/// <summary>
/// Used to modify cloudformation cross account artifacts to bucket owner full access.
/// </summary>
/// <param name="jobEvent">CodePipeline event.</param>
/// <param name="context">Lambda Context</param>
/// <returns>Job success of the Lambda</returns>
public async Task <AmazonWebServiceResponse> FixCloudFormationOutputArtifactAcl(CodePipelineJobEvent jobEvent, ILambdaContext context)
{
var jobId = jobEvent.CodePipelineJob.Id;
context.Logger.LogLine($"JobId: {jobId}");
using (var codePipelineClient = new AmazonCodePipelineClient())
using (var stsClient = new AmazonSecurityTokenServiceClient())
{
try
{
var jobData = jobEvent.CodePipelineJob.Data;
// Assume the role in the cloudformation account that screwed up the bucket permissions
// for the output object
var userParameters = jobData.ActionConfiguration.Configuration["UserParameters"];
var paramDict = JsonConvert.DeserializeObject <Dictionary <string, string> >(userParameters);
var roleArn = paramDict["RoleArn"];
var assumeRoleRequest = new AssumeRoleRequest
{
RoleArn = roleArn,
RoleSessionName = "codepipeline",
DurationSeconds = 900
};
var assumeRoleResponse = await stsClient.AssumeRoleAsync(assumeRoleRequest);
// Setup an S3 Client with the sts creds
var s3Client = new AmazonS3Client(assumeRoleResponse.Credentials);
// Update the ACLs of the input artifacts
foreach (var inputArtifact in jobData.InputArtifacts)
{
var bucketName = inputArtifact.Location.S3Location.BucketName;
var bucketKey = inputArtifact.Location.S3Location.ObjectKey;
context.Logger.LogLine($"Fixing {bucketName}/{bucketKey}");
var putObjectAclRequest = new PutACLRequest
{
BucketName = bucketName,
CannedACL = S3CannedACL.BucketOwnerFullControl,
Key = bucketKey
};
await s3Client.PutACLAsync(putObjectAclRequest);
}
// Send the success response
var successResultRequest = new PutJobSuccessResultRequest
{
JobId = jobId
};
return(await codePipelineClient.PutJobSuccessResultAsync(successResultRequest));
}
catch (Exception ex)
{
// Send the failure response and log
return(await DoException(codePipelineClient, ex, jobId, context));
}
}
}
public void SetFileAcl(string key)
{
var request = new PutACLRequest();
request.Key = key;
request.BucketName = BucketName;
request.CannedACL = S3CannedACL.PublicRead;
var response = _client.PutACL(request);
}
/// <summary>
/// Sets up the request needed to make an exact copy of the object leaving the parent method
/// the ability to change just the attribute being requested to change.
/// </summary>
/// <param name="bucketName"></param>
/// <param name="key"></param>
/// <param name="version"></param>
/// <param name="s3Client"></param>
/// <param name="copyRequest"></param>
/// <param name="putACLRequest"></param>
static void SetupForObjectModification(IAmazonS3 s3Client, string bucketName, string key, string version,
out CopyObjectRequest copyRequest, out PutACLRequest putACLRequest)
{
// Get the existing ACL of the object
GetACLRequest getACLRequest = new GetACLRequest();
getACLRequest.BucketName = bucketName;
getACLRequest.Key = key;
if (version != null)
{
getACLRequest.VersionId = version;
}
GetACLResponse getACLResponse = s3Client.GetACL(getACLRequest);
// Set the object's original ACL back onto it because a COPY
// operation resets the ACL on the destination object.
