/// <summary>
        /// The AuthorizeSecurityGroupIngress operation adds permissions to a security
        /// group.
        /// Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of
        /// the request (by IP range or an Amazon EC2 user-group pair), the source and
        /// destination port ranges (for TCP and UDP), and the ICMP codes and types (for
        /// ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code
        /// fields.
        /// Permission changes are propagated to instances within the security group as
        /// quickly as possible. However, depending on the number of instances, a small
        /// delay might occur.
        /// When authorizing a user/group pair permission, GroupName,
        /// SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When
        /// authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and
        /// CidrIp must be specified. Mixing these two types of parameters is not allowed.
        /// 
        /// </summary>
        /// <param name="service">Instance of AmazonEC2 service</param>
        /// <param name="request">AuthorizeSecurityGroupIngressRequest request</param>
        public static void InvokeAuthorizeSecurityGroupIngress(AmazonEC2 service, AuthorizeSecurityGroupIngressRequest request)
        {
            try 
            {
                AuthorizeSecurityGroupIngressResponse response = service.AuthorizeSecurityGroupIngress(request);
                
                
                Console.WriteLine ("Service Response");
                Console.WriteLine ("=============================================================================");
                Console.WriteLine ();

                Console.WriteLine("        AuthorizeSecurityGroupIngressResponse");
                if (response.IsSetResponseMetadata())
                {
                    Console.WriteLine("            ResponseMetadata");
                    ResponseMetadata  responseMetadata = response.ResponseMetadata;
                    if (responseMetadata.IsSetRequestId())
                    {
                        Console.WriteLine("                RequestId");
                        Console.WriteLine("                    {0}", responseMetadata.RequestId);
                    }
                }

            } 
            catch (AmazonEC2Exception ex) 
            {
                Console.WriteLine("Caught Exception: " + ex.Message);
                Console.WriteLine("Response Status Code: " + ex.StatusCode);
                Console.WriteLine("Error Code: " + ex.ErrorCode);
                Console.WriteLine("Error Type: " + ex.ErrorType);
                Console.WriteLine("Request ID: " + ex.RequestId);
                Console.WriteLine("XML: " + ex.XML);
            }
        }
        private async Task AddInboundRules(String groupId)
        {
            var request = new AuthorizeSecurityGroupIngressRequest
            {
                GroupId = groupId,
                IpPermissions =
                {
                    new IpPermission { FromPort = -1, IpProtocol = "-1" }
                }
            };

            await _client.AuthorizeSecurityGroupIngressAsync(request);
        }
        public object Execute(ExecutorContext context)
        {
            var cmdletContext = context as CmdletContext;
            // create request
            var request = new Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest();

            if (cmdletContext.GroupId != null)
            {
                request.GroupId = cmdletContext.GroupId;
            }
            if (cmdletContext.GroupName != null)
            {
                request.GroupName = cmdletContext.GroupName;
            }
            if (cmdletContext.IpPermission != null)
            {
                request.IpPermissions = cmdletContext.IpPermission;
            }
            if (cmdletContext.TagSpecification != null)
            {
                request.TagSpecifications = cmdletContext.TagSpecification;
            }

            CmdletOutput output;

            // issue call
            var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint);

            try
            {
                var    response       = CallAWSServiceOperation(client, request);
                object pipelineOutput = null;
                pipelineOutput = cmdletContext.Select(response, this);
                output         = new CmdletOutput
                {
                    PipelineOutput  = pipelineOutput,
                    ServiceResponse = response
                };
            }
            catch (Exception e)
            {
                output = new CmdletOutput {
                    ErrorResponse = e
                };
            }

