private void createSecurityGroup() { try { CreateSecurityGroupRequest requestSecurirtyGroup = new CreateSecurityGroupRequest(); requestSecurirtyGroup.GroupName = _securityGroups; requestSecurirtyGroup.GroupDescription = jwSecurityGroupDescription; CreateSecurityGroupResponse responseSecurityGroup = _service.CreateSecurityGroup(requestSecurirtyGroup); AuthorizeSecurityGroupIngressRequest requestAuthz = new AuthorizeSecurityGroupIngressRequest(); requestAuthz.GroupName = _securityGroups; requestAuthz.IpProtocol = "tcp"; requestAuthz.CidrIp = "0.0.0.0/0"; decimal[] ports = { 80, 443, 1443, 3389 }; foreach (decimal port in ports) { requestAuthz.FromPort = port; requestAuthz.ToPort = port; AuthorizeSecurityGroupIngressResponse responseAuthz = _service.AuthorizeSecurityGroupIngress(requestAuthz); } } catch (AmazonEC2Exception ex) { throw new Exception("Caught Exception: " + ex.XML); } }
/// <summary> /// The AuthorizeSecurityGroupIngress operation adds permissions to a security /// group. /// Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of /// the request (by IP range or an Amazon EC2 user-group pair), the source and /// destination port ranges (for TCP and UDP), and the ICMP codes and types (for /// ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code /// fields. /// Permission changes are propagated to instances within the security group as /// quickly as possible. However, depending on the number of instances, a small /// delay might occur. /// When authorizing a user/group pair permission, GroupName, /// SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When /// authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and /// CidrIp must be specified. Mixing these two types of parameters is not allowed. /// /// </summary> /// <param name="service">Instance of AmazonEC2 service</param> /// <param name="request">AuthorizeSecurityGroupIngressRequest request</param> public static void InvokeAuthorizeSecurityGroupIngress(AmazonEC2 service, AuthorizeSecurityGroupIngressRequest request) { try { AuthorizeSecurityGroupIngressResponse response = service.AuthorizeSecurityGroupIngress(request); Console.WriteLine ("Service Response"); Console.WriteLine ("============================================================================="); Console.WriteLine (); Console.WriteLine(" AuthorizeSecurityGroupIngressResponse"); if (response.IsSetResponseMetadata()) { Console.WriteLine(" ResponseMetadata"); ResponseMetadata responseMetadata = response.ResponseMetadata; if (responseMetadata.IsSetRequestId()) { Console.WriteLine(" RequestId"); Console.WriteLine(" {0}", responseMetadata.RequestId); } } } catch (AmazonEC2Exception ex) { Console.WriteLine("Caught Exception: " + ex.Message); Console.WriteLine("Response Status Code: " + ex.StatusCode); Console.WriteLine("Error Code: " + ex.ErrorCode); Console.WriteLine("Error Type: " + ex.ErrorType); Console.WriteLine("Request ID: " + ex.RequestId); Console.WriteLine("XML: " + ex.XML); } }
/// <summary> /// This method will create a VPC, a public subnet, private subnet and a NAT EC2 instance to allow EC2 instances in the private /// subnet to establish outbound connections to the internet. /// </summary> /// <param name="ec2Client">The ec2client used to create the VPC</param> /// <param name="request">The properties used to create the VPC.</param> /// <returns>The response contains all the VPC objects that were created.</returns> public static LaunchVPCWithPublicAndPrivateSubnetsResponse LaunchVPCWithPublicAndPrivateSubnets(AmazonEC2 ec2Client, LaunchVPCWithPublicAndPrivateSubnetsRequest request) { LaunchVPCWithPublicAndPrivateSubnetsResponse response = new LaunchVPCWithPublicAndPrivateSubnetsResponse(); LaunchVPCWithPublicSubnet(ec2Client, request, response); response.PrivateSubnet = ec2Client.CreateSubnet(new CreateSubnetRequest() { AvailabilityZone = request.PrivateSubnetAvailabilityZone ?? response.PublicSubnet.AvailabilityZone, CidrBlock = request.PrivateSubnetCiderBlock, VpcId = response.VPC.VpcId }).CreateSubnetResult.Subnet; WriteProgress(request.ProgressCallback, "Created private subnet {0}", response.PublicSubnet.SubnetId); WaitTillTrue(((Func <bool>)(() => (ec2Client.DescribeSubnets(new DescribeSubnetsRequest() { SubnetId = new List <string>() { response.PrivateSubnet.SubnetId } }).DescribeSubnetsResult.Subnet.Count == 1)))); ec2Client.CreateTags(new CreateTagsRequest() { ResourceId = new List <string>() { response.PrivateSubnet.SubnetId }, Tag = new List <Tag>() { new Tag() { Key = "Name", Value = "Private" } } }); WriteProgress(request.ProgressCallback, "Launching NAT instance"); response.NATInstance = LaunchNATInstance(ec2Client, new LaunchNATInstanceRequest() { InstanceType = request.InstanceType, KeyName = request.KeyName, SubnetId = response.PublicSubnet.SubnetId }); WriteProgress(request.ProgressCallback, "NAT instance is available"); var defaultRouteTable = GetDefaultRouteTable(ec2Client, response.VPC.VpcId); if (defaultRouteTable == null) { throw new AmazonEC2Exception("No default route table found for VPC"); } ec2Client.CreateRoute(new