/// <summary> /// Unmarshaller the response from the service to the response class. /// </summary> /// <param name="context"></param> /// <returns></returns> public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { DescribeNetworkAclsResponse response = new DescribeNetworkAclsResponse(); int originalDepth = context.CurrentDepth; int targetDepth = originalDepth + 1; if (context.IsStartOfDocument) { targetDepth = 2; } while (context.ReadAtDepth(originalDepth)) { if (context.IsStartElement || context.IsAttribute) { if (context.TestExpression("networkAclSet/item", targetDepth)) { var unmarshaller = NetworkAclUnmarshaller.Instance; var item = unmarshaller.Unmarshall(context); response.NetworkAcls.Add(item); continue; } } } return(response); }
public override void Invoke(AWSCredentials creds, RegionEndpoint region, int maxItems) { AmazonEC2Config config = new AmazonEC2Config(); config.RegionEndpoint = region; ConfigureClient(config); AmazonEC2Client client = new AmazonEC2Client(creds, config); DescribeNetworkAclsResponse resp = new DescribeNetworkAclsResponse(); do { DescribeNetworkAclsRequest req = new DescribeNetworkAclsRequest { NextToken = resp.NextToken , MaxResults = maxItems }; resp = client.DescribeNetworkAcls(req); CheckError(resp.HttpStatusCode, "200"); foreach (var obj in resp.NetworkAcls) { AddObject(obj); } }while (!string.IsNullOrEmpty(resp.NextToken)); }
public List <DescribeNetworkAclsModel> MapForDescribe(DescribeNetworkAclsResponse describeNetworkAclsResponse) { var model = new List <DescribeNetworkAclsModel>(); foreach (var networkAcls in describeNetworkAclsResponse.NetworkAcls) { model.Add(new DescribeNetworkAclsModel() { NetworkAclsId = networkAcls.NetworkAclId }); } return(model); }
public static void GetTopology() { IAmazonEC2 ec2 = AWSClientFactory.CreateAmazonEC2Client(); IAmazonAutoScaling asg = AWSClientFactory.CreateAmazonAutoScalingClient(); IAmazonElasticLoadBalancing elb = AWSClientFactory.CreateAmazonElasticLoadBalancingClient(); DescribeVpcsResponse vpcResponse = ec2.DescribeVpcs(); WriteFile("vpcs.csv", vpcResponse.Vpcs); DescribeInstancesResponse instanceResponse = ec2.DescribeInstances(); var reservationIndex = 0; foreach (var reservation in instanceResponse.Reservations) { if (reservationIndex == 0) { WriteFile("instances.csv", reservation.Instances); } else { AppendFile("instances.csv", reservation.Instances); } reservationIndex++; } DescribeNetworkAclsResponse naclResponse = ec2.DescribeNetworkAcls(); WriteFile("nacls.csv", naclResponse.NetworkAcls); Amazon.EC2.Model.DescribeTagsResponse tagsResponse = ec2.DescribeTags(); WriteFile("tags.csv", tagsResponse.Tags); DescribeVolumesResponse volumesResponse = ec2.DescribeVolumes(); WriteFile("volumes.csv", volumesResponse.Volumes); DescribeLoadBalancersResponse elbResponse = elb.DescribeLoadBalancers(); WriteFile("elbs.csv", elbResponse.LoadBalancerDescriptions); DescribeInternetGatewaysResponse igResponse = ec2.DescribeInternetGateways(); WriteFile("igs.csv", igResponse.InternetGateways); }
private async Task BlockSubnetsInAZ(string vpcId, List <string> subnetIds) { //Find all existing network acl associations matching the subnets identified above DescribeNetworkAclsResponse describeNetworkAclsResult = await ec2Client.DescribeNetworkAclsAsync(new DescribeNetworkAclsRequest() { Filters = new List <Amazon.EC2.Model.Filter> { new Amazon.EC2.Model.Filter { Name = "association.subnet-id", Values = subnetIds } } }); // The describe will return all associations of an ACL, which can be associated with a subnet not in the filter IEnumerable <string> associationsToUpdate = describeNetworkAclsResult.NetworkAcls.SelectMany(x => x.Associations).Where(x => subnetIds.Contains(x.SubnetId)).Select(x => x.NetworkAclAssociationId); //create new network acl CreateNetworkAclResponse createNetworkAclResponse = await