putACLRequest = new PutACLRequest();
putACLRequest.BucketName = bucketName;
putACLRequest.Key = key;
putACLRequest.AccessControlList = getACLResponse.AccessControlList;
ListObjectsResponse listObjectResponse = s3Client.ListObjects(new ListObjectsRequest
{
BucketName = bucketName,
Prefix = key,
MaxKeys = 1
});
if (listObjectResponse.S3Objects.Count != 1)
{
throw new InvalidOperationException("No object exists with this bucket name and key.");
}
GetObjectMetadataRequest getMetaRequest = new GetObjectMetadataRequest()
{
BucketName = bucketName,
Key = key
};
GetObjectMetadataResponse getMetaResponse = s3Client.GetObjectMetadata(getMetaRequest);
// Set the storage class on the object
copyRequest = new CopyObjectRequest();
copyRequest.SourceBucket = copyRequest.DestinationBucket = bucketName;
copyRequest.SourceKey = copyRequest.DestinationKey = key;
copyRequest.StorageClass = listObjectResponse.S3Objects[0].StorageClass == "STANDARD" ? S3StorageClass.Standard : S3StorageClass.ReducedRedundancy;
if (version != null)
{
copyRequest.SourceVersionId = version;
}
copyRequest.WebsiteRedirectLocation = getMetaResponse.WebsiteRedirectLocation;
copyRequest.ServerSideEncryptionMethod = getMetaResponse.ServerSideEncryptionMethod;
}
/// <summary>
/// Sets the S3 Object's ACL
/// </summary>
/// <param name="cannedACL">CannedACL assigned to object</param>
public void SetACL(S3CannedACL cannedACL)
{
var request = new PutACLRequest
{
BucketName = this.linker.s3.bucket,
Key = this.linker.s3.key,
CannedACL = cannedACL
};
this.s3ClientCache.GetClient(this.RegionAsEndpoint).PutACL(request);
}
void ICoreAmazonS3.MakeObjectPublic(string bucket, string objectKey, bool enable)
{
var request = new PutACLRequest
{
BucketName = bucket,
Key = objectKey,
CannedACL = enable ? S3CannedACL.PublicRead : S3CannedACL.Private
};
this.PutACL(request);
}
/// <summary>
/// Set access rights of an object.
/// </summary>
/// <param name="bucketName">The name of the bucket.</param>
/// <param name="key">The key of the object.</param>
/// <param name="acl">The desired access rights.</param>
public void SetAcl(string bucketName, string key, S3CannedACL acl)
{
var request = new PutACLRequest
{
BucketName = bucketName,
CannedACL = acl,
Key = key
};
_amazonS3Client.PutACL(request);
}
/// <summary>
/// Sets the S3 Objects's ACL
/// </summary>
/// <param name="acl">ACL assigned to the S3 object</param>
public void SetACL(S3AccessControlList acl)
{
var request = new PutACLRequest
{
BucketName = this.linker.s3.bucket,
Key = this.linker.s3.key,
AccessControlList = acl
};
this.s3ClientCache.GetClient(this.RegionAsEndpoint).PutACL(request);
}
/// <summary>
/// If enable is set to true the object will have its permission set to PublicRead otherwise the permissions will be set to Private.
/// </summary>
/// <param name="enable">If true the object will have its permission set to PublicRead otherwise the permissions will be set to Private.</param>
public void MakeS3ObjectPublic(bool enable)
{
var request = new PutACLRequest
{
BucketName = this.linker.s3.bucket,
Key = this.linker.s3.key,
CannedACL = enable ? S3CannedACL.PublicRead : S3CannedACL.Private
};
this.s3ClientCache.GetClient(this.RegionAsEndpoint).PutACL(request);
}
public void UpdateObjectACL()
{
PutACLRequest request = new PutACLRequest {
BucketName = strBucketName, Key = strObjectName, CannedACL = S3CannedACL.PublicRead
};
var response = client.PutACL(request);
if (response.HttpStatusCode.IsSuccess())
{
Console.WriteLine("Object ACL Updated Successfully");
}
}
public virtual void MakeObjectPublic(AmazonS3Client s3Client, string bucketName, string key)
{
// Create the request
var putAclRequest = new PutACLRequest {
BucketName = bucketName,
Key = key,
CannedACL = S3CannedACL.PublicRead
};
// Submit the request
s3Client.PutACL(putAclRequest);
}
public static async Task UploadFileAsync(Stream FileStream, string bucketName, string keyName)
{
s3Client = new AmazonS3Client(bucketRegion);
var fileTransferUtility = new TransferUtility(s3Client);
await fileTransferUtility.UploadAsync(FileStream, bucketName, keyName);
PutACLRequest request = new PutACLRequest
{
BucketName = bucketName,
Key = keyName,
CannedACL = S3CannedACL.PublicRead
};
await s3Client.PutACLAsync(request);
}
static void WriteObjectAcl()
{
string id = Common.InputString("Key:", null, false);
string owner = Common.InputString("Owner:", "default", false);
try
{
PutACLRequest request = new PutACLRequest
{
BucketName = _Bucket,
Key = id
};
request.Key = id;
request.AccessControlList = new S3AccessControlList();
request.AccessControlList.Owner = new Owner();
request.AccessControlList.Owner.DisplayName = owner;
