/// <summary> /// Unmarshaller the response from the service to the response class. /// </summary> /// <param name="context"></param> /// <returns></returns> public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { CreateNetworkAclResponse response = new CreateNetworkAclResponse(); int originalDepth = context.CurrentDepth; int targetDepth = originalDepth + 1; if (context.IsStartOfDocument) { targetDepth = 2; } while (context.ReadAtDepth(originalDepth)) { if (context.IsStartElement || context.IsAttribute) { if (context.TestExpression("networkAcl", targetDepth)) { var unmarshaller = NetworkAclUnmarshaller.Instance; response.NetworkAcl = unmarshaller.Unmarshall(context); continue; } } } return(response); }
private async Task BlockSubnetsInAZ(string vpcId, List <string> subnetIds) { //Find all existing network acl associations matching the subnets identified above DescribeNetworkAclsResponse describeNetworkAclsResult = await ec2Client.DescribeNetworkAclsAsync(new DescribeNetworkAclsRequest() { Filters = new List <Amazon.EC2.Model.Filter> { new Amazon.EC2.Model.Filter { Name = "association.subnet-id", Values = subnetIds } } }); // The describe will return all associations of an ACL, which can be associated with a subnet not in the filter IEnumerable <string> associationsToUpdate = describeNetworkAclsResult.NetworkAcls.SelectMany(x => x.Associations).Where(x => subnetIds.Contains(x.SubnetId)).Select(x => x.NetworkAclAssociationId); //create new network acl CreateNetworkAclResponse createNetworkAclResponse = await ec2Client.CreateNetworkAclAsync(new CreateNetworkAclRequest() { VpcId = vpcId }); // add both ingress and egress denying to all the traffic to the new ACL string networkAclId = createNetworkAclResponse.NetworkAcl.NetworkAclId; await CreateNetworkAclEntry(networkAclId, 100, "0.0.0.0/0", true, "-1", CreatePortRange(0, 65535), RuleAction.Deny); await CreateNetworkAclEntry(networkAclId, 101, "0.0.0.0/0", false, "-1", CreatePortRange(0, 65535), RuleAction.Deny); // update all subnets to be associated with the new ACL foreach (string existingAssociation in associationsToUpdate) { // associates the specified network ACL with the subnet for the specified network ACL association ReplaceNetworkAclAssociationResponse replaceNetworkAclAssociationResponse = await ec2Client.ReplaceNetworkAclAssociationAsync(new ReplaceNetworkAclAssociationRequest() { AssociationId = existingAssociation, NetworkAclId = networkAclId }); } }
public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { CreateNetworkAclResponse response = new CreateNetworkAclResponse(); int targetDepth = 2; while (context.Read()) { if (context.IsStartElement || context.IsAttribute) { if (context.TestExpression("networkAcl", targetDepth)) { response.NetworkAcl = NetworkAclUnmarshaller.GetInstance().Unmarshall(context); continue; } } } return(response); }
public static CreateNetworkAclResponse Unmarshall(UnmarshallerContext _ctx) { CreateNetworkAclResponse createNetworkAclResponse = new CreateNetworkAclResponse(); createNetworkAclResponse.HttpResponse = _ctx.HttpResponse; createNetworkAclResponse.RequestId = _ctx.StringValue("CreateNetworkAcl.RequestId"); createNetworkAclResponse.NetworkAclId = _ctx.StringValue("CreateNetworkAcl.NetworkAclId"); CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute networkAclAttribute = new CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute(); networkAclAttribute.NetworkAclId = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.NetworkAclId"); networkAclAttribute.RegionId = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.RegionId"); networkAclAttribute.NetworkAclName = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.NetworkAclName"); networkAclAttribute.Description = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.Description"); networkAclAttribute.VpcId = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.VpcId"); networkAclAttribute.CreationTime = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.CreationTime"); networkAclAttribute.Status = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.Status"); List <CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_IngressAclEntry> networkAclAttribute_ingressAclEntries = new List <CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_IngressAclEntry>(); for (int i = 0; i < _ctx.Length("CreateNetworkAcl.NetworkAclAttribute.IngressAclEntries.Length"); i++) { CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_IngressAclEntry ingressAclEntry = new CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_IngressAclEntry(); ingressAclEntry.NetworkAclEntryId = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.IngressAclEntries[" + i + "].NetworkAclEntryId"); ingressAclEntry.Policy = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.IngressAclEntries[" + i + "].Policy"); ingressAclEntry.Protocol = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.IngressAclEntries[" + i + "].Protocol"); ingressAclEntry.SourceCidrIp = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.IngressAclEntries[" + i + "].SourceCidrIp"); ingressAclEntry.Port = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.IngressAclEntries[" + i + "].Port"); ingressAclEntry.EntryType = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.IngressAclEntries[" + i + "].EntryType"); ingressAclEntry.NetworkAclEntryName = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.IngressAclEntries[" + i + "].NetworkAclEntryName"); ingressAclEntry.Description = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.IngressAclEntries[" + i + "].Description"); networkAclAttribute_ingressAclEntries.Add(ingressAclEntry); } networkAclAttribute.IngressAclEntries = networkAclAttribute_ingressAclEntries; List <CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_EgressAclEntry> networkAclAttribute_egressAclEntries = new List <CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_EgressAclEntry>(); for (int i = 0; i < _ctx.Length("CreateNetworkAcl.NetworkAclAttribute.EgressAclEntries.Length"); i++) { CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_EgressAclEntry egressAclEntry = new CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_EgressAclEntry(); egressAclEntry.NetworkAclEntryId = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.EgressAclEntries[" + i + "].NetworkAclEntryId"); egressAclEntry.Policy = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.EgressAclEntries[" + i + "].Policy"); egressAclEntry.Protocol = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.EgressAclEntries[" + i + "].Protocol"); egressAclEntry.DestinationCidrIp = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.EgressAclEntries[" + i + "].DestinationCidrIp"); egressAclEntry.Port = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.EgressAclEntries[" + i + "].Port"); egressAclEntry.EntryType = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.EgressAclEntries[" + i + "].EntryType"); egressAclEntry.Description = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.EgressAclEntries[" + i + "].Description"); egressAclEntry.NetworkAclEntryName = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.EgressAclEntries[" + i + "].NetworkAclEntryName"); networkAclAttribute_egressAclEntries.Add(egressAclEntry); } networkAclAttribute.EgressAclEntries = networkAclAttribute_egressAclEntries; List <CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_Resource> networkAclAttribute_resources = new List <CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_Resource>(); for (int i = 0; i < _ctx.Length("CreateNetworkAcl.NetworkAclAttribute.Resources.Length"); i++) { CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_Resource resource = new CreateNetworkAclResponse.CreateNetworkAcl_NetworkAclAttribute.CreateNetworkAcl_Resource(); resource.ResourceId = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.Resources[" + i + "].ResourceId"); resource.ResourceType = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.Resources[" + i + "].ResourceType"); resource.Status = _ctx.StringValue("CreateNetworkAcl.NetworkAclAttribute.Resources[" + i + "].Status"); networkAclAttribute_resources.Add(resource); } networkAclAttribute.Resources = networkAclAttribute_resources; createNetworkAclResponse.NetworkAclAttribute = networkAclAttribute; return(createNetworkAclResponse); }
public virtual void failover() { try { // Modify the autoscaling group to remove the AZ affected which is the AZ passed in the input // Find the autoscaling group that this is deployed into // Note: This changes the asynchronous call to a synchronous one DescribeAutoScalingGroupsResponse autoScalingGroupsResponse = AUTO_SCALING_CLIENT.DescribeAutoScalingGroupsAsync().GetAwaiter().GetResult(); if (autoScalingGroupsResponse != null && autoScalingGroupsResponse.AutoScalingGroups.Count > 0) { // Note: This assumes an Auto Scaling group exists; no error checking for readability AutoScalingGroup autoScalingGroup = autoScalingGroupsResponse.AutoScalingGroups[0]; string autoScalingGroupName = autoScalingGroup.AutoScalingGroupName; // Find all subnets in the availability zone passed in the input DescribeSubnetsResponse subnetsResult = EC2_CLIENT.DescribeSubnetsAsync(new DescribeSubnetsRequest() { Filters = new List <Amazon.EC2.Model.Filter> { new Amazon.EC2.Model.Filter { Name = "vpc-id", Values = new List <string> { vpcId } } } }).GetAwaiter().GetResult(); IList <string> desiredSubnetsForASG = new List <string>(); foreach (Amazon.EC2.Model.Subnet subnet in subnetsResult.Subnets) { if (!string.Equals(subnet.AvailabilityZone, azId, StringComparison.OrdinalIgnoreCase)) { desiredSubnetsForASG.Add(subnet.SubnetId); } } List <string> desiredSubnets = new List <String>(autoScalingGroup.VPCZoneIdentifier.Split(new[] { ',' }, StringSplitOptions.None)); var tempList = new List <String>(desiredSubnets); foreach (var subnet in desiredSubnets) { if (!desiredSubnetsForASG.Contains(subnet)) { tempList.Remove(subnet); } } desiredSubnets = tempList; Console.WriteLine("Updating the auto scaling group " + autoScalingGroupName + " to remove the subnet in the AZ"); // Note: This turns the asynchronous call into a synchronous one UpdateAutoScalingGroupResponse updateAutoScalingGroupResponse = AUTO_SCALING_CLIENT.UpdateAutoScalingGroupAsync(new UpdateAutoScalingGroupRequest { AutoScalingGroupName = autoScalingGroupName, VPCZoneIdentifier = string.Join(",", desiredSubnets) }).GetAwaiter().GetResult(); } // Find all subnets in the availability zone passed in the input // Note: This turns the asynchronous call into a synchronous one DescribeSubnetsResponse describeSubnetsResult = EC2_CLIENT.DescribeSubnetsAsync(new DescribeSubnetsRequest { Filters = new List <Amazon.EC2.Model.Filter> { new Amazon.EC2.Model.Filter { Name = "vpc-id", Values = new List <string> { vpcId } }, new Amazon.EC2.Model.Filter { Name = "availabilityZone", Values = new List <string> { azId } } } }).GetAwaiter().GetResult(); IList <string> desiredSubnetsForAddingNewNacl = new List <string>(); foreach (Amazon.EC2.Model.Subnet subnet in describeSubnetsResult.Subnets) { desiredSubnetsForAddingNewNacl.Add(subnet.SubnetId); } //Find all the network acl associations matching the subnets identified above // Note: This turns the asynchronous call into a synchronous one DescribeNetworkAclsResponse describeNetworkAclsResult = EC2_CLIENT.DescribeNetworkAclsAsync(new DescribeNetworkAclsRequest() { Filters = new List <Amazon.EC2.Model.Filter> { new Amazon.EC2.Model.Filter { Name = "association.subnet-id", Values = (List <string>)desiredSubnetsForAddingNewNacl } } }).GetAwaiter().GetResult(); IList <NetworkAclAssociation> desiredAclAssociations = new List <NetworkAclAssociation>(); // Note: This assumes a Network ACL is present for readability IList <NetworkAclAssociation> networkAclsAssociatedWithSubnet = describeNetworkAclsResult.NetworkAcls[0].Associations; foreach (string subnetId in desiredSubnetsForAddingNewNacl) { foreach (NetworkAclAssociation networkAcl in networkAclsAssociatedWithSubnet) { if (string.Equals(networkAcl.SubnetId, subnetId, StringComparison.OrdinalIgnoreCase)) { desiredAclAssociations.Add(networkAcl); } } } //create new network acl association with both ingress and egress denying to all the traffic CreateNetworkAclRequest createNetworkAclRequest = new CreateNetworkAclRequest(); createNetworkAclRequest.VpcId = vpcId; // Note: This turns the asynchronous call into a synchronous one CreateNetworkAclResponse createNetworkAclResponse = EC2_CLIENT.CreateNetworkAclAsync(createNetworkAclRequest).GetAwaiter().GetResult(); string networkAclId = createNetworkAclResponse.NetworkAcl.NetworkAclId; createNetworkAclEntry(networkAclId, 100, "0.0.0.0/0", true, "-1", createPortRange(0, 65535), RuleAction.Deny); createNetworkAclEntry(networkAclId, 101, "0.0.0.0/0", false, "-1", createPortRange(0, 65535), RuleAction.Deny); // replace all the network acl associations identified for the above subnets with the new network // acl association which will deny all traffic for those subnets in that AZ Console.WriteLine("Creating new network ACL associations"); replaceNetworkAclAssociations(desiredAclAssociations, networkAclId); //fail over rds which is in the same AZ // Note: This turns the asynchronous call into a synchronous one DescribeDBInstancesResponse describeDBInstancesResult = RDS_CLIENT.DescribeDBInstancesAsync().GetAwaiter().GetResult(); IList <DBInstance> dbInstances = describeDBInstancesResult.DBInstances; string dbInstancedId = null; foreach (DBInstance dbInstance in dbInstances) { if (string.Equals(dbInstance.DBSubnetGroup.VpcId, vpcId, StringComparison.OrdinalIgnoreCase) && (string.Equals(dbInstance.AvailabilityZone, azId, StringComparison.OrdinalIgnoreCase)) && dbInstance.MultiAZ && dbInstance.StatusInfos.Count == 0) { dbInstancedId = dbInstance.DBInstanceIdentifier; } } // we want to fail over rds if rds is present in the same az where it is affected if (!string.IsNullOrEmpty(dbInstancedId)) { RebootDBInstanceRequest rebootDBInstanceRequest = new RebootDBInstanceRequest(); rebootDBInstanceRequest.DBInstanceIdentifier = dbInstancedId; rebootDBInstanceRequest.ForceFailover = true; Console.WriteLine("Rebooting dbInstanceId to secondary AZ " + dbInstancedId); // Note: This turns the asynchronous call into a synchronous one RDS_CLIENT.RebootDBInstanceAsync(rebootDBInstanceRequest).GetAwaiter().GetResult(); } } catch (Exception exception) { Console.WriteLine("Unkown exception occured " + exception.Message); } }