            return(output);
        }
Example #4
0
 /// <summary>
 /// <para>Adds one or more ingress rules to a security group.</para> <para><b>IMPORTANT:</b> EC2-Classic: You can have up to 100 rules per
 /// group. EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules). </para> <para>Rule changes are propagated to
 /// instances within the security group as quickly as possible. However, a small delay might occur.</para> <para>[EC2-Classic] This action gives
 /// one or more CIDR IP address ranges permission to access a security group in your account, or gives one or more security groups (called the
 /// <i>source groups</i> ) permission to access a security group for your account. A source group can be for your own AWS account, or
 /// another.</para> <para>[EC2-VPC] This action gives one or more CIDR IP address ranges permission to access a security group in your VPC, or
 /// gives one or more other security groups (called the <i>source groups</i> ) permission to access a security group for your VPC. The security
 /// groups must all be for the same VPC.</para>
 /// </summary>
 /// 
 /// <param name="authorizeSecurityGroupIngressRequest">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress
 ///          service method on AmazonEC2.</param>
 /// 
 public AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest)
 {
     IAsyncResult asyncResult = invokeAuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest, null, null, true);
     return EndAuthorizeSecurityGroupIngress(asyncResult);
 }
Example #5
0
 IAsyncResult invokeAuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest, AsyncCallback callback, object state, bool synchronized)
 {
     IRequest irequest = new AuthorizeSecurityGroupIngressRequestMarshaller().Marshall(authorizeSecurityGroupIngressRequest);
     var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.GetInstance();
     AsyncResult result = new AsyncResult(irequest, callback, state, synchronized, signer, unmarshaller);
     Invoke(result);
     return result;
 }
Example #6
0
 private Amazon.EC2.Model.AuthorizeSecurityGroupIngressResponse CallAWSServiceOperation(IAmazonEC2 client, Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest request)
 {
     Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "Amazon Elastic Compute Cloud (EC2)", "AuthorizeSecurityGroupIngress");
     try
     {
         #if DESKTOP
         return(client.AuthorizeSecurityGroupIngress(request));
         #elif CORECLR
         return(client.AuthorizeSecurityGroupIngressAsync(request).GetAwaiter().GetResult());
         #else
                 #error "Unknown build edition"
         #endif
     }
     catch (AmazonServiceException exc)
     {
         var webException = exc.InnerException as System.Net.WebException;
         if (webException != null)
         {
             throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
         }
         throw;
     }
 }
Example #7
0
        /// <summary>
        /// <para>Adds one or more ingress rules to a security group.</para> <para><b>IMPORTANT:</b> EC2-Classic: You can have up to 100 rules per
        /// group. EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules). </para> <para>Rule changes are propagated to
        /// instances within the security group as quickly as possible. However, a small delay might occur.</para> <para>[EC2-Classic] This action gives
        /// one or more CIDR IP address ranges permission to access a security group in your account, or gives one or more security groups (called the
        /// <i>source groups</i> ) permission to access a security group for your account. A source group can be for your own AWS account, or
        /// another.</para> <para>[EC2-VPC] This action gives one or more CIDR IP address ranges permission to access a security group in your VPC, or
        /// gives one or more other security groups (called the <i>source groups</i> ) permission to access a security group for your VPC. The security
        /// groups must all be for the same VPC.</para>
        /// </summary>
        /// 
        /// <param name="authorizeSecurityGroupIngressRequest">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress
        /// service method on AmazonEC2.</param>
        /// <param name="cancellationToken">
        ///     A cancellation token that can be used by other objects or threads to receive notice of cancellation.
        /// </param>
		public Task<AuthorizeSecurityGroupIngressResponse> AuthorizeSecurityGroupIngressAsync(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest, CancellationToken cancellationToken = default(CancellationToken))
        {
            var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller();
            var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.GetInstance();
            return Invoke<IRequest, AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResponse>(authorizeSecurityGroupIngressRequest, marshaller, unmarshaller, signer, cancellationToken);
        }
Example #8
0
		internal AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request)
        {
            var task = AuthorizeSecurityGroupIngressAsync(request);
            try
            {
                return task.Result;
            }
            catch(AggregateException e)
            {
                ExceptionDispatchInfo.Capture(e.InnerException).Throw();
                return null;
            }
        }
Example #9
0
        public async Task AuthorizeIngressAsync(IEnumerable<PortRangeDescription> portRanges)
        {
            if (portRanges.Count() == 0)
                return;

            this.Logger.Log("Allowing inbound access on {0}", string.Join(", ", portRanges));

            var ingressRequest = new AuthorizeSecurityGroupIngressRequest()
            {
                GroupName = this.SecurityGroupName,
                IpPermissions = portRanges.Select(x => new IpPermission()
                {
                    IpProtocol = x.Proto,
                    FromPort = x.FromPort,
                    ToPort = x.ToPort,
                    IpRanges = new List<string>() { "0.0.0.0/0" },
                }).ToList(),
            };

            try
            {
                await this.Client.AuthorizeSecurityGroupIngressAsync(ingressRequest);
            }
            catch (AmazonEC2Exception e)
            {
                // Duplicate port settings are just fine
                if (e.ErrorCode != "InvalidPermission.Duplicate")
                    throw;
            }