CreateRouteRequest() { RouteTableId = defaultRouteTable.RouteTableId, DestinationCidrBlock = "0.0.0.0/0", InstanceId = response.NATInstance.InstanceId }); WriteProgress(request.ProgressCallback, "Added route to the NAT instance in the default route table"); if (request.ConfigureDefaultVPCGroupForNAT) { var defaultSecurityGroup = GetDefaultSecurityGroup(ec2Client, response.VPC.VpcId); var groupId = ec2Client.CreateSecurityGroup(new CreateSecurityGroupRequest() { VpcId = response.VPC.VpcId, GroupName = "NATGroup", GroupDescription = "Give EC2 Instances access through the NAT" }).CreateSecurityGroupResult.GroupId; WriteProgress(request.ProgressCallback, "Created security group for NAT configuration"); IpPermissionSpecification spec = new IpPermissionSpecification() { IpProtocol = "-1", IpRanges = new List <string>() { "0.0.0.0/0" }, Groups = new List <UserIdGroupPair>() { new UserIdGroupPair() { GroupId = groupId } } }; ec2Client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() { IpPermissions = new List <IpPermissionSpecification>() { spec }, GroupId = defaultSecurityGroup.GroupId }); WriteProgress(request.ProgressCallback, "Added permission to the default security group {0} to allow traffic from security group {1}", defaultSecurityGroup.GroupId, groupId); response.NATSecurityGroup = ec2Client.DescribeSecurityGroups(new DescribeSecurityGroupsRequest() { GroupId = new List <string>() { groupId } }).DescribeSecurityGroupsResult.SecurityGroup[0]; } return(response); }
/// <summary> /// This method will create a VPC, a public subnet, private subnet and a NAT EC2 instance to allow EC2 instances in the private /// subnet to establish outbound connections to the internet. /// </summary> /// <param name="ec2Client">The ec2client used to create the VPC</param> /// <param name="request">The properties used to create the VPC.</param> /// <returns>The response contains all the VPC objects that were created.</returns> public static LaunchVPCWithPublicAndPrivateSubnetsResponse LaunchVPCWithPublicAndPrivateSubnets(AmazonEC2 ec2Client, LaunchVPCWithPublicAndPrivateSubnetsRequest request) { LaunchVPCWithPublicAndPrivateSubnetsResponse response = new LaunchVPCWithPublicAndPrivateSubnetsResponse(); LaunchVPCWithPublicSubnet(ec2Client, request, response); response.PrivateSubnet = ec2Client.CreateSubnet(new CreateSubnetRequest() { AvailabilityZone = request.PrivateSubnetAvailabilityZone ?? response.PublicSubnet.AvailabilityZone, CidrBlock = request.PrivateSubnetCiderBlock, VpcId = response.VPC.VpcId }).CreateSubnetResult.Subnet; WriteProgress(request.ProgressCallback, "Created private subnet {0}", response.PublicSubnet.SubnetId); WaitTillTrue(((Func<bool>)(() => (ec2Client.DescribeSubnets(new DescribeSubnetsRequest(){SubnetId = new List<string>(){response.PrivateSubnet.SubnetId}}).DescribeSubnetsResult.Subnet.Count == 1)))); ec2Client.CreateTags(new CreateTagsRequest() { ResourceId = new List<string>() { response.PrivateSubnet.SubnetId }, Tag = new List<Tag>() { new Tag() { Key = "Name", Value = "Private" } } }); WriteProgress(request.ProgressCallback, "Launching NAT instance"); response.NATInstance = LaunchNATInstance(ec2Client, new LaunchNATInstanceRequest() { InstanceType = request.InstanceType, KeyName = request.KeyName, SubnetId = response.PublicSubnet.SubnetId }); WriteProgress(request.ProgressCallback, "NAT instance is available"); var defaultRouteTable = GetDefaultRouteTable(ec2Client, response.VPC.VpcId); if (defaultRouteTable == null) throw new AmazonEC2Exception("No default route table found for VPC"); ec2Client.CreateRoute(new CreateRouteRequest() { RouteTableId = defaultRouteTable.RouteTableId, DestinationCidrBlock = "0.0.0.0/0", InstanceId = response.NATInstance.InstanceId }); WriteProgress(request.ProgressCallback, "Added route to the NAT instance in the default route table"); if (request.ConfigureDefaultVPCGroupForNAT) { var defaultSecurityGroup = GetDefaultSecurityGroup(ec2Client, response.VPC.VpcId); var groupId = ec2Client.CreateSecurityGroup(new CreateSecurityGroupRequest() { VpcId = response.VPC.VpcId, GroupName = "NATGroup", GroupDescription = "Give EC2 Instances access through the NAT" }).CreateSecurityGroupResult.GroupId; WriteProgress(request.ProgressCallback, "Created security group for NAT configuration"); IpPermissionSpecification spec = new IpPermissionSpecification() { IpProtocol = "-1", IpRanges = new List<string>(){"0.0.0.0/0"}, Groups = new List<UserIdGroupPair>() { new UserIdGroupPair() { GroupId = groupId } } }; ec2Client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() { IpPermissions = new List<IpPermissionSpecification>(){spec}, GroupId = defaultSecurityGroup.GroupId }); WriteProgress(request.ProgressCallback, "Added permission to the default security group {0} to allow traffic from security group {1}", defaultSecurityGroup.GroupId, groupId); response.NATSecurityGroup = ec2Client.DescribeSecurityGroups(new DescribeSecurityGroupsRequest() { GroupId = new List<string>(){ groupId } }).DescribeSecurityGroupsResult.SecurityGroup[0]; } return response; }