForNAT)
{
var defaultSecurityGroup = GetDefaultSecurityGroup(ec2Client, response.VPC.VpcId);
var groupId = ec2Client.CreateSecurityGroup(new CreateSecurityGroupRequest()
{
VpcId = response.VPC.VpcId,
GroupName = "NATGroup",
Description = "Give EC2 Instances access through the NAT"
}).GroupId;
WriteProgress(request.ProgressCallback, "Created security group for NAT configuration");
IpPermission spec = new IpPermission
{
IpProtocol = "-1",
IpRanges = new List <string> {
"0.0.0.0/0"
},
UserIdGroupPairs = new List <UserIdGroupPair>()
{
new UserIdGroupPair()
{
GroupId = groupId
}
}
};
ec2Client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest()
{
IpPermissions = new List <IpPermission>()
{
spec
},
GroupId = defaultSecurityGroup.GroupId
});
WriteProgress(request.ProgressCallback, "Added permission to the default security group {0} to allow traffic from security group {1}", defaultSecurityGroup.GroupId, groupId);
response.NATSecurityGroup = ec2Client.DescribeSecurityGroups(new DescribeSecurityGroupsRequest()
{
GroupIds = new List <string>()
{
groupId
}
}).SecurityGroups[0];
}
return(response);
}
/// <summary>
/// This method will create a VPC, a public subnet, private subnet and a NAT EC2 instance to allow EC2 instances in the private
/// subnet to establish outbound connections to the internet.
/// </summary>
/// <param name="ec2Client">The ec2client used to create the VPC</param>
/// <param name="request">The properties used to create the VPC.</param>
/// <returns>The response contains all the VPC objects that were created.</returns>
public static LaunchVPCWithPublicAndPrivateSubnetsResponse LaunchVPCWithPublicAndPrivateSubnets(IAmazonEC2 ec2Client, LaunchVPCWithPublicAndPrivateSubnetsRequest request)
{
LaunchVPCWithPublicAndPrivateSubnetsResponse response = new LaunchVPCWithPublicAndPrivateSubnetsResponse();
LaunchVPCWithPublicSubnet(ec2Client, request, response);
response.PrivateSubnet = ec2Client.CreateSubnet(new CreateSubnetRequest()
{
AvailabilityZone = request.PrivateSubnetAvailabilityZone ?? response.PublicSubnet.AvailabilityZone,
CidrBlock = request.PrivateSubnetCiderBlock,
VpcId = response.VPC.VpcId
}).Subnet;
WriteProgress(request.ProgressCallback, "Created private subnet {0}", response.PublicSubnet.SubnetId);
WaitTillTrue(((Func<bool>)(() => (ec2Client.DescribeSubnets(new DescribeSubnetsRequest() { SubnetIds = new List<string>() { response.PrivateSubnet.SubnetId } }).Subnets.Count == 1))));
ec2Client.CreateTags(new CreateTagsRequest()
{
Resources = new List<string>() { response.PrivateSubnet.SubnetId },
Tags = new List<Tag>() { new Tag() { Key = "Name", Value = "Private" } }
});
WriteProgress(request.ProgressCallback, "Launching NAT instance");
response.NATInstance = LaunchNATInstance(ec2Client, new LaunchNATInstanceRequest()
{
InstanceType = request.InstanceType,
KeyName = request.KeyName,
SubnetId = response.PublicSubnet.SubnetId
});
WriteProgress(request.ProgressCallback, "NAT instance is available");
var defaultRouteTable = GetDefaultRouteTable(ec2Client, response.VPC.VpcId);
if (defaultRouteTable == null)
throw new AmazonEC2Exception("No default route table found for VPC");
ec2Client.CreateRoute(new CreateRouteRequest()
{
RouteTableId = defaultRouteTable.RouteTableId,
DestinationCidrBlock = "0.0.0.0/0",
InstanceId = response.NATInstance.InstanceId
});
WriteProgress(request.ProgressCallback, "Added route to the NAT instance in the default route table");
if (request.ConfigureDefaultVPCGroupForNAT)
{
var defaultSecurityGroup = GetDefaultSecurityGroup(ec2Client, response.VPC.VpcId);
var groupId = ec2Client.CreateSecurityGroup(new CreateSecurityGroupRequest()
{
VpcId = response.VPC.VpcId,
GroupName = "NATGroup",
Description = "Give EC2 Instances access through the NAT"
}).GroupId;
WriteProgress(request.ProgressCallback, "Created security group for NAT configuration");
IpPermission spec = new IpPermission
{
IpProtocol = "-1",
IpRanges = new List<string>{ "0.0.0.0/0"},
UserIdGroupPairs = new List<UserIdGroupPair>() { new UserIdGroupPair() { GroupId = groupId } }
};
ec2Client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest()
{
IpPermissions = new List<IpPermission>() { spec },
GroupId = defaultSecurityGroup.GroupId
});
WriteProgress(request.ProgressCallback, "Added permission to the default security group {0} to allow traffic from security group {1}", defaultSecurityGroup.GroupId, groupId);
response.NATSecurityGroup = ec2Client.DescribeSecurityGroups(new DescribeSecurityGroupsRequest()
{
GroupIds = new List<string>(){ groupId }
}).SecurityGroups[0];
}
return response;
}
private static string CreateSecurityGroup(IAmazonEC2 client, string vpcId, string groupName)
{
// Create a new empty group
var newSgRequest = new CreateSecurityGroupRequest()
{
GroupName = groupName,
Description = "Security group for AWS Talk",
VpcId = vpcId
};
// Get a handle to the newly created group
var newSgResponse = client.CreateSecurityGroup(newSgRequest);
var groups = new List<string>() { newSgResponse.GroupId };
var createdSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = groups };
var createdSgResponse = client.DescribeSecurityGroups(createdSgRequest);
SecurityGroup theNewGroup = createdSgResponse.SecurityGroups[0];
// Add permissions to the group
var ingressRequest = new AuthorizeSecurityGroupIngressRequest();
ingressRequest.GroupId = theNewGroup.GroupId;
ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 3389, ToPort = 3389, IpRanges = new List<string>() { "0.0.0.0/0" } }); // RDP
ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 9999, ToPort = 9999, IpRanges = new List<string>() { "0.0.0.0/0" } }); // Worker API
client.AuthorizeSecurityGroupIngress(ingressRequest);
return newSgResponse.GroupId;
}