ec2Client.CreateNetworkAclAsync(new CreateNetworkAclRequest() { VpcId = vpcId }); // add both ingress and egress denying to all the traffic to the new ACL string networkAclId = createNetworkAclResponse.NetworkAcl.NetworkAclId; await CreateNetworkAclEntry(networkAclId, 100, "0.0.0.0/0", true, "-1", CreatePortRange(0, 65535), RuleAction.Deny); await CreateNetworkAclEntry(networkAclId, 101, "0.0.0.0/0", false, "-1", CreatePortRange(0, 65535), RuleAction.Deny); // update all subnets to be associated with the new ACL foreach (string existingAssociation in associationsToUpdate) { // associates the specified network ACL with the subnet for the specified network ACL association ReplaceNetworkAclAssociationResponse replaceNetworkAclAssociationResponse = await ec2Client.ReplaceNetworkAclAssociationAsync(new ReplaceNetworkAclAssociationRequest() { AssociationId = existingAssociation, NetworkAclId = networkAclId }); } }
public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { DescribeNetworkAclsResponse response = new DescribeNetworkAclsResponse(); int targetDepth = 2; while (context.Read()) { if (context.IsStartElement || context.IsAttribute) { if (context.TestExpression("networkAclSet/item", targetDepth)) { response.NetworkAcls.Add(NetworkAclUnmarshaller.GetInstance().Unmarshall(context)); continue; } } } return(response); }
public virtual void failover() { try { // Modify the autoscaling group to remove the AZ affected which is the AZ passed in the input // Find the autoscaling group that this is deployed into // Note: This changes the asynchronous call to a synchronous one DescribeAutoScalingGroupsResponse autoScalingGroupsResponse = AUTO_SCALING_CLIENT.DescribeAutoScalingGroupsAsync().GetAwaiter().GetResult(); if (autoScalingGroupsResponse != null && autoScalingGroupsResponse.AutoScalingGroups.Count > 0) { // Note: This assumes an Auto Scaling group exists; no error checking for readability AutoScalingGroup autoScalingGroup = autoScalingGroupsResponse.AutoScalingGroups[0]; string autoScalingGroupName = autoScalingGroup.AutoScalingGroupName; // Find all subnets in the availability zone passed in the input DescribeSubnetsResponse subnetsResult = EC2_CLIENT.DescribeSubnetsAsync(new DescribeSubnetsRequest() { Filters = new List <Amazon.EC2.Model.Filter> { new Amazon.EC2.Model.Filter { Name = "vpc-id", Values = new List <string> { vpcId } } } }).GetAwaiter().GetResult(); IList <string> desiredSubnetsForASG = new List <string>(); foreach (Amazon.EC2.Model.Subnet subnet in subnetsResult.Subnets) { if (!string.Equals(subnet.AvailabilityZone, azId, StringComparison.OrdinalIgnoreCase)) { desiredSubnetsForASG.Add(subnet.SubnetId); } } List <string> desiredSubnets = new List <String>(autoScalingGroup.VPCZoneIdentifier.Split(new[] { ',' }, StringSplitOptions.None)); var tempList = new List <String>(desiredSubnets); foreach (var subnet in desiredSubnets) { if (!desiredSubnetsForASG.Contains(subnet)) { tempList.Remove(subnet); } } desiredSubnets = tempList; Console.WriteLine("Updating the auto scaling group " + autoScalingGroupName + " to remove the subnet in the AZ"); // Note: This turns the asynchronous call into a synchronous one UpdateAutoScalingGroupResponse updateAutoScalingGroupResponse = AUTO_SCALING_CLIENT.UpdateAutoScalingGroupAsync(new UpdateAutoScalingGroupRequest { AutoScalingGroupName = autoScalingGroupName, VPCZoneIdentifier = string.Join(",", desiredSubnets) }).GetAwaiter().GetResult(); } // Find all subnets in the availability zone passed in the input // Note: This turns the asynchronous call into a synchronous one DescribeSubnetsResponse describeSubnetsResult = EC2_CLIENT.DescribeSubnetsAsync(new DescribeSubnetsRequest { Filters = new List <Amazon.EC2.Model.Filter> { new Amazon.EC2.Model.Filter { Name = "vpc-id", Values = new List <string> { vpcId } }, new Amazon.EC2.Model.Filter { Name = "availabilityZone", Values = new List <string> { azId } } } }).GetAwaiter().GetResult(); IList <string> desiredSubnetsForAddingNewNacl = new List <string>(); foreach (Amazon.EC2.Model.Subnet subnet in describeSubnetsResult.Subnets) { desiredSubnetsForAddingNewNacl.Add(subnet.SubnetId); } //Find all the network acl associations matching the subnets identified above // Note: This turns the asynchronous call into a synchronous one DescribeNetworkAclsResponse describeNetworkAclsResult = EC2_CLIENT.DescribeNetworkAclsAsync(new DescribeNetworkAclsRequest() { Filters = new List <Amazon.EC2.Model.Filter> { new Amazon.EC2.Model.Filter { Name = "association.subnet-id", Values = (List <string>)desiredSubnetsForAddingNewNacl } } }).GetAwaiter().GetResult(); IList <NetworkAclAssociation> desiredAclAssociations = new List <NetworkAclAssociation>(); // Note: This assumes a Network ACL is present for readability IList <NetworkAclAssociation> networkAclsAssociatedWithSubnet = describeNetworkAclsResult.NetworkAcls[0].Associations; foreach (string subnetId in desiredSubnetsForAddingNewNacl) { foreach (NetworkAclAssociation networkAcl in networkAclsAssociatedWithSubnet) { if (string.Equals(networkAcl.SubnetId, subnetId, StringComparison.OrdinalIgnoreCase)) { desiredAclAssociations.Add(networkAcl); } } } //create new network acl association with both ingress and egress denying to all the traffic CreateNetworkAclRequest createNetworkAclRequest = new CreateNetworkAclRequest(); createNetworkAclRequest.VpcId = vpcId; // Note: This turns the asynchronous call into a synchronous one CreateNetworkAclResponse createNetworkAclResponse = EC2_CLIENT.CreateNetworkAclAsync(createNetworkAclRequest).GetAwaiter().GetResult(); string networkAclId = createNetworkAclResponse.NetworkAcl.NetworkAclId; createNetworkAclEntry(networkAclId, 100, "0.0.0.0/0", true, "-1", createPortRange(0, 65535), RuleAction.Deny); createNetworkAclEntry(networkAclId, 101, "0.0.0.0/0", false, "-1", createPortRange(0, 65535), RuleAction.Deny); // replace all the network acl associations identified for the above subnets with the new network // acl association which will deny all traffic for those subnets in that AZ Console.WriteLine("Creating new network ACL associations"); replaceNetworkAclAssociations(desiredAclAssociations, networkAclId); //fail over rds which is in the same AZ // Note: This turns the asynchronous call into a synchronous one DescribeDBInstancesResponse describeDBInstancesResult = RDS_CLIENT.DescribeDBInstancesAsync().GetAwaiter().GetResult(); IList <DBInstance> dbInstances = describeDBInstancesResult.DBInstances; string dbInstancedId = null; foreach (DBInstance dbInstance in dbInstances) { if (string.Equals(dbInstance.DBSubnetGroup.VpcId, vpcId, StringComparison.OrdinalIgnoreCase) && (string.Equals(dbInstance.AvailabilityZone, azId, StringComparison.OrdinalIgnoreCase)) && dbInstance.MultiAZ && dbInstance.StatusInfos.Count == 0) { dbInstancedId = dbInstance.DBInstanceIdentifier; } } // we want to fail over rds if rds is present in the same az where it is affected if (!string.IsNullOrEmpty(dbInstancedId)) { RebootDBInstanceRequest rebootDBInstanceRequest = new RebootDBInstanceRequest(); rebootDBInstanceRequest.DBInstanceIdentifier = dbInstancedId; rebootDBInstanceRequest.ForceFailover = true; Console.WriteLine("Rebooting dbInstanceId to secondary AZ " + dbInstancedId); // Note: This turns the asynchronous call into a synchronous one RDS_CLIENT.RebootDBInstanceAsync(rebootDBInstanceRequest).GetAwaiter().GetResult(); } } catch (Exception exception) { Console.WriteLine("Unkown exception occured " + exception.Message); } }
public static DescribeNetworkAclsResponse Unmarshall(UnmarshallerContext context) { DescribeNetworkAclsResponse describeNetworkAclsResponse = new DescribeNetworkAclsResponse(); describeNetworkAclsResponse.HttpResponse = context.HttpResponse; describeNetworkAclsResponse.RequestId = context.StringValue("DescribeNetworkAcls.RequestId"); describeNetworkAclsResponse.TotalCount = context.StringValue("DescribeNetworkAcls.TotalCount"); describeNetworkAclsResponse.PageNumber = context.StringValue("DescribeNetworkAcls.PageNumber"); describeNetworkAclsResponse.PageSize = context.StringValue("DescribeNetworkAcls.PageSize"); List <DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl> describeNetworkAclsResponse_networkAcls = new List <DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl>(); for (int i = 0; i < context.Length("DescribeNetworkAcls.NetworkAcls.Length"); i++) { DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl networkAcl = new DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl(); networkAcl.NetworkAclId = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].NetworkAclId"); networkAcl.RegionId = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].RegionId"); networkAcl.NetworkAclName = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].NetworkAclName"); networkAcl.Description = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].Description"); networkAcl.VpcId = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].VpcId"); networkAcl.CreationTime = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].CreationTime"); networkAcl.Status = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].Status"); networkAcl.OwnerId = context.LongValue("DescribeNetworkAcls.NetworkAcls[" + i + "].OwnerId"); List <DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_IngressAclEntry> networkAcl_ingressAclEntries = new List <DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_IngressAclEntry>(); for (int j = 0; j < context.Length("DescribeNetworkAcls.NetworkAcls[" + i + "].IngressAclEntries.Length"); j++) { DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_IngressAclEntry ingressAclEntry = new DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_IngressAclEntry(); ingressAclEntry.NetworkAclEntryId = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].IngressAclEntries[" + j + "].NetworkAclEntryId"); ingressAclEntry.Policy = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].IngressAclEntries[" + j + "].Policy"); ingressAclEntry.Protocol = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].IngressAclEntries[" + j + "].Protocol"); ingressAclEntry.SourceCidrIp = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].IngressAclEntries[" + j + "].SourceCidrIp"); ingressAclEntry.Port = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].IngressAclEntries[" + j + "].Port"); ingressAclEntry.EntryType = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].IngressAclEntries[" + j + "].EntryType"); ingressAclEntry.NetworkAclEntryName = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].IngressAclEntries[" + j + "].NetworkAclEntryName"); ingressAclEntry.Description = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].IngressAclEntries[" + j + "].Description"); networkAcl_ingressAclEntries.Add(ingressAclEntry); } networkAcl.IngressAclEntries = networkAcl_ingressAclEntries; List <DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_EgressAclEntry> networkAcl_egressAclEntries = new List <DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_EgressAclEntry>(); for (int j = 0; j < context.Length("DescribeNetworkAcls.NetworkAcls[" + i + "].EgressAclEntries.Length"); j++) { DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_EgressAclEntry egressAclEntry = new DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_EgressAclEntry(); egressAclEntry.NetworkAclEntryId = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].EgressAclEntries[" + j + "].NetworkAclEntryId"); egressAclEntry.Policy = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].EgressAclEntries[" + j + "].Policy"); egressAclEntry.Protocol = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].EgressAclEntries[" + j + "].Protocol"); egressAclEntry.DestinationCidrIp = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].EgressAclEntries[" + j + "].DestinationCidrIp"); egressAclEntry.Port = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].EgressAclEntries[" + j + "].Port"); egressAclEntry.EntryType = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].EgressAclEntries[" + j + "].EntryType"); egressAclEntry.Description = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].EgressAclEntries[" + j + "].Description"); egressAclEntry.NetworkAclEntryName = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].EgressAclEntries[" + j + "].NetworkAclEntryName"); networkAcl_egressAclEntries.Add(egressAclEntry); } networkAcl.EgressAclEntries = networkAcl_egressAclEntries; List <DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_Resource> networkAcl_resources = new List <DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_Resource>(); for (int j = 0; j < context.Length("DescribeNetworkAcls.NetworkAcls[" + i + "].Resources.Length"); j++) { DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_Resource resource = new DescribeNetworkAclsResponse.DescribeNetworkAcls_NetworkAcl.DescribeNetworkAcls_Resource(); resource.ResourceId = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].Resources[" + j + "].ResourceId"); resource.ResourceType = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].Resources[" + j + "].ResourceType"); resource.Status = context.StringValue("DescribeNetworkAcls.NetworkAcls[" + i + "].Resources[" + j + "].Status"); networkAcl_resources.Add(resource); } networkAcl.Resources = networkAcl_resources; describeNetworkAclsResponse_networkAcls.Add(networkAcl); } describeNetworkAclsResponse.NetworkAcls = describeNetworkAclsResponse_networkAcls; return(describeNetworkAclsResponse); }
// ----------------------------------------------------------------------- // Live Stack public static void ProcessNetworkAclFromAWS(StackResourceSummary resource, CFStack stack, AmazonEC2Client ec2Client, string stackName) { DescribeNetworkAclsRequest naclRequest = new DescribeNetworkAclsRequest(); naclRequest.NetworkAclIds = new List <string> { resource.PhysicalResourceId }; DescribeNetworkAclsResponse response = ec2Client.DescribeNetworkAcls(naclRequest); foreach (Amazon.EC2.Model.NetworkAcl nacl in response.NetworkAcls) { NetworkAcl n = new NetworkAcl(); n.LogicalId = resource.LogicalResourceId; if (log) { Utils.WriteToFile(logFile, "AWS NACL: " + n.LogicalId.ToString(), true); } n.Type = "AWS::EC2::NetworkAcl"; n.Properties.VpcId = nacl.VpcId; foreach (Amazon.EC2.Model.NetworkAclEntry e in nacl.Entries) { NetworkAclEntry ne = new NetworkAclEntry(); ne.RuleNumber = e.RuleNumber.ToString(); ne.CidrBlock = e.CidrBlock; ne.Egress = e.Egress; if (e.PortRange == null) { ne.FromPort = "ALL"; ne.ToPort = "ALL"; } else { //FormatPortRange - Port range could be 0-0 -1-1 0-65535 string from = ""; string to = ""; FormatPortRange(e.PortRange.From.ToString(), e.PortRange.To.ToString(), out from, out to); ne.FromPort = from; ne.ToPort = to; //------------------------------------------------------ } //FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp) ne.Protocol = FormatProtocol(e.Protocol); //------------------------------------------------------------------- ne.RuleAction = e.RuleAction; //ICMP not included. n.Properties.NetworkAclEntry.Add(ne); if (e.PortRange == null) { if (log) { Utils.WriteToFile(logFile, ne.RuleNumber + " Protocol: " + e.Protocol + " | From: " + "null" + " To: " + "null", true); } } else { if (log) { Utils.WriteToFile(logFile, ne.RuleNumber + " Protocol: " + e.Protocol + " | From: " + e.PortRange.From.ToString() + " To: " + e.PortRange.To.ToString(), true); } } } stack.Resources.Add(n); } }