private static async Task executeKMS(string[] args, Credentials credentials)
{
var nArgs = CLIHelper.GetNamedArguments(args);
var helper = new KMSHelper(credentials);
switch (args[1])
{
case "list-grants":
{
var result = await helper.GetGrantsByKeyNameAsync(
keyName : nArgs["key"],
grantName : nArgs["name"]);
Console.WriteLine($"{result.JsonSerialize(Newtonsoft.Json.Formatting.Indented)}");
}
; break;
case "create-grant":
{
var grants = nArgs["grants"].Split(',').Where(x => !x.IsNullOrWhitespace()).ToEnum <KMSHelper.GrantType>();
var grant = grants.Aggregate((a, b) => a | b);
var result = await helper.CreateRoleGrantByName(
keyName : nArgs["key"],
grantName : nArgs["name"],
roleName : nArgs["role"],
grant : grant);
Console.WriteLine($"SUCCESS, grant '{nArgs["name"]}' of key '{nArgs["key"]}' for role '{nArgs["role"]}' was created with privileges: '{grants.Select(x => x.ToString()).JsonSerialize()}'.");
}
; break;
case "remove-grant":
{
var result = await helper.RemoveGrantsByName(
keyName : nArgs["key"],
grantName : nArgs["name"]);
Console.WriteLine($"SUCCESS, {result?.Length ?? 0} grant/s with name '{nArgs["name"]}' of key '{nArgs["key"]}' were removed.");
}
; break;
case "help": HelpPrinter($"{args[0]}", "Amazon Identity and Access Management",
("list-grants", "Accepts params: key, name"),
("create-grant", "Accepts params: key, name, role, grants (',' separated: Encrypt, Decrypt)"),
("remove-grant", "Accepts params: key, name"));
break;
default:
{
Console.WriteLine($"Try '{args[0]} help' to find out list of available commands.");
throw new Exception($"Unknown IAM command: '{args[0]} {args[1]}'");
}
}
}
public static void Create(
FargateResourceV2 resource,
ELBHelper elb, Route53Helper e53, ECSHelper ecs, CloudWatchHelper cw, KMSHelper kms, IAMHelper iam, ACMHelper acm)
{
var errList = new List <Exception>();
Console.WriteLine("Crating S3 Access Policy...");
var policyS3 = iam.CreatePolicyS3Async(
name: resource.PolicyNameAccessS3,
paths: resource.PathsS3,
permissions: resource.PermissionsS3,
description: $"S3 Access Policy '{resource.PolicyNameAccessS3}' to '{resource.PathsS3.JsonSerialize()}' auto generated by AWSHelper").Result.PrintResponse();
Console.WriteLine($"Crating Execution Role '{resource.RoleName}'...");
var roleEcs = iam.CreateRoleWithPoliciesAsync(
roleName: resource.RoleName,
policies: new string[] { resource.ExecutionPolicy, resource.PolicyNameAccessS3 },
roleDescription: $"Role '{resource.RoleName}' auto generated by AWSHelper").Result.PrintResponse();
Console.WriteLine($"Awaiting {resource.RoleCreateAwaitDelay / 1000} [s] to ensure that role was indexed...");
Thread.Sleep(resource.RoleCreateAwaitDelay);
Console.WriteLine($"Crating Default S3 Storage Grant '{resource.StorageGrantDefaultS3}' created for role '{resource.RoleName}'...");
var defaultGrantResult = kms.CreateRoleGrantByName(
keyName: resource.StorageKeyDefaultS3,
grantName: resource.StorageGrantDefaultS3,
roleName: resource.RoleName,
grant: KMSHelper.GrantType.EncryptDecrypt).Result.PrintResponse();
Console.WriteLine($"Crating Internal S3 Storage Grant '{resource.StorageGrantInternalS3}' created for role '{resource.RoleName}'...");
var internalGrantResult = kms.CreateRoleGrantByName(
keyName: resource.StorageKeyInternalS3,
grantName: resource.StorageGrantInternalS3,
roleName: resource.RoleName,
grant: KMSHelper.GrantType.EncryptDecrypt).Result.PrintResponse();
Console.WriteLine("Crating Application Load Balancer...");
var loadBalancer = elb.CreateApplicationLoadBalancerAsync(resource.LoadBalancerName, resource.Subnets, resource.SecurityGroups, !resource.IsPublic).Result.PrintResponse();
Console.WriteLine("Retriving Certificate...");
var cert = acm.DescribeCertificateByDomainName(resource.CertificateDomainName).Result.PrintResponse();
Console.WriteLine("Creating HTTP Target Group...");
var targetGroup_http = elb.CreateHttpTargetGroupAsync(resource.TargetGroupName, resource.Port, resource.VPC, resource.HealthCheckPath).Result.PrintResponse();
Console.WriteLine("Creating HTTPS Listener...");
var listener_https = elb.CreateHttpsListenerAsync(loadBalