public static void AddIPAddressToSecurityGroup() { var ec2Client = new AmazonEC2Client(); //Create and Initialize IpPermission Object var ipPermission = new IpPermission() { IpProtocol = "tcp", FromPort = 3389, //RDP port ToPort = 3389 }; ipPermission.IpRanges.Add(getExternalIp() + "/32"); //Create and initialize AuthorizeSecurityGroupIngress var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = ConfigurationManager.AppSettings["AWSSecurityGroupID"]; ingressRequest.IpPermissions.Add(ipPermission); try { //Authorize Ingress AuthorizeSecurityGroupIngressResponse ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); Console.WriteLine("IP address added to security group"); } catch (Amazon.EC2.AmazonEC2Exception e) { Console.WriteLine("** IP Address already exists in the security group. **"); //Console.WriteLine("Error:" + e); } }
public void RemoveIngressPermission(IpPermission permission) { var request = new RevokeSecurityGroupIngressRequest { GroupId = GetSecurityGroup().GroupId, IpPermissions = { permission } }; try { client.RevokeSecurityGroupIngress(request); } catch (AmazonEC2Exception e) { // If the ingress rule didn't exist then don't complain. if (e.ErrorCode.Equals("InvalidPermission.NotFound")) { logger.Warn("Tried to delete an ingress rule that did not exist in group " + request.GroupId); return; } // If the group which should contain this rule does not // exist then don't complain. if (e.ErrorCode.Equals("InvalidGroup.NotFound")) { logger.Warn("Tried to delete an ingress rule from a group that does not exist " + request.GroupId); return; } throw; } }
public void AddIngressPermission(IpPermission permission) { var request = new AuthorizeSecurityGroupIngressRequest { GroupId = GetSecurityGroup().GroupId, IpPermissions = { permission } }; try { client.AuthorizeSecurityGroupIngress(request); } catch (AmazonEC2Exception e) { // If the ingress rule already exists then don't complain. The // user might have created it manually or they deleted their // .last-config or .last-ip files. if (e.ErrorCode.Equals("InvalidPermission.Duplicate")) { logger.Warn("Tried to create a duplicate ingress rule for group " + request.GroupId); return; } throw; } }
private static void ManageSecurityGroups() { IAmazonEC2 ec2 = new Amazon.EC2.AmazonEC2Client(); var sgResponse = ec2.DescribeSecurityGroups(); string ipRange = "22.22.22.22/0"; List <string> ranges = new List <string>() { ipRange }; var ipPermission = new IpPermission(); ipPermission.IpProtocol = "tcp"; ipPermission.FromPort = 3333; ipPermission.ToPort = 3333; ipPermission.IpRanges = ranges; var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.IpPermissions.Add(ipPermission); var revokeRequest = new RevokeSecurityGroupIngressRequest(); revokeRequest.IpPermissions.Add(ipPermission); foreach (var sg in sgResponse.SecurityGroups) { try { if (new Random().Next(2) == 1) { ingressRequest.GroupId = sg.GroupId; var ingressResponse = ec2.AuthorizeSecurityGroupIngress(ingressRequest); } else { revokeRequest.GroupId = sg.GroupId; ec2.RevokeSecurityGroupIngress(revokeRequest); } //Console.WriteLine("New RDP rule for: " + ipRange); } catch (AmazonEC2Exception ex) { // Check the ErrorCode to see if the rule already exists. if ("InvalidPermission.Duplicate" == ex.ErrorCode) { //Console.WriteLine("An RDP rule for: {0} already exists.", ipRange); } else { // The exception was thrown for another reason, so re-throw the exception. //throw; } } } }
static async Task Revoke(IAmazonEC2 ec2Client, IpPermission ipPermission, string securityGroupId) { logger.LogInformation("Revoke {}: {}", securityGroupId, IpPermissionToString(ipPermission)); var revokeIngressRequest = new RevokeSecurityGroupIngressRequest(); revokeIngressRequest.GroupId = securityGroupId; revokeIngressRequest.IpPermissions.Add(ipPermission); var ingressResponse = await ec2Client.RevokeSecurityGroupIngressAsync(revokeIngressRequest); logger.LogDebug("Unauthorize response code " + ingressResponse.HttpStatusCode); }
static async Task Authorize(IAmazonEC2 ec2Client, IpPermission ipPermission, string securityGroupId) { logger.LogInformation("Authorize {}: {}", securityGroupId, IpPermissionToString(ipPermission)); var authorizeIngressRequest = new AuthorizeSecurityGroupIngressRequest(); authorizeIngressRequest.GroupId = securityGroupId; authorizeIngressRequest.IpPermissions.Add(ipPermission); var ingressResponse = await ec2Client.AuthorizeSecurityGroupIngressAsync(authorizeIngressRequest); logger.LogDebug("Authorize response code {}", ingressResponse.HttpStatusCode); }
static IpPermission CreateTCPPermission(string ipRange, int fromPort, int toPort) { var ipPermission = new IpPermission(); ipPermission.IpProtocol = "tcp"; ipPermission.FromPort = fromPort; ipPermission.ToPort = toPort; ipPermission.IpRanges = new List <string>() { ipRange }; return(ipPermission); }
private static string GetRuleText(IpPermission rule, string securityGroupId) { var ruleText = string.Empty; if (rule != null) { var prefix = string.Empty; if (rule.FromPort <= 0 && rule.ToPort <= 65535) { prefix = "All "; } var from = "Unknown"; if (rule.UserIdGroupPairs.Count > 0) { var group = GetSecurityGroupFromID(securityGroupId); from = group.GroupName + " security group"; } var to = "N/A"; if (rule.ToPort >= 0) { to = "port " + rule.ToPort; } if (rule.FromPort >= 0 && rule.FromPort < rule.ToPort) { to = "ports " + rule.FromPort + "-" + rule.ToPort; } if ((rule.FromPort == 0 && rule.ToPort == 0) || (rule.FromPort == 0 && rule.ToPort == 65535)) { to = "all ports"; } var protocol = rule.IpProtocol.ToUpper(); if (rule.IpProtocol.Equals("-1")) { protocol = "All protocol"; } ruleText += prefix + protocol + " traffic to " + to + " from " + from + "." + Environment.NewLine; } return(ruleText); }
SecurityGroup AddSGIPrermissions(IAmazonEC2 ec2, SecurityGroup SG) { string ipRange = "0.0.0.0/0"; List <string> ranges = new List <string>() { ipRange }; var ipPermission1 = new IpPermission(); ipPermission1.IpProtocol = "tcp"; ipPermission1.FromPort = 22; ipPermission1.ToPort = 22; ipPermission1.IpRanges = ranges; var ipPermission2 = new IpPermission(); ipPermission2.IpProtocol = "tcp"; ipPermission2.FromPort = 3389; ipPermission2.ToPort = 3389; ipPermission2.IpRanges = ranges; // MessageBox.Show(SG.GroupId); // foreach ( IpPermission ipper in SG.IpPermissions) // { // ipper.FromPort // // } try { SG.IpPermissions.Add(ipPermission1); SG.IpPermissions.Add(ipPermission2); AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest(); authorizeSecurityGroupIngressRequest.GroupId = SG.GroupId; //authorizeSecurityGroupIngressRequest.GroupName = MySG.GroupName; authorizeSecurityGroupIngressRequest.IpPermissions.Add(ipPermission1); authorizeSecurityGroupIngressRequest.IpPermissions.Add(ipPermission2); ec2.AuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); } catch (Exception ex) { } return(SG); }
private static string GetRangeText(IpPermission rule, string ipRange) { var rangeText = string.Empty; if (!string.IsNullOrEmpty(ipRange)) { var prefix = string.Empty; if (rule.FromPort <= 0 && rule.ToPort <= 65535) { prefix = "All "; } var from = ipRange; if (from == "0.0.0.0/0") { from = "anywhere"; } var to = "N/A"; if (rule.ToPort >= 0) { to = "port " + rule.ToPort; } if (rule.FromPort >= 0 && rule.FromPort < rule.ToPort) { to = "ports " + rule.FromPort + "-" + rule.ToPort; } if ((rule.FromPort == 0 && rule.ToPort == 0) || (rule.FromPort == 0 && rule.ToPort == 65535)) { to = "all ports"; } var protocol = rule.IpProtocol.ToUpper(); if (rule.IpProtocol.Equals("-1")) { protocol = "All protocol"; } rangeText += prefix + protocol + " traffic to " + to + " from " + from + "." + Environment.NewLine; } return(rangeText); }
public void AddRuleToEc2SecurityGroup(String ipRange = "1.1.1.1/1", String ipProtocol = "tcp", int fromPort = 3389, int toPort = 3389 , string secGroupName = DefaultSecurityGroup) { List <string> ranges = new List <string>() { ipRange }; var ipPermission = new IpPermission(); ipPermission.IpProtocol = ipProtocol; ipPermission.FromPort = fromPort; ipPermission.ToPort = toPort; ipPermission.IpRanges = ranges; var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = secGroupName; ingressRequest.IpPermissions.Add(ipPermission); var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); }
public static async Task CloseInboundPort(AmazonEC2Client ec2Client, int port, string protocol, string securityGroupName) { var ipPermission = new IpPermission { FromPort = port, ToPort = port, IpProtocol = protocol, Ipv4Ranges = new List <IpRange> { new IpRange { CidrIp = "0.0.0.0/0" } } }; var ipPermissions = new List <IpPermission> { ipPermission }; var request = new RevokeSecurityGroupIngressRequest { GroupName = securityGroupName, IpPermissions = ipPermissions }; var response = await ec2Client.RevokeSecurityGroupIngressAsync(request); }
public void IpRangeRoundTripTest() { var describeSecurityGroupsResponse = DescribeSecurityGroupById(); var testCollection = new List <string>(); var authorizeSecurityGroupEgressRequest = new AuthorizeSecurityGroupEgressRequest(); authorizeSecurityGroupEgressRequest.GroupId = SECURITY_GROUP_ID; IpPermission authorizeSecurityGroupEgressPermission = new IpPermission(); authorizeSecurityGroupEgressPermission.IpRanges.Add("0.0.0.0/7"); testCollection.Add("0.0.0.0/7"); authorizeSecurityGroupEgressPermission.IpProtocol = "ICMP"; authorizeSecurityGroupEgressPermission.FromPort = -1; authorizeSecurityGroupEgressPermission.ToPort = -1; authorizeSecurityGroupEgressRequest.IpPermissions = new List <IpPermission> { authorizeSecurityGroupEgressPermission }; var authorizeSecurityGroupEgressResponse = Client.AuthorizeSecurityGroupEgress(authorizeSecurityGroupEgressRequest); Assert.IsNotNull(authorizeSecurityGroupEgressResponse); Assert.IsFalse(authorizeSecurityGroupEgressRequest.IpPermissions[0].Ipv4Ranges.Any()); UtilityMethods.WaitUntilSuccess(() => { describeSecurityGroupsResponse = DescribeSecurityGroupById(); CollectionAssert.AreEqual(describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges, testCollection); CollectionAssert.AreEqual(describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].Ipv4Ranges.Select(p => p.CidrIp).ToList(), testCollection); }); authorizeSecurityGroupEgressRequest = new AuthorizeSecurityGroupEgressRequest(); authorizeSecurityGroupEgressRequest.GroupId = SECURITY_GROUP_ID; describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].Ipv4Ranges = new List <IpRange> { new IpRange { CidrIp = "0.0.0.0/8", Description = "TestDescription" } }; testCollection.Add("0.0.0.0/8"); authorizeSecurityGroupEgressRequest.IpPermissions = new List <IpPermission> { describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1] }; authorizeSecurityGroupEgressResponse = Client.AuthorizeSecurityGroupEgress(authorizeSecurityGroupEgressRequest); var validationResult = new List <string>(); UtilityMethods.WaitUntilSuccess(() => { describeSecurityGroupsResponse = DescribeSecurityGroupById(); validationResult = describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].Ipv4Ranges.Select(p => p.CidrIp).ToList(); CollectionAssert.AreEqual(describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges, testCollection); CollectionAssert.AreEqual(describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges, validationResult); }); authorizeSecurityGroupEgressRequest = new AuthorizeSecurityGroupEgressRequest(); authorizeSecurityGroupEgressRequest.GroupId = SECURITY_GROUP_ID; describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].Ipv4Ranges = new List <IpRange> { new IpRange { CidrIp = "0.0.0.0/9", Description = "TestDescription" } }; describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges = new List <string> { "0.0.0.0/10" }; authorizeSecurityGroupEgressRequest.IpPermissions = new List <IpPermission> { describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1] }; var authorizeSecurityGroupEgressException = Assert.ThrowsException <ArgumentException>(() => Client.AuthorizeSecurityGroupEgress(authorizeSecurityGroupEgressRequest)); Assert.AreEqual(authorizeSecurityGroupEgressException.Message, "Cannot set values for both Ipv4Ranges and IpRanges properties on the IpPermission type which is part of the request. Consider using only Ipv4Ranges as IpRanges has been marked obsolete."); authorizeSecurityGroupEgressRequest = new AuthorizeSecurityGroupEgressRequest(); authorizeSecurityGroupEgressRequest.GroupId = SECURITY_GROUP_ID; describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].Ipv4Ranges = new List <IpRange> { new IpRange { CidrIp = "0.0.0.0/9", Description = "TestDescription" } }; describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges = new List <string> { "0.0.0.0/9" }; testCollection.Add("0.0.0.0/9"); authorizeSecurityGroupEgressRequest.IpPermissions = new List <IpPermission> { describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1] }; authorizeSecurityGroupEgressResponse = Client.AuthorizeSecurityGroupEgress(authorizeSecurityGroupEgressRequest); UtilityMethods.WaitUntilSuccess(() => { describeSecurityGroupsResponse = DescribeSecurityGroupById(); validationResult = describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].Ipv4Ranges.Select(p => p.CidrIp).ToList(); CollectionAssert.AreEqual(describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges, testCollection); CollectionAssert.AreEqual(describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges, validationResult); }); authorizeSecurityGroupEgressRequest.IpPermissions[0].Ipv4Ranges = new List <IpRange> { new IpRange { CidrIp = "0.0.0.0/10", Description = "TestDescription" }, new IpRange { CidrIp = "0.0.0.0/11", Description = "TestDescription" } }; authorizeSecurityGroupEgressRequest.IpPermissions[0].IpRanges = new List <string> { "0.0.0.0/10", "0.0.0.0/11" }; testCollection.Add("0.0.0.0/10"); testCollection.Add("0.0.0.0/11"); authorizeSecurityGroupEgressResponse = Client.AuthorizeSecurityGroupEgress(authorizeSecurityGroupEgressRequest); UtilityMethods.WaitUntilSuccess(() => { describeSecurityGroupsResponse = DescribeSecurityGroupById(); validationResult = describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].Ipv4Ranges.Select(p => p.CidrIp).ToList(); CollectionAssert.AreEqual(describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges, testCollection); CollectionAssert.AreEqual(describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges, validationResult); }); var updateSecurityGroupEgressRequest = new UpdateSecurityGroupRuleDescriptionsEgressRequest(); updateSecurityGroupEgressRequest.GroupId = SECURITY_GROUP_ID; describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges = new List <string> { "0.0.0.0/8" }; updateSecurityGroupEgressRequest.IpPermissions = new List <IpPermission> { describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1] }; var updateSecurityGroupEgressResponse = Client.UpdateSecurityGroupRuleDescriptionsEgress(updateSecurityGroupEgressRequest); Assert.IsNotNull(updateSecurityGroupEgressResponse); UtilityMethods.WaitUntilSuccess(() => { describeSecurityGroupsResponse = DescribeSecurityGroupById(); validationResult = describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].Ipv4Ranges.Select(p => p.CidrIp).ToList(); CollectionAssert.AreEqual(describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].IpRanges, validationResult); var descriptionTest = describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1].Ipv4Ranges.Where(p => p.CidrIp == "0.0.0.0/8").Select(p => p.Description).Single().ToString(); Assert.AreEqual(descriptionTest, "TestDescription"); }); var revokeSecurityGroupEgressRequest = new RevokeSecurityGroupEgressRequest(); revokeSecurityGroupEgressRequest.GroupId = SECURITY_GROUP_ID; revokeSecurityGroupEgressRequest.IpPermissions = new List <IpPermission> { describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress[1] }; var revokeSecurityGroupIngressResponse = Client.RevokeSecurityGroupEgress(revokeSecurityGroupEgressRequest); Assert.IsNotNull(revokeSecurityGroupIngressResponse); UtilityMethods.WaitUntilSuccess(() => { describeSecurityGroupsResponse = DescribeSecurityGroupById(); Assert.IsFalse(describeSecurityGroupsResponse.SecurityGroups[0].IpPermissionsEgress .Where(p => p.Ipv4Ranges.Contains(new IpRange { CidrIp = "0.0.0.0/8", Description = "TestDescription" }) || p.Ipv4Ranges.Contains(new IpRange { CidrIp = "0.0.0.0/7" }) || p.IpRanges.Contains("0.0.0.0/7") || p.IpRanges.Contains("0.0.0.0/8")).ToList().Any()); }); }
/// <summary> /// This method will create a VPC, a public subnet, private subnet and a NAT EC2 instance to allow EC2 instances in the private /// subnet to establish outbound connections to the internet. /// </summary> /// <param name="ec2Client">The ec2client used to create the VPC</param> /// <param name="request">The properties used to create the VPC.</param> /// <returns>The response contains all the VPC objects that were created.</returns> public static LaunchVPCWithPublicAndPrivateSubnetsResponse LaunchVPCWithPublicAndPrivateSubnets(IAmazonEC2 ec2Client, LaunchVPCWithPublicAndPrivateSubnetsRequest request) { LaunchVPCWithPublicAndPrivateSubnetsResponse response = new LaunchVPCWithPublicAndPrivateSubnetsResponse(); LaunchVPCWithPublicSubnet(ec2Client, request, response); response.PrivateSubnet = ec2Client.CreateSubnet(new CreateSubnetRequest() { AvailabilityZone = request.PrivateSubnetAvailabilityZone ?? response.PublicSubnet.AvailabilityZone, CidrBlock = request.PrivateSubnetCiderBlock, VpcId = response.VPC.VpcId }).Subnet; WriteProgress(request.ProgressCallback, "Created private subnet {0}", response.PublicSubnet.SubnetId); WaitTillTrue(((Func <bool>)(() => (ec2Client.DescribeSubnets(new DescribeSubnetsRequest() { SubnetIds = new List <string>() { response.PrivateSubnet.SubnetId } }).Subnets.Count == 1)))); ec2Client.CreateTags(new CreateTagsRequest() { Resources = new List <string>() { response.PrivateSubnet.SubnetId }, Tags = new List <Tag>() { new Tag() { Key = "Name", Value = "Private" } } }); WriteProgress(request.ProgressCallback, "Launching NAT instance"); response.NATInstance = LaunchNATInstance(ec2Client, new LaunchNATInstanceRequest() { InstanceType = request.InstanceType, KeyName = request.KeyName, SubnetId = response.PublicSubnet.SubnetId }); WriteProgress(request.ProgressCallback, "NAT instance is available"); var defaultRouteTable = GetDefaultRouteTable(ec2Client, response.VPC.VpcId); if (defaultRouteTable == null) { throw new AmazonEC2Exception("No default route table found for VPC"); } ec2Client.CreateRoute(new CreateRouteRequest() { RouteTableId = defaultRouteTable.RouteTableId, DestinationCidrBlock = "0.0.0.0/0", InstanceId = response.NATInstance.InstanceId }); WriteProgress(request.ProgressCallback, "Added route to the NAT instance in the default route table"); if (request.ConfigureDefaultVPCGroupForNAT) { var defaultSecurityGroup = GetDefaultSecurityGroup(ec2Client, response.VPC.VpcId); var groupId = ec2Client.CreateSecurityGroup(new CreateSecurityGroupRequest() { VpcId = response.VPC.VpcId, GroupName = "NATGroup", Description = "Give EC2 Instances access through the NAT" }).GroupId; WriteProgress(request.ProgressCallback, "Created security group for NAT configuration"); IpPermission spec = new IpPermission { IpProtocol = "-1", IpRanges = new List <string> { "0.0.0.0/0" }, UserIdGroupPairs = new List <UserIdGroupPair>() { new UserIdGroupPair() { GroupId = groupId } } }; ec2Client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() { IpPermissions = new List <IpPermission>() { spec }, GroupId = defaultSecurityGroup.GroupId }); WriteProgress(request.ProgressCallback, "Added permission to the default security group {0} to allow traffic from security group {1}", defaultSecurityGroup.GroupId, groupId); response.NATSecurityGroup = ec2Client.DescribeSecurityGroups(new DescribeSecurityGroupsRequest() { GroupIds = new List <string>() { groupId } }).SecurityGroups[0]; } return(response); }
// enumerate VPC security group and create a security group for EC2-VPC public void create_lunch_checkstatus_for_istance() { //Create an Amazon EC2 Client Using the the SDK var ec2Client = new AmazonEC2Client(); // enumerate VPC security group string secGroupName = "my-sample-sg-vpc"; SecurityGroup mySG = null; string vpcID = "vpc-7cdc5904"; Amazon.EC2.Model.Filter vpcFilter = new Amazon.EC2.Model.Filter { Name = "vpc-id", Values = new List <string>() { vpcID } }; var dsgRequest = new DescribeSecurityGroupsRequest(); dsgRequest.Filters.Add(vpcFilter); var dsgResponse = ec2Client.DescribeSecurityGroups(dsgRequest); List <SecurityGroup> mySGs = dsgResponse.SecurityGroups; foreach (SecurityGroup item in mySGs) { Console.WriteLine("Existing security group: " + item.GroupId); if (item.GroupName == secGroupName) { mySG = item; } } //create a security group for EC2-VPC if (mySG == null) { var newSGRequest = new CreateSecurityGroupRequest() { GroupName = secGroupName, Description = "My sample security group for EC2-VPC", VpcId = vpcID }; var csgResponse = ec2Client.CreateSecurityGroup(newSGRequest); Console.WriteLine(); Console.WriteLine("New security group: " + csgResponse.GroupId); List <string> Groups = new List <string>() { csgResponse.GroupId }; var newSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = Groups }; var newSgResponse = ec2Client.DescribeSecurityGroups(newSgRequest); mySG = newSgResponse.SecurityGroups[0]; } //Create and initialize an IpPermission object. //iprange = the IP addresses of your local machine string ipRange = "0.0.0.0/0"; List <string> ranges = new List <string>() { ipRange }; var ipPermission = new IpPermission() { IpProtocol = "tcp", //The beginning and end of the port range. This example specifies a single port, 3389, which is used to communicate with Windows over RDP. //it should be changed if u launch a linux instance (use 22 insted ) FromPort = 3389, ToPort = 3389, IpRanges = ranges }; //Create and initialize an AuthorizeSecurityGroupIngressRequest object. var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = mySG.GroupId; ingressRequest.IpPermissions.Add(ipPermission); //Pass the request object to the AuthorizeSecurityGroupIngress method, which returns an AuthorizeSecurityGroupIngressResponse object. var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); Console.WriteLine("New RDP rule for: " + ipRange); //Create and initialize a network interface.for lunch enstance string subnetID = "subnet-048d6c59"; List <string> groups = new List <string>() { mySG.GroupId }; var eni = new InstanceNetworkInterfaceSpecification() { DeviceIndex = 0, SubnetId = subnetID, Groups = groups, AssociatePublicIpAddress = true }; List <InstanceNetworkInterfaceSpecification> enis = new List <InstanceNetworkInterfaceSpecification>() { eni }; string amiID = "ami-06a0d33fc8d328de0"; string keyPairName = "my-sample-key"; var launchRequest = new RunInstancesRequest() { ImageId = amiID, InstanceType = "m3.large", MinCount = 1, MaxCount = 1, KeyName = keyPairName, NetworkInterfaces = enis }; //launch RunInstancesResponse launchResponse = ec2Client.RunInstances(launchRequest); List <String> instanceIds = new List <string>(); foreach (Instance instance in launchResponse.Reservation.Instances) { Console.WriteLine(instance.InstanceId); instanceIds.Add(instance.InstanceId); } //check the status of the enstance var instanceRequest = new DescribeInstancesRequest(); instanceRequest.InstanceIds = new List <string>(); instanceRequest.InstanceIds.AddRange(instanceIds); var response = ec2Client.DescribeInstances(instanceRequest); Console.WriteLine(response.Reservations[0].Instances[0].State.Name); }
public bool load_security_group_id() { write_log(region + " のセキュリティグループを確認しています。"); try { var client = get_client(); var query_req = new DescribeSecurityGroupsRequest(); query_req.Filters.Add(new Filter() { Name = "tag-value", Values = new List <string>() { Helper.build_name(setting_, "sg") } }); var query_res = client.DescribeSecurityGroups(query_req); write_log("自 IPAddress を確認しています。"); string ipaddress = Helper.get_remote_ipaddress() + "/32"; if (query_res.SecurityGroups.Count != 0) { security_group_id = query_res.SecurityGroups[0].GroupId; foreach (var row in query_res.SecurityGroups[0].IpPermissions) { foreach (var row2 in row.IpRanges) { if (row2.Equals(ipaddress)) { write_log(region + " のセキュリティグループは " + security_group_id + " です"); return(true); } } } } else { write_log(region + " にセキュリティグループを作成しています。"); var create_req = new CreateSecurityGroupRequest(); create_req.VpcId = vpc_id; create_req.GroupName = "ingress_ssh-sg"; create_req.Description = "from specific ipaddress."; var create_res = client.CreateSecurityGroup(create_req); security_group_id = create_res.GroupId; set_name_tag(client, security_group_id, Helper.build_name(setting_, "sg")); write_log("セキュリティグループ " + security_group_id + " を作成しました。"); } write_log("セキュリティグループ " + security_group_id + " に " + ipaddress + " を関連付けます。"); IpPermission ipPermission_22 = new IpPermission(); ipPermission_22.ToPort = 22; ipPermission_22.FromPort = 22; ipPermission_22.IpProtocol = "6"; ipPermission_22.IpRanges.Add(ipaddress); IpPermission ipPermission_53556 = new IpPermission(); ipPermission_53556.ToPort = 53556; ipPermission_53556.FromPort = 53556; ipPermission_53556.IpProtocol = "6"; ipPermission_53556.IpRanges.Add(ipaddress); var authorize_req = new AuthorizeSecurityGroupIngressRequest(); authorize_req.GroupId = security_group_id; authorize_req.IpPermissions = new List <IpPermission>() { ipPermission_22, ipPermission_53556 }; client.AuthorizeSecurityGroupIngress(authorize_req); set_name_tag(client, security_group_id, Helper.build_name(setting_, "sg")); write_log("セキュリティグループ " + security_group_id + " を作成しました。"); } catch (Exception ex) { write_log("ERROR: " + ex.ToString()); return(false); } return(true); }
static async Task <string> CreateFleet(string name, string version, string buildId) { var config = new AmazonGameLiftConfig(); config.RegionEndpoint = region; using (AmazonGameLiftClient aglc = new AmazonGameLiftClient(config)) { // create launch configuration var serverProcess = new ServerProcess(); serverProcess.ConcurrentExecutions = 1; serverProcess.LaunchPath = @"C:\game\GameLiftUnity.exe"; // @"/local/game/ReproGLLinux.x86_64"; serverProcess.Parameters = "-batchmode -nographics"; // create inbound IP permissions var permission1 = new IpPermission(); permission1.FromPort = 1935; permission1.ToPort = 1935; permission1.Protocol = IpProtocol.TCP; permission1.IpRange = "0.0.0.0/0"; // create inbound IP permissions var permission2 = new IpPermission(); permission2.FromPort = 3389; permission2.ToPort = 3389; permission2.Protocol = IpProtocol.TCP; permission2.IpRange = "0.0.0.0/0"; // create fleet var cfreq = new CreateFleetRequest(); cfreq.Name = name; cfreq.Description = version; cfreq.BuildId = buildId; cfreq.EC2InstanceType = EC2InstanceType.C4Large; cfreq.EC2InboundPermissions.Add(permission1); cfreq.EC2InboundPermissions.Add(permission2); cfreq.RuntimeConfiguration = new RuntimeConfiguration(); cfreq.RuntimeConfiguration.ServerProcesses = new List <ServerProcess>(); cfreq.RuntimeConfiguration.ServerProcesses.Add(serverProcess); cfreq.NewGameSessionProtectionPolicy = ProtectionPolicy.NoProtection; CreateFleetResponse cfres = await aglc.CreateFleetAsync(cfreq); // set fleet capacity var ufcreq = new UpdateFleetCapacityRequest(); ufcreq.MinSize = 0; ufcreq.DesiredInstances = 1; ufcreq.MaxSize = 1; ufcreq.FleetId = cfres.FleetAttributes.FleetId; UpdateFleetCapacityResponse ufcres = await aglc.UpdateFleetCapacityAsync(ufcreq); // set scaling rule (switch fleet off after 1 day of inactivity) // If [MetricName] is [ComparisonOperator] [Threshold] for [EvaluationPeriods] minutes, then [ScalingAdjustmentType] to/by [ScalingAdjustment]. var pspreq = new PutScalingPolicyRequest(); pspreq.Name = "Switch fleet off after 1 day of inactivity"; pspreq.MetricName = MetricName.ActiveGameSessions; pspreq.ComparisonOperator = ComparisonOperatorType.LessThanOrEqualToThreshold; pspreq.Threshold = 0.0; // double (don't use int) pspreq.EvaluationPeriods = 1435; // just under 1 day, 1435 appears to be the maximum permitted value now. pspreq.ScalingAdjustmentType = ScalingAdjustmentType.ExactCapacity; pspreq.ScalingAdjustment = 0; pspreq.FleetId = cfres.FleetAttributes.FleetId; PutScalingPolicyResponse pspres = await aglc.PutScalingPolicyAsync(pspreq); return(cfres.FleetAttributes.FleetId); } }
//[Obsolete] public async Task <string> CreateEC2InstanceAsync(int serverType = 0) { string secGroupName = "myec2"; string instanceID = ""; if (serverType == (int)AWSConstants.server_types.EC2) { //Step 1:- check for the security Groups var isSGExists = await IsSecurityGroupsExistsAsync(secGroupName); //Step 2:- Create Security Groups if (!isSGExists) { SecurityGroup securityGroup = CreateSecurityGroupAsync(secGroupName).Result; string ipRange = "0.0.0.0/0"; List <string> ranges = new List <string> { ipRange }; //Step 3:- Attach the IP Permissions IpPermission ipPermission = new IpPermission() { IpProtocol = "All traffic", FromPort = 0, ToPort = 65535, IpRanges = ranges }; var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = securityGroup.GroupId; ingressRequest.IpPermissions.Add(ipPermission); var ingressResponse = amazonEC2Client.AuthorizeSecurityGroupIngressAsync(ingressRequest); //Step 4:- Create Key Pairs (.pem file) string keyPairName = CreateKeyPair(); //Step 5:- Create Launch Request Object string amiID = "ami-0b6158cfa2ae7b493"; List <string> groups = new List <string>() { securityGroup.GroupId }; var launchRequest = new RunInstancesRequest() { ImageId = amiID, InstanceType = "t2.micro", MinCount = 1, MaxCount = 1, KeyName = keyPairName, SecurityGroupIds = groups }; var launchResponse = await amazonEC2Client.RunInstancesAsync(launchRequest); var instances = launchResponse.Reservation.Instances; var instanceIds = new List <string>(); foreach (Instance item in instances) { instanceIds.Add(item.InstanceId); Console.WriteLine(); Console.WriteLine("New instance: " + item.InstanceId); Console.WriteLine("Instance state: " + item.State.Name); } //Step 6:- Describe Instances to know the status of the instances var instanceRequest = new DescribeInstancesRequest { InstanceIds = new List <string> { instanceIds[0] } }; while (true) { var response = await amazonEC2Client.DescribeInstancesAsync(instanceRequest); if (response.Reservations[0].Instances[0].State.Name == InstanceStateName.Running) { instanceID = response.Reservations[0].Instances[0].PublicDnsName + "With the status of " + InstanceStateName.Running; break; } } } } return(instanceID); }
private void create_security_group_rule(string key, string secret, Amazon.RegionEndpoint region, string security_group, string serverports, string ipEnpoint = "") { HttpStatusCode ret = HttpStatusCode.OK; string ip = "0.0.0.0"; MailAddress fromMailer = null; MailAddress toMailer = null; string mailhost = ""; int mailport = 0; bool mailssl = false; string mailuser = ""; string mailpass = ""; bool loadConfig = true; string partialmsg = ""; if (ipEnpoint != string.Empty) { ip = get_external_ip(ipEnpoint); } if (loadConfig) { try { fromMailer = new MailAddress(ConfigurationManager.AppSettings["MAIL-FROM"].ToString()); toMailer = new MailAddress(ConfigurationManager.AppSettings["MAIL-TO"].ToString()); mailhost = ConfigurationManager.AppSettings["MAIL-HOST"].ToString(); mailport = int.Parse(ConfigurationManager.AppSettings["MAIL-PORT"].ToString()); mailssl = bool.Parse(ConfigurationManager.AppSettings["MAIL-SSL"].ToString()); mailuser = ConfigurationManager.AppSettings["MAIL-USER"].ToString(); mailpass = ConfigurationManager.AppSettings["MAIL-PASS"].ToString(); ipEnpoint = ConfigurationManager.AppSettings["IP-ENDPOINT"].ToString(); ip = get_external_ip(ipEnpoint); } catch { loadConfig = false; } } if (ip != "") { try { AmazonEC2Client ec2Client = null; AWSCredentials credentials = new Amazon.Runtime.BasicAWSCredentials(key, secret); ec2Client = new AmazonEC2Client(credentials, region); IpRange ipRange = new IpRange { CidrIp = ip + "/32", Description = "Rule created by aws-security-group-access-rule at " + DateTime.Now.ToString() }; var ingressRequest = new AuthorizeSecurityGroupIngressRequest { GroupId = security_group }; var listaPortas = serverports.Split(','); foreach (var item in listaPortas) { var ipPermission = new IpPermission { IpProtocol = "tcp", FromPort = Int16.Parse(item), ToPort = Int16.Parse(item) }; ipPermission.Ipv4Ranges.Add(ipRange); ingressRequest.IpPermissions.Add(ipPermission); } var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); partialmsg += "[AWS Response :: " + ingressResponse.HttpStatusCode.ToString() + "]"; ret = ingressResponse.HttpStatusCode; #region Debug Section /* * switch (ingressResponse.HttpStatusCode) * { * case HttpStatusCode.Continue: partialmsg += ""; break; * case HttpStatusCode.SwitchingProtocols: partialmsg += ""; break; * case HttpStatusCode.OK: partialmsg += ""; break; * case HttpStatusCode.Created: partialmsg += ""; break; * case HttpStatusCode.Accepted: partialmsg += ""; break; * case HttpStatusCode.NonAuthoritativeInformation: partialmsg += ""; break; * case HttpStatusCode.NoContent: partialmsg += ""; break; * case HttpStatusCode.ResetContent: partialmsg += ""; break; * case HttpStatusCode.PartialContent: partialmsg += ""; break; * case HttpStatusCode.MultipleChoices: partialmsg += ""; break; * case HttpStatusCode.MovedPermanently: partialmsg += ""; break; * case HttpStatusCode.Found: partialmsg += ""; break; * case HttpStatusCode.SeeOther: partialmsg += ""; break; * case HttpStatusCode.NotModified: partialmsg += ""; break; * case HttpStatusCode.UseProxy: partialmsg += ""; break; * case HttpStatusCode.Unused: partialmsg += ""; break; * case HttpStatusCode.TemporaryRedirect: partialmsg += ""; break; * case HttpStatusCode.BadRequest: partialmsg += ""; break; * case HttpStatusCode.Unauthorized: partialmsg += ""; break; * case HttpStatusCode.PaymentRequired: partialmsg += ""; break; * case HttpStatusCode.Forbidden: partialmsg += ""; break; * case HttpStatusCode.NotFound: partialmsg += ""; break; * case HttpStatusCode.MethodNotAllowed: partialmsg += ""; break; * case HttpStatusCode.NotAcceptable: partialmsg += ""; break; * case HttpStatusCode.ProxyAuthenticationRequired: partialmsg += ""; break; * case HttpStatusCode.RequestTimeout: partialmsg += ""; break; * case HttpStatusCode.Conflict: partialmsg += ""; break; * case HttpStatusCode.Gone: partialmsg += ""; break; * case HttpStatusCode.LengthRequired: partialmsg += ""; break; * case HttpStatusCode.PreconditionFailed: partialmsg += ""; break; * case HttpStatusCode.RequestEntityTooLarge: partialmsg += ""; break; * case HttpStatusCode.RequestUriTooLong: partialmsg += ""; break; * case HttpStatusCode.UnsupportedMediaType: partialmsg += ""; break; * case HttpStatusCode.RequestedRangeNotSatisfiable: partialmsg += ""; break; * case HttpStatusCode.ExpectationFailed: partialmsg += ""; break; * case HttpStatusCode.UpgradeRequired: partialmsg += ""; break; * case HttpStatusCode.InternalServerError: partialmsg += ""; break; * case HttpStatusCode.NotImplemented: partialmsg += ""; break; * case HttpStatusCode.BadGateway: partialmsg += ""; break; * case HttpStatusCode.ServiceUnavailable: partialmsg += ""; break; * case HttpStatusCode.GatewayTimeout: partialmsg += ""; break; * case HttpStatusCode.HttpVersionNotSupported: partialmsg += ""; break; * } */ #endregion } catch (AmazonEC2Exception ex) { ret = ex.StatusCode; partialmsg += "[ERROR-CODE " + ex.ErrorCode + "] " + ex.Message + "<BR>"; } finally { if (loadConfig) { sendEmail(mailhost, mailport, mailssl, mailuser, mailpass, fromMailer, toMailer, "[aws-security-group-access-rule]" + ret.ToString(), string.Format("Access granted to ports {1} by IP {0}", ip, serverports) ); } } } void sendEmail(string hostname, int port, bool ssl, string user, string pass, MailAddress fromMail, MailAddress toMail, string subject, string message, bool ishtml = false) { MailMessage msg = new MailMessage { Subject = subject, Body = message, IsBodyHtml = ishtml, Priority = MailPriority.High, From = fromMail }; msg.To.Add(toMail); SmtpClient mailClient = new SmtpClient { Host = hostname, Port = port, UseDefaultCredentials = false, Credentials = new NetworkCredential(user, pass), EnableSsl = ssl }; mailClient.Send(msg); } }
static void Main(string[] args) { Amazon.EC2.AmazonEC2Client ec2 = new Amazon.EC2.AmazonEC2Client(RegionEndpoint.APSoutheast2); var securityGroups = ec2.DescribeSecurityGroupsAsync().Result.SecurityGroups; foreach (var securityGroup in securityGroups) { var dict = securityGroup.IpPermissions.ToList(); var newDict = dict.ToList(); foreach (var rule in dict) { if (rule.Ipv4Ranges != null) { foreach (var ipv4rule in rule.Ipv4Ranges.ToList()) { var rulesRegex = new Regex(@"\[(?:\[[^\[\]]*\]|[^\[\]])*\]", RegexOptions.None); if (ipv4rule.Description == null) { continue; } var m = rulesRegex.Matches(ipv4rule.Description).ToList(); if (m == null) { continue; } foreach (Group g in m) { var extension = g.Value.Split(new[] { '[', ']' }, StringSplitOptions.RemoveEmptyEntries).ToDictionary(s => s.Split('=')[0], s => s.Split('=')[1]).FirstOrDefault(); if (extension.Key == "fqdn") { //get ip from DNS var newIP = Dns.GetHostEntry(extension.Value).AddressList.FirstOrDefault().ToString() + "/32"; if (ipv4rule.CidrIp == newIP) { Console.WriteLine("Didn't update security group. Cidr Still matches"); } else { IpPermission oldPermission = new IpPermission { FromPort = rule.FromPort, IpProtocol = rule.IpProtocol, ToPort = rule.ToPort }; oldPermission.Ipv4Ranges.Add(ipv4rule); var oldlistofpermissions = new List <IpPermission>(); oldlistofpermissions.Add(oldPermission); //revoke that one rule. ec2.RevokeSecurityGroupIngressAsync(new Amazon.EC2.Model.RevokeSecurityGroupIngressRequest { GroupId = securityGroup.GroupId, IpPermissions = oldlistofpermissions }).Wait(); //add the new one. IpPermission newPermission = new IpPermission { FromPort = rule.FromPort, IpProtocol = rule.IpProtocol, ToPort = rule.ToPort }; var newiprange = new IpRange(); newiprange.CidrIp = newIP; newiprange.Description = ipv4rule.Description; newPermission.Ipv4Ranges.Add(newiprange); var newlistofpermissions = new List <IpPermission>(); newlistofpermissions.Add(newPermission); //ipv4rule.CidrIp = Dns.GetHostEntry(extension.Value).AddressList.FirstOrDefault().ToString() + "/32"; ec2.AuthorizeSecurityGroupIngressAsync(new Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest { GroupId = securityGroup.GroupId, IpPermissions = newlistofpermissions }).Wait(); } } if (extension.Key == "expiry") { var isDate = DateTime.TryParse(extension.Value, out DateTime expiry); if (!isDate) { var chronic = new Chronic.Parser(); expiry = chronic.Parse(extension.Value, new Chronic.Options { EndianPrecedence = Chronic.EndianPrecedence.Little }).ToTime(); ipv4rule.Description = ipv4rule.Description.Replace(g.Value, $"[expiry={expiry.ToString("yyyy-MM-dd HH:mm")}]"); IpPermission newPermission = new IpPermission { FromPort = rule.FromPort, IpProtocol = rule.IpProtocol, ToPort = rule.ToPort }; var newiprange = new IpRange(); newiprange.Description = ipv4rule.Description; newiprange.CidrIp = ipv4rule.CidrIp; newPermission.Ipv4Ranges.Add(newiprange); var newlistofpermissions = new List <IpPermission>(); newlistofpermissions.Add(newPermission); ec2.UpdateSecurityGroupRuleDescriptionsIngressAsync(new Amazon.EC2.Model.UpdateSecurityGroupRuleDescriptionsIngressRequest { GroupId = securityGroup.GroupId, IpPermissions = newlistofpermissions }).Wait(); //ec2.RevokeSecurityGroupIngressAsync(new Amazon.EC2.Model.RevokeSecurityGroupIngressRequest { GroupId = securityGroup.GroupId, IpPermissions = listofpermissions }).Wait(); } else { if (expiry < DateTime.Now) { IpPermission permission = new IpPermission { FromPort = rule.FromPort, IpProtocol = rule.IpProtocol, ToPort = rule.ToPort }; permission.Ipv4Ranges.Add(ipv4rule); var listofpermissions = new List <IpPermission>(); listofpermissions.Add(permission); ec2.RevokeSecurityGroupIngressAsync(new Amazon.EC2.Model.RevokeSecurityGroupIngressRequest { GroupId = securityGroup.GroupId, IpPermissions = listofpermissions }).Wait(); //newDict.Where(x => x == rule).Where(y => y.Ipv4Ranges == rule.Ipv4Ranges).First().Ipv4Ranges.Add() } } } } } } } } }
static string IpPermissionToString(IpPermission ipPermission) { return(String.Format("IpPermission={{Protocol={0}, FromPort={1}, ToPort={2}, IpRanges=[{3}]}}", ipPermission.IpProtocol, ipPermission.FromPort, ipPermission.ToPort, String.Join(",", ipPermission.IpRanges))); }