public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context)
{
ReplaceNetworkAclAssociationResponse response = new ReplaceNetworkAclAssociationResponse();
int originalDepth = context.CurrentDepth;
int targetDepth = originalDepth + 1;
if (context.IsStartOfDocument)
{
targetDepth = 2;
}
while (context.ReadAtDepth(originalDepth))
{
if (context.IsStartElement || context.IsAttribute)
{
if (context.TestExpression("newAssociationId", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.NewAssociationId = unmarshaller.Unmarshall(context);
continue;
}
}
}
return(response);
}
private void replaceNetworkAclAssociations(IList <NetworkAclAssociation> desiredAclAssociations, string networkAclId)
{
foreach (NetworkAclAssociation networkAclAssociation in desiredAclAssociations)
{
ReplaceNetworkAclAssociationRequest replaceNetworkAclAssociationRequest = new ReplaceNetworkAclAssociationRequest();
replaceNetworkAclAssociationRequest.AssociationId = networkAclAssociation.NetworkAclAssociationId;
replaceNetworkAclAssociationRequest.NetworkAclId = networkAclId;
// Note: This turns the asynchronous call into a synchronous one
ReplaceNetworkAclAssociationResponse replaceNetworkAclAssociationResponse
= EC2_CLIENT.ReplaceNetworkAclAssociationAsync(replaceNetworkAclAssociationRequest).GetAwaiter().GetResult();
}
}
private async Task BlockSubnetsInAZ(string vpcId, List <string> subnetIds)
{
//Find all existing network acl associations matching the subnets identified above
DescribeNetworkAclsResponse describeNetworkAclsResult
= await ec2Client.DescribeNetworkAclsAsync(new DescribeNetworkAclsRequest()
{
Filters = new List <Amazon.EC2.Model.Filter> {
new Amazon.EC2.Model.Filter {
Name = "association.subnet-id",
Values = subnetIds
}
}
});
// The describe will return all associations of an ACL, which can be associated with a subnet not in the filter
IEnumerable <string> associationsToUpdate = describeNetworkAclsResult.NetworkAcls.SelectMany(x => x.Associations).Where(x => subnetIds.Contains(x.SubnetId)).Select(x => x.NetworkAclAssociationId);
//create new network acl
CreateNetworkAclResponse createNetworkAclResponse = await ec2Client.CreateNetworkAclAsync(new CreateNetworkAclRequest()
{
VpcId = vpcId
});
// add both ingress and egress denying to all the traffic to the new ACL
string networkAclId = createNetworkAclResponse.NetworkAcl.NetworkAclId;
await CreateNetworkAclEntry(networkAclId, 100, "0.0.0.0/0", true, "-1", CreatePortRange(0, 65535), RuleAction.Deny);
await CreateNetworkAclEntry(networkAclId, 101, "0.0.0.0/0", false, "-1", CreatePortRange(0, 65535), RuleAction.Deny);
// update all subnets to be associated with the new ACL
foreach (string existingAssociation in associationsToUpdate)
{
// associates the specified network ACL with the subnet for the specified network ACL association
ReplaceNetworkAclAssociationResponse replaceNetworkAclAssociationResponse
= await ec2Client.ReplaceNetworkAclAssociationAsync(new ReplaceNetworkAclAssociationRequest()
{
AssociationId = existingAssociation,
NetworkAclId = networkAclId
});
}
}
public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context)
{
ReplaceNetworkAclAssociationResponse response = new ReplaceNetworkAclAssociationResponse();
int targetDepth = 2;
while (context.Read())
{
if (context.IsStartElement || context.IsAttribute)
{
if (context.TestExpression("newAssociationId", targetDepth))
{
response.NewAssociationId = StringUnmarshaller.GetInstance().Unmarshall(context);
continue;
}
}
}
return(response);
}
