Describes a security group rule.

Example #1
0
        private static string GetRangeText(IpPermission rule, string ipRange)
        {
            var rangeText = string.Empty;
            if (!string.IsNullOrEmpty(ipRange))
            {
                var prefix = string.Empty;
                if (rule.FromPort <= 0 && rule.ToPort <= 65535)
                {
                    prefix = "All ";
                }

                var from = ipRange;
                if (from == "0.0.0.0/0")
                {
                    from = "anywhere";
                }

                var to = "N/A";
                if (rule.ToPort >= 0)
                {
                    to = "port " + rule.ToPort;
                }

                if (rule.FromPort >= 0 && rule.FromPort < rule.ToPort)
                {
                    to = "ports " + rule.FromPort + "-" + rule.ToPort;
                }

                if ((rule.FromPort == 0 && rule.ToPort == 0) || (rule.FromPort == 0 && rule.ToPort == 65535))
                {
                    to = "all ports";
                }

                var protocol = rule.IpProtocol.ToUpper();
                if (rule.IpProtocol.Equals("-1"))
                {
                    protocol = "All protocol";
                }

                rangeText += prefix + protocol + " traffic to " + to + " from " + from + "." + Environment.NewLine;
            }

            return rangeText;
        }
Example #2
0
        private static string GetRuleText(IpPermission rule, string securityGroupId)
        {
            var ruleText = string.Empty;
            if (rule != null)
            {
                var prefix = string.Empty;
                if (rule.FromPort <= 0 && rule.ToPort <= 65535)
                {
                    prefix = "All ";
                }

                var from = "Unknown";
                if (rule.UserIdGroupPairs.Count > 0)
                {
                    var group = GetSecurityGroupFromID(securityGroupId);
                    from = group.GroupName + " security group";
                }

                var to = "N/A";
                if (rule.ToPort >= 0)
                {
                    to = "port " + rule.ToPort;
                }

                if (rule.FromPort >= 0 && rule.FromPort < rule.ToPort)
                {
                    to = "ports " + rule.FromPort + "-" + rule.ToPort;
                }

                if ((rule.FromPort == 0 && rule.ToPort == 0) || (rule.FromPort == 0 && rule.ToPort == 65535))
                {
                    to = "all ports";
                }

                var protocol = rule.IpProtocol.ToUpper();
                if (rule.IpProtocol.Equals("-1"))
                {
                    protocol = "All protocol";
                }

                ruleText += prefix + protocol + " traffic to " + to + " from " + from + "." + Environment.NewLine;
            }

            return ruleText;
        }
Example #3
0
        /// <summary>
        /// This method will create a VPC, a public subnet, private subnet and a NAT EC2 instance to allow EC2 instances in the private
        /// subnet to establish outbound connections to the internet.
        /// </summary>
        /// <param name="ec2Client">The ec2client used to create the VPC</param>
        /// <param name="request">The properties used to create the VPC.</param>
        /// <returns>The response contains all the VPC objects that were created.</returns>
        public static LaunchVPCWithPublicAndPrivateSubnetsResponse LaunchVPCWithPublicAndPrivateSubnets(IAmazonEC2 ec2Client, LaunchVPCWithPublicAndPrivateSubnetsRequest request)
        {
            LaunchVPCWithPublicAndPrivateSubnetsResponse response = new LaunchVPCWithPublicAndPrivateSubnetsResponse();

            LaunchVPCWithPublicSubnet(ec2Client, request, response);

            response.PrivateSubnet = ec2Client.CreateSubnet(new CreateSubnetRequest()
            {
                AvailabilityZone = request.PrivateSubnetAvailabilityZone ?? response.PublicSubnet.AvailabilityZone,
                CidrBlock = request.PrivateSubnetCiderBlock,
                VpcId = response.VPC.VpcId
            }).Subnet;
            WriteProgress(request.ProgressCallback, "Created private subnet {0}", response.PublicSubnet.SubnetId);

            WaitTillTrue(((Func<bool>)(() => (ec2Client.DescribeSubnets(new DescribeSubnetsRequest() { SubnetIds = new List<string>() { response.PrivateSubnet.SubnetId } }).Subnets.Count == 1))));

            ec2Client.CreateTags(new CreateTagsRequest()
            {
                Resources = new List<string>() { response.PrivateSubnet.SubnetId },
                Tags = new List<Tag>() { new Tag() { Key = "Name", Value = "Private" } }
            });

            WriteProgress(request.ProgressCallback, "Launching NAT instance");
            response.NATInstance = LaunchNATInstance(ec2Client, new LaunchNATInstanceRequest()
            {
                InstanceType = request.InstanceType,
                KeyName = request.KeyName,
                SubnetId = response.PublicSubnet.SubnetId
            });
            WriteProgress(request.ProgressCallback, "NAT instance is available");

            var defaultRouteTable = GetDefaultRouteTable(ec2Client, response.VPC.VpcId);
            if (defaultRouteTable == null)
                throw new AmazonEC2Exception("No default route table found for VPC");
            ec2Client.CreateRoute(new CreateRouteRequest()
            {
                RouteTableId = defaultRouteTable.RouteTableId,
                DestinationCidrBlock = "0.0.0.0/0",
                InstanceId = response.NATInstance.InstanceId
            });
            WriteProgress(request.ProgressCallback, "Added route to the NAT instance in the default route table");

            if (request.ConfigureDefaultVPCGroupForNAT)
            {
                var defaultSecurityGroup = GetDefaultSecurityGroup(ec2Client, response.VPC.VpcId);
                var groupId = ec2Client.CreateSecurityGroup(new CreateSecurityGroupRequest()
                {
                    VpcId = response.VPC.VpcId,
                    GroupName = "NATGroup",
                    Description = "Give EC2 Instances access through the NAT"
                }).GroupId;
                WriteProgress(request.ProgressCallback, "Created security group for NAT configuration");


                IpPermission spec = new IpPermission
                {
                    IpProtocol = "-1",
                    IpRanges = new List<string>{ "0.0.0.0/0"},
                    UserIdGroupPairs = new List<UserIdGroupPair>() { new UserIdGroupPair() { GroupId = groupId } }
                };

                ec2Client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest()
                {
                    IpPermissions = new List<IpPermission>() { spec },
                    GroupId = defaultSecurityGroup.GroupId
                });
                WriteProgress(request.ProgressCallback, "Added permission to the default security group {0} to allow traffic from security group {1}", defaultSecurityGroup.GroupId, groupId);

                response.NATSecurityGroup = ec2Client.DescribeSecurityGroups(new DescribeSecurityGroupsRequest() 
                { 
                    GroupIds = new List<string>(){ groupId }
                }).SecurityGroups[0];
            }

            return response;
        }