public void SetSecurityGroupRules(string groupId, List <IpPermission> ipPermissions) { var request = new AuthorizeSecurityGroupIngressRequest { GroupId = groupId, IpPermissions = ipPermissions }; _ec2Client.AuthorizeSecurityGroupIngress(request); }
private static string CreateSecurityGroup(IAmazonEC2 client, string vpcId, string groupName) { // Create a new empty group var newSgRequest = new CreateSecurityGroupRequest() { GroupName = groupName, Description = "Security group for AWS Talk", VpcId = vpcId }; // Get a handle to the newly created group var newSgResponse = client.CreateSecurityGroup(newSgRequest); var groups = new List <string>() { newSgResponse.GroupId }; var createdSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = groups }; var createdSgResponse = client.DescribeSecurityGroups(createdSgRequest); SecurityGroup theNewGroup = createdSgResponse.SecurityGroups[0]; // Add permissions to the group var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = theNewGroup.GroupId; ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 3389, ToPort = 3389, IpRanges = new List <string>() { "0.0.0.0/0" } }); // RDP ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 9999, ToPort = 9999, IpRanges = new List <string>() { "0.0.0.0/0" } }); // Worker API client.AuthorizeSecurityGroupIngress(ingressRequest); return(newSgResponse.GroupId); }
SecurityGroup AddSGIPrermissions(IAmazonEC2 ec2, SecurityGroup SG) { string ipRange = "0.0.0.0/0"; List <string> ranges = new List <string>() { ipRange }; var ipPermission1 = new IpPermission(); ipPermission1.IpProtocol = "tcp"; ipPermission1.FromPort = 22; ipPermission1.ToPort = 22; ipPermission1.IpRanges = ranges; var ipPermission2 = new IpPermission(); ipPermission2.IpProtocol = "tcp"; ipPermission2.FromPort = 3389; ipPermission2.ToPort = 3389; ipPermission2.IpRanges = ranges; // MessageBox.Show(SG.GroupId); // foreach ( IpPermission ipper in SG.IpPermissions) // { // ipper.FromPort // // } try { SG.IpPermissions.Add(ipPermission1); SG.IpPermissions.Add(ipPermission2); AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest(); authorizeSecurityGroupIngressRequest.GroupId = SG.GroupId; //authorizeSecurityGroupIngressRequest.GroupName = MySG.GroupName; authorizeSecurityGroupIngressRequest.IpPermissions.Add(ipPermission1); authorizeSecurityGroupIngressRequest.IpPermissions.Add(ipPermission2); ec2.AuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); } catch (Exception ex) { } return(SG); }
private Amazon.EC2.Model.AuthorizeSecurityGroupIngressResponse CallAWSServiceOperation(IAmazonEC2 client, Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "Amazon Elastic Compute Cloud (EC2)", "AuthorizeSecurityGroupIngress"); try { #if DESKTOP return(client.AuthorizeSecurityGroupIngress(request)); #elif CORECLR return(client.AuthorizeSecurityGroupIngressAsync(request).GetAwaiter().GetResult()); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } }
/// <summary> /// This method will create a VPC, a public subnet, private subnet and a NAT EC2 instance to allow EC2 instances in the private /// subnet to establish outbound connections to the internet. /// </summary> /// <param name="ec2Client">The ec2client used to create the VPC</param> /// <param name="request">The properties used to create the VPC.</param> /// <returns>The response contains all the VPC objects that were created.