request.AccessControlList.Grants = new List <S3Grant>();
S3Grant grant = new S3Grant();
S3Grantee grantee = new S3Grantee();
grantee.CanonicalUser = owner;
grantee.DisplayName = owner;
grantee.EmailAddress = owner;
grant.Grantee = grantee;
request.AccessControlList.Grants.Add(grant);
PutACLResponse response = _S3Client.PutACLAsync(request).Result;
int statusCode = (int)response.HttpStatusCode;
if (response != null)
{
Console.WriteLine("Success");
return;
}
else
{
Console.WriteLine("Failed");
return;
}
}
catch (Exception e)
{
Console.WriteLine(Common.SerializeJson(e, true));
}
}
static void Main(string[] args)
{
string AccessKey = " *** Enter Access Key Here *** ";
string SecretKey = " *** Enter Secret Key Here *** ";
string NameOfTheBucket = " *** Name Of The Bucket *** ";
string MakeStatus = " *** private/publicread/publicreadwrite *** ";
string RegionOfTheBucket = " *** Enter The Region Of The Bucket (Eg: mumbai) ***";
MakeStatus = MakeStatus.ToLower();
RegionOfTheBucket = RegionOfTheBucket.ToLower();
try
{
AmazonS3Client client = new AmazonS3Client(AccessKey, SecretKey, Amazon.RegionEndpoint.GetBySystemName(ClientRegion(RegionOfTheBucket)));
if (MakeStatus == "publicread")
{
PutACLRequest Request = new PutACLRequest
{
BucketName = NameOfTheBucket,
CannedACL = S3CannedACL.PublicRead
};
client.PutACL(Request);
}
else if (MakeStatus == "publicreadwrite")
{
PutACLRequest Request = new PutACLRequest
{
BucketName = NameOfTheBucket,
CannedACL = S3CannedACL.PublicReadWrite
};
client.PutACL(Request);
}
else if (MakeStatus == "private")
{
PutACLRequest Request = new PutACLRequest
{
BucketName = NameOfTheBucket,
CannedACL = S3CannedACL.Private
};
client.PutACL(Request);
}
Console.WriteLine("Access type changed");
}
catch (Exception e)
{
Console.WriteLine("ERROR MESSAGE : " + e.Message);
}
Console.ReadLine();
}
public static void MakePublic(string fileKey)
{
if (!IsUseS3)
{
return;
}
using (IAmazonS3 client = new AmazonS3Client(Region))
{
PutACLRequest request = new PutACLRequest();
request.BucketName = Bucket;
request.Key = fileKey;
request.CannedACL = S3CannedACL.PublicRead;
client.PutACL(request);
}
}
public void RequiredUriParameterBucketForPutAcl(string bucket, string key)
{
var request = new PutACLRequest()
{
BucketName = bucket, Key = key
};
if (string.IsNullOrEmpty(bucket)) //Key can be null
{
Assert.ThrowsException <ArgumentException>(() => PutACLRequestMarshaller.Instance.Marshall(request));
}
else
{
PutACLRequestMarshaller.Instance.Marshall(request);
}
}
static void MakePublic(string _key)
{
try
{
PutACLRequest request = new PutACLRequest();
request.BucketName = bucketName;
request.Key = _key;
request.CannedACL = S3CannedACL.PublicRead;
s3Client.PutACL(request);
}
catch (Exception ex)
{
Console.WriteLine("\t\t\tERROR! Could not make file: " + _key + " Public Read!");
Console.WriteLine("\t\t\tMessage: " + ex.Message);
}
}
public void UpdateObjectACL()
{
PutACLRequest request = new PutACLRequest
{
BucketName = bucketName,
Key = keyValue,
CannedACL = S3CannedACL.PublicRead
};
var response = client.PutACL(request);
if (response.HttpStatusCode == System.Net.HttpStatusCode.OK)
{
Console.WriteLine("basarlı, okuma izni.");
}
Console.ReadLine();
}
/// <summary>
///
/// <para>SetFileAccessibility:</para>
///
/// <para>Changes accessibility of a file in the File Service</para>
///
/// <para>Check <seealso cref="IBFileServiceInterface.SetFileAccessibility"/> for detailed documentation</para>
///
/// </summary>
public bool SetFileAccessibility(
string _BucketName,
string _KeyInBucket,
EBRemoteFileReadPublicity _RemoteFileReadAccess = EBRemoteFileReadPublicity.AuthenticatedRead,
Action <string> _ErrorMessageAction = null)
{
if (S3Client == null)
{
_ErrorMessageAction?.Invoke("BFileServiceAWS->SetFileAccessibility: S3Client is null.");
return(false);
}
PutACLRequest Request = new PutACLRequest
{
BucketName = _BucketName,
Key = _KeyInBucket
};
if (_RemoteFileReadAccess == EBRemoteFileReadPublicity.PublicRead)
{
Request.CannedACL = S3CannedACL.PublicRead;
}
else if (_RemoteFileReadAccess == EBRemoteFileReadPublicity.ProjectWideProtectedRead)
{
Request.CannedACL = S3CannedACL.AuthenticatedRead;
}
else
{
Request.CannedACL = S3CannedACL.AuthenticatedRead;
}
try
{
using (var CreatedTask = S3Client.PutACLAsync(Request))
{
CreatedTask.Wait();
}
}
catch (Exception e)
{
_ErrorMessageAction?.Invoke("BFileServiceAWS->SetFileAccessibility: " + e.Message + ", Trace: " + e.StackTrace);
return(false);
}
return(true);
}
/// <summary>
/// This method grants appropriate permissions for logging to the
/// Amazon S3 bucket where the logs will be stored.