            this.Logger.Log("Inbound access authorised");
        }
        /// <summary>
        /// Adds one or more ingress rules to a security group.
        /// 
        ///  <important> 
        /// <para>
        /// EC2-Classic: You can have up to 100 rules per group.
        /// </para>
        ///  
        /// <para>
        /// EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules).
        /// </para>
        ///  </important> 
        /// <para>
        /// Rule changes are propagated to instances within the security group as quickly as possible.
        /// However, a small delay might occur.
        /// </para>
        ///  
        /// <para>
        /// [EC2-Classic] This action gives one or more CIDR IP address ranges permission to access
        /// a security group in your account, or gives one or more security groups (called the
        /// <i>source groups</i>) permission to access a security group for your account. A source
        /// group can be for your own AWS account, or another.
        /// </para>
        ///  
        /// <para>
        /// [EC2-VPC] This action gives one or more CIDR IP address ranges permission to access
        /// a security group in your VPC, or gives one or more other security groups (called the
        /// <i>source groups</i>) permission to access a security group for your VPC. The security
        /// groups must all be for the same VPC.
        /// </para>
        /// </summary>
        /// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress service method.</param>
        /// 
        /// <returns>The response from the AuthorizeSecurityGroupIngress service method, as returned by EC2.</returns>
        public AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request)
        {
            var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller();
            var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.Instance;

            return Invoke<AuthorizeSecurityGroupIngressRequest,AuthorizeSecurityGroupIngressResponse>(request, marshaller, unmarshaller);
        }
 protected override void ProcessRecord()
 {
     AmazonEC2 client = base.GetClient();
     Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest request = new Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest();
     request.UserId = this._UserId;
     request.GroupName = this._GroupName;
     request.SourceSecurityGroupName = this._SourceSecurityGroupName;
     request.SourceSecurityGroupOwnerId = this._SourceSecurityGroupOwnerId;
     request.IpProtocol = this._IpProtocol;
     request.FromPort = this._FromPort;
     request.ToPort = this._ToPort;
     request.CidrIp = this._CidrIp;
     Amazon.EC2.Model.AuthorizeSecurityGroupIngressResponse response = client.AuthorizeSecurityGroupIngress(request);
 }
        public void SetSecurityGroupRules(string groupId, List<IpPermission> ipPermissions)
        {
            var request = new AuthorizeSecurityGroupIngressRequest
            {
                GroupId = groupId,
                IpPermissions = ipPermissions
            };

            _ec2Client.AuthorizeSecurityGroupIngress(request);
        }
        public string CreateSecurityGroup(string vpcId, string boostrapId)
        {
            string secGroupName = SEC_GROUP_PREFIX + boostrapId;

            if (SecurityGroupExist(secGroupName))
            {
                DeleteSecurityGroup(secGroupName);
            }
            var newGroupRequest = new CreateSecurityGroupRequest()
            {
                GroupName = secGroupName,
                Description = "Security Group for ConDep integration tests",
                VpcId = vpcId,
            };

            var newGroupResponse = _client.CreateSecurityGroup(newGroupRequest);

            var publicIp = GetPublicIp() + "/32";
            var ruleRequest = new AuthorizeSecurityGroupIngressRequest()
            {
                GroupId = newGroupResponse.GroupId,
                IpPermissions = new List<IpPermission>
                {
                    new IpPermission
                    {
                        FromPort = 0,
                        ToPort = 65535,
                        IpProtocol = "tcp",
                        IpRanges = new List<string>
                        {
                            publicIp
                        }
                    },
                    new IpPermission
                    {
                        FromPort = -1,
                        ToPort = -1,
                        IpProtocol = "icmp",
                        IpRanges = new List<string>
                        {
                            publicIp
                        }
                    },
                    new IpPermission
                    {
                        FromPort = 1024,
                        ToPort = 65535,
                        IpProtocol = "tcp",
                        IpRanges = new List<string>
                        {
                            "0.0.0.0/0"
                        }
                    }
                }
            };
            _client.AuthorizeSecurityGroupIngress(ruleRequest);
            return newGroupResponse.GroupId;
        }
        private static string CreateSecurityGroup(IAmazonEC2 client, string vpcId, string groupName)
        {
            // Create a new empty group
            var newSgRequest = new CreateSecurityGroupRequest()
            {
                GroupName = groupName,
                Description = "Security group for AWS Talk",
                VpcId = vpcId
            };

            // Get a handle to the newly created group
            var newSgResponse = client.CreateSecurityGroup(newSgRequest);
            var groups = new List<string>() { newSgResponse.GroupId };
            var createdSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = groups };
            var createdSgResponse = client.DescribeSecurityGroups(createdSgRequest);
            SecurityGroup theNewGroup = createdSgResponse.SecurityGroups[0];