</returns> public static LaunchVPCWithPublicAndPrivateSubnetsResponse LaunchVPCWithPublicAndPrivateSubnets(IAmazonEC2 ec2Client, LaunchVPCWithPublicAndPrivateSubnetsRequest request) { LaunchVPCWithPublicAndPrivateSubnetsResponse response = new LaunchVPCWithPublicAndPrivateSubnetsResponse(); LaunchVPCWithPublicSubnet(ec2Client, request, response); response.PrivateSubnet = ec2Client.CreateSubnet(new CreateSubnetRequest() { AvailabilityZone = request.PrivateSubnetAvailabilityZone ?? response.PublicSubnet.AvailabilityZone, CidrBlock = request.PrivateSubnetCiderBlock, VpcId = response.VPC.VpcId }).Subnet; WriteProgress(request.ProgressCallback, "Created private subnet {0}", response.PublicSubnet.SubnetId); WaitTillTrue(((Func <bool>)(() => (ec2Client.DescribeSubnets(new DescribeSubnetsRequest() { SubnetIds = new List <string>() { response.PrivateSubnet.SubnetId } }).Subnets.Count == 1)))); ec2Client.CreateTags(new CreateTagsRequest() { Resources = new List <string>() { response.PrivateSubnet.SubnetId }, Tags = new List <Tag>() { new Tag() { Key = "Name", Value = "Private" } } }); WriteProgress(request.ProgressCallback, "Launching NAT instance"); response.NATInstance = LaunchNATInstance(ec2Client, new LaunchNATInstanceRequest() { InstanceType = request.InstanceType, KeyName = request.KeyName, SubnetId = response.PublicSubnet.SubnetId }); WriteProgress(request.ProgressCallback, "NAT instance is available"); var defaultRouteTable = GetDefaultRouteTable(ec2Client, response.VPC.VpcId); if (defaultRouteTable == null) { throw new AmazonEC2Exception("No default route table found for VPC"); } ec2Client.CreateRoute(new CreateRouteRequest() { RouteTableId = defaultRouteTable.RouteTableId, DestinationCidrBlock = "0.0.0.0/0", InstanceId = response.NATInstance.InstanceId }); WriteProgress(request.ProgressCallback, "Added route to the NAT instance in the default route table"); if (request.ConfigureDefaultVPCGroupForNAT) { var defaultSecurityGroup = GetDefaultSecurityGroup(ec2Client, response.VPC.VpcId); var groupId = ec2Client.CreateSecurityGroup(new CreateSecurityGroupRequest() { VpcId = response.VPC.VpcId, GroupName = "NATGroup", Description = "Give EC2 Instances access through the NAT" }).GroupId; WriteProgress(request.ProgressCallback, "Created security group for NAT configuration"); IpPermission spec = new IpPermission { IpProtocol = "-1", IpRanges = new List <string> { "0.0.0.0/0" }, UserIdGroupPairs = new List <UserIdGroupPair>() { new UserIdGroupPair() { GroupId = groupId } } }; ec2Client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() { IpPermissions = new List <IpPermission>() { spec }, GroupId = defaultSecurityGroup.GroupId }); WriteProgress(request.ProgressCallback, "Added permission to the default security group {0} to allow traffic from security group {1}", defaultSecurityGroup.GroupId, groupId); response.NATSecurityGroup = ec2Client.DescribeSecurityGroups(new DescribeSecurityGroupsRequest() { GroupIds = new List <string>() { groupId } }).SecurityGroups[0]; } return(response); }
/// <summary> /// This method will create a VPC, a public subnet, private subnet and a NAT EC2 instance to allow EC2 instances in the private /// subnet to establish outbound connections to the internet. /// </summary> /// <param name="ec2Client">The ec2client used to create the VPC</param> /// <param name="request">The properties used to create the VPC.</param> /// <returns>The response contains all the VPC objects that were created.</returns> public static LaunchVPCWithPublicAndPrivateSubnetsResponse LaunchVPCWithPublicAndPrivateSubnets(IAmazonEC2 ec2Client, LaunchVPCWithPublicAndPrivateSubnetsRequest request) { LaunchVPCWithPublicAndPrivateSubnetsResponse response = new LaunchVPCWithPublicAndPrivateSubnetsResponse(); LaunchVPCWithPublicSubnet(ec2Client, request, response); response.PrivateSubnet = ec2Client.CreateSubnet(new CreateSubnetRequest() { AvailabilityZone = request.PrivateSubnetAvailabilityZone ?? response.PublicSubnet.AvailabilityZone, CidrBlock = request.PrivateSubnetCiderBlock, VpcId = response.VPC.VpcId }).Subnet; WriteProgress(request.ProgressCallback, "Created private subnet {0}", response.PublicSubnet.SubnetId); WaitTillTrue(((Func<bool>)(() => (ec2Client.DescribeSubnets(new DescribeSubnetsRequest() { SubnetIds = new List<string>() { response.PrivateSubnet.SubnetId } }).Subnets.Count == 1)))); ec2Client.CreateTags(new CreateTagsRequest() { Resources = new List<string>() { response.PrivateSubnet.SubnetId }, Tags = new List<Tag>() { new Tag() { Key = "Name", Value = "Private" } } }); WriteProgress(request.ProgressCallback, "Launching NAT instance"); response.NATInstance = LaunchNATInstance(ec2Client, new LaunchNATInstanceRequest() { InstanceType = request.InstanceType, KeyName = request.KeyName, SubnetId = response.PublicSubnet.SubnetId }); WriteProgress(request.ProgressCallback, "NAT instance is available"); var defaultRouteTable = GetDefaultRouteTable(ec2Client, response.VPC.VpcId); if (defaultRouteTable == null) throw new AmazonEC2Exception("No default route table found for VPC"); ec2Client.CreateRoute(new CreateRouteRequest() { RouteTableId = defaultRouteTable.RouteTableId, DestinationCidrBlock = "0.0.0.0/0", InstanceId = response.NATInstance.InstanceId }); WriteProgress(request.ProgressCallback, "Added route to the NAT instance in the default route table"); if (request.ConfigureDefaultVPCGroupForNAT) { var defaultSecurityGroup = GetDefaultSecurityGroup(ec2Client, response.VPC.VpcId); var groupId = ec2Client.CreateSecurityGroup(new CreateSecurityGroupRequest() { VpcId = response.VPC.VpcId, GroupName = "NATGroup", Description = "Give EC2 Instances access through the NAT" }).GroupId; WriteProgress(request.ProgressCallback, "Created security group for NAT configuration"); IpPermission spec = new IpPermission { IpProtocol = "-1", IpRanges = new List<string>{ "0.0.0.0/0"}, UserIdGroupPairs = new List<UserIdGroupPair>() { new UserIdGroupPair() { GroupId = groupId } } }; ec2Client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() { IpPermissions = new List<IpPermission>() { spec }, GroupId = defaultSecurityGroup.GroupId }); WriteProgress(request.ProgressCallback, "Added permission to the default security group {0} to allow traffic from security group {1}", defaultSecurityGroup.GroupId, groupId); response.NATSecurityGroup = ec2Client.DescribeSecurityGroups(new DescribeSecurityGroupsRequest() { GroupIds = new List<string>(){ groupId } }).SecurityGroups[0]; } return response; }
private static string CreateSecurityGroup(IAmazonEC2 client, string vpcId, string groupName) { // Create a new empty group var newSgRequest = new CreateSecurityGroupRequest() { GroupName = groupName, Description = "Security group for AWS Talk", VpcId = vpcId }; // Get a handle to the newly created group var newSgResponse = client.CreateSecurityGroup(newSgRequest); var groups = new List<string>() { newSgResponse.GroupId }; var createdSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = groups }; var createdSgResponse = client.DescribeSecurityGroups(createdSgRequest); SecurityGroup theNewGroup = createdSgResponse.SecurityGroups[0]; // Add permissions to the group var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = theNewGroup.GroupId; ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 3389, ToPort = 3389, IpRanges = new List<string>() { "0.0.0.0/0" } }); // RDP ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 9999, ToPort = 9999, IpRanges = new List<string>() { "0.0.0.0/0" } }); // Worker API client.AuthorizeSecurityGroupIngress(ingressRequest); return newSgResponse.GroupId; }