/// </summary>
/// <param name="client">The initialized Amazon S3 client which will be used
/// to create and apply an ACL for the logging bucket.</param>
/// <param name="logBucketName">The name of the bucket where logging
/// information will be stored.</param>
public static async Task GrantPermissionsToWriteLogsAsync(IAmazonS3 client, string logBucketName)
{
var aclResponse = await client.GetACLAsync(new GetACLRequest { BucketName = logBucketName });
var bucketACL = aclResponse.AccessControlList;
bucketACL.AddGrant(new S3Grantee {
URI = "http://acs.amazonaws.com/groups/s3/LogDelivery"
}, S3Permission.WRITE);
bucketACL.AddGrant(new S3Grantee {
URI = "http://acs.amazonaws.com/groups/s3/LogDelivery"
}, S3Permission.READ_ACP);
var setACLRequest = new PutACLRequest
{
AccessControlList = bucketACL,
BucketName = logBucketName,
};
await client.PutACLAsync(setACLRequest);
}
public async Task SetScoreItemAccessControlPolicyAsync(Guid ownerId, Guid scoreId,
ScoreObjectAccessControls accessControl)
{
var prefix = $"{ownerId:D}/{scoreId:D}/{ScoreItemStorageConstant.FolderName}";
var objectKeyList = new List <string>();
string continuationToken = default;
do
{
var listRequest = new ListObjectsV2Request()
{
BucketName = ScoreItemS3Bucket,
Prefix = prefix,
ContinuationToken = string.IsNullOrWhiteSpace(continuationToken) ? null : continuationToken,
};
var listResponse = await _s3Client.ListObjectsV2Async(listRequest);
objectKeyList.AddRange(listResponse.S3Objects.Select(x => x.Key));
continuationToken = listResponse.NextContinuationToken;
} while (!string.IsNullOrEmpty(continuationToken));
var acl = accessControl switch
{
ScoreObjectAccessControls.Private => S3CannedACL.Private,
ScoreObjectAccessControls.Public => S3CannedACL.PublicRead,
_ => throw new NotSupportedException(),
};
foreach (var key in objectKeyList)
{
var request = new PutACLRequest()
{
BucketName = ScoreItemS3Bucket,
CannedACL = acl,
Key = key,
};
await _s3Client.PutACLAsync(request);
}
}
public static async void ChangeFilePermission(string awsAccessKeyId, string awsSecretAccessKey, RegionEndpoint region, string bucketName, string keyName, S3CannedACL permission)
{
try
{
IAmazonS3 s3Client = new AmazonS3Client(awsAccessKeyId, awsSecretAccessKey, region);
PutACLRequest request = new PutACLRequest()
{
CannedACL = permission,
BucketName = bucketName,
Key = keyName
};
PutACLResponse response1 = await s3Client.PutACLAsync(request);
Debug.WriteLine("Change Permission Complete");
}
catch (AmazonS3Exception ex)
{
Debug.WriteLine("Exception occur when Change Permission: '{0}'", ex.Message);
}
}
private static async Task GrantPermissionsToWriteLogsAsync()
{
var bucketACL = new S3AccessControlList();
var aclResponse = client.GetACL(new GetACLRequest {
BucketName = targetBucketName
});
bucketACL = aclResponse.AccessControlList;
bucketACL.AddGrant(new S3Grantee {
URI = "http://acs.amazonaws.com/groups/s3/LogDelivery"
}, S3Permission.WRITE);
bucketACL.AddGrant(new S3Grantee {
URI = "http://acs.amazonaws.com/groups/s3/LogDelivery"
}, S3Permission.READ_ACP);
var setACLRequest = new PutACLRequest
{
AccessControlList = bucketACL,
BucketName = targetBucketName
};
await client.PutACLAsync(setACLRequest);
}
static void WriteBucketAcl()
{
string id = Common.InputString("Bucket:", null, false);
string owner = Common.InputString("Owner:", "default", false);
PutACLRequest request = new PutACLRequest();
request.BucketName = id;
request.AccessControlList = new S3AccessControlList();
request.AccessControlList.Owner = new Owner();
request.AccessControlList.Owner.DisplayName = owner;
request.AccessControlList.Grants = new List <S3Grant>();
S3Grant grant = new S3Grant();
S3Grantee grantee = new S3Grantee();
grantee.CanonicalUser = owner;
grantee.DisplayName = owner;
grant.Grantee = grantee;
request.AccessControlList.Grants.Add(grant);
PutACLResponse response = _S3Client.PutACLAsync(request).Result;
int statusCode = (int)response.HttpStatusCode;
if (response != null)
{
Console.WriteLine("Success");
return;
}
else
{
Console.WriteLine("Failed");
return;
}
}
public static void AccessControlListFunctionality(string NameOfTheBucket, string NameOfTheObject, string MakeStatus, string RegionOfTheBucket)
{
MakeStatus = MakeStatus.ToLower();
RegionOfTheBucket = RegionOfTheBucket.ToLower();
try
{
AmazonS3Client client = new AmazonS3Client(AccessKey, SecretKey, Amazon.RegionEndpoint.GetBySystemName(ClientRegion(RegionOfTheBucket)));
if (NameOfTheObject == null)
{
if (MakeStatus == "publicread")
{
PutACLRequest Request = new PutACLRequest
{
BucketName = NameOfTheBucket,
CannedACL = S3CannedACL.PublicRead
};
client.PutACL(Request);
}
else if (MakeStatus == "publicreadwrite")
{
PutACLRequest Request = new PutACLRequest
{
BucketName = NameOfTheBucket,
CannedACL = S3CannedACL.PublicReadWrite
};
client.PutACL(Request);
}
else if (MakeStatus == "private")
{
PutACLRequest Request = new PutACLRequest
{
BucketName = NameOfTheBucket,
CannedACL = S3CannedACL.Private
};
client.PutACL(Request);
}
}
else
{
if (MakeStatus == "publicread")
{
PutACLRequest Request = new PutACLRequest
{
BucketName = NameOfTheBucket,
Key = NameOfTheObject,
CannedACL = S3CannedACL.PublicRead
};
client.PutACL(Request);
}
else if (MakeStatus == "publicreadwrite")
{
PutACLRequest Request = new PutACLRequest
{
BucketName = NameOfTheBucket,
Key = NameOfTheObject,
CannedACL = S3CannedACL.PublicReadWrite
};
client.PutACL(Request);
}
else if (MakeStatus == "private")
{
PutACLRequest Request = new PutACLRequest
{
BucketName = NameOfTheBucket,
Key = NameOfTheObject,
CannedACL = S3CannedACL.Private
};
client.PutACL(Request);
}
}
Console.WriteLine("Access type changed");
}
catch (Exception e)
{
Console.WriteLine("ERROR MESSAGE : " + e.Message);
}
}
public void PutACLAsync(PutACLRequest request, AmazonServiceCallback <PutACLRequest, PutACLResponse> callback, AsyncOptions options = null)
{
throw new System.NotImplementedException();
}
public Task <PutACLResponse> PutACLAsync(PutACLRequest request, CancellationToken cancellationToken = default)
{
throw new NotImplementedException();
}
public override Task <PutACLResponse> PutACLAsync(PutACLRequest request, CancellationToken cancellationToken = new CancellationToken())
{
return(Task.FromResult(new PutACLResponse()));
}
public PutACLResponse PutACL(PutACLRequest request)
{
throw new NotImplementedException();
}