            // Add permissions to the group
            var ingressRequest = new AuthorizeSecurityGroupIngressRequest();
            ingressRequest.GroupId = theNewGroup.GroupId;
            ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 3389, ToPort = 3389, IpRanges = new List<string>() { "0.0.0.0/0" } }); // RDP
            ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 9999, ToPort = 9999, IpRanges = new List<string>() { "0.0.0.0/0" } }); // Worker API

            client.AuthorizeSecurityGroupIngress(ingressRequest);

            return newSgResponse.GroupId;
        }
Example #15
0
        private void createSecurityGroup()
        {
            try
            {
                CreateSecurityGroupRequest requestSecurirtyGroup = new CreateSecurityGroupRequest();
                requestSecurirtyGroup.GroupName = _securityGroups;
                requestSecurirtyGroup.GroupDescription = jwSecurityGroupDescription;
                CreateSecurityGroupResponse responseSecurityGroup = _service.CreateSecurityGroup(requestSecurirtyGroup);

                AuthorizeSecurityGroupIngressRequest requestAuthz = new AuthorizeSecurityGroupIngressRequest();
                requestAuthz.GroupName = _securityGroups;
                requestAuthz.IpProtocol = "tcp";
                requestAuthz.CidrIp = "0.0.0.0/0";

                decimal[] ports = { 80, 443, 1443, 3389 };
                foreach (decimal port in ports)
                {
                    requestAuthz.FromPort = port;
                    requestAuthz.ToPort = port;
                    AuthorizeSecurityGroupIngressResponse responseAuthz = _service.AuthorizeSecurityGroupIngress(requestAuthz);
                }
            }
            catch (AmazonEC2Exception ex)
            {
                throw new Exception("Caught Exception: " + ex.XML);
            }
        }
Example #16
0
 /// <summary>
 /// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation.
 /// <seealso cref="Amazon.EC2.IAmazonEC2.AuthorizeSecurityGroupIngress"/>
 /// </summary>
 /// 
 /// <param name="authorizeSecurityGroupIngressRequest">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress
 ///          operation on AmazonEC2.</param>
 /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
 /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
 ///          procedure using the AsyncState property.</param>
 public IAsyncResult BeginAuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest, AsyncCallback callback, object state)
 {
     return invokeAuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest, callback, state, false);
 }
Example #17
0
        /// <summary>
        /// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation.
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress operation on AmazonEC2Client.</param>
        /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
        /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
        ///          procedure using the AsyncState property.</param>
        /// 
        /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndAuthorizeSecurityGroupIngress
        ///         operation.</returns>
        public IAsyncResult BeginAuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request, AsyncCallback callback, object state)
        {
            var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller();
            var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.Instance;

            return BeginInvoke<AuthorizeSecurityGroupIngressRequest>(request, marshaller, unmarshaller,
                callback, state);
        }
Example #18
0
        /// <summary>
        /// <para> The AuthorizeSecurityGroupIngress operation adds permissions to a security group. </para> <para> Permissions are specified by the IP
        /// protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port
        /// ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, <c>-1</c> can be used as a wildcard in the type
        /// and code fields. </para> <para> Permission changes are propagated to instances within the security group as quickly as possible. However,
        /// depending on the number of instances, a small delay might occur. </para>
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress
        /// service method on AmazonEC2.</param>
		public AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request)
        {
            var task = AuthorizeSecurityGroupIngressAsync(request);
            try
            {
                return task.Result;
            }
            catch(AggregateException e)
            {
                throw e.InnerException;
            }
        }
        /// <summary>
        /// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation.
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress operation.</param>
        /// <param name="cancellationToken">
        ///     A cancellation token that can be used by other objects or threads to receive notice of cancellation.
        /// </param>
        /// <returns>The task object representing the asynchronous operation.</returns>
        public Task<AuthorizeSecurityGroupIngressResponse> AuthorizeSecurityGroupIngressAsync(AuthorizeSecurityGroupIngressRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken))
        {
            var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller();
            var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.Instance;

            return InvokeAsync<AuthorizeSecurityGroupIngressRequest,AuthorizeSecurityGroupIngressResponse>(request, marshaller, 
                unmarshaller, cancellationToken);
        }
Example #20
0
        /// <summary>
        /// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation.
        /// <seealso cref="Amazon.EC2.IAmazonEC2.AuthorizeSecurityGroupIngress"/>
        /// </summary>
        /// 
        /// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress operation.</param>
        /// <param name="cancellationToken">
        ///     A cancellation token that can be used by other objects or threads to receive notice of cancellation.
        /// </param>
        /// <returns>The task object representing the asynchronous operation.</returns>
		public async Task<AuthorizeSecurityGroupIngressResponse> AuthorizeSecurityGroupIngressAsync(AuthorizeSecurityGroupIngressRequest request, CancellationToken cancellationToken = default(CancellationToken))
        {
            var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller();
            var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.GetInstance();
            var response = await Invoke<IRequest, AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResponse>(request, marshaller, unmarshaller, signer, cancellationToken)
                .ConfigureAwait(continueOnCapturedContext: false);
            return response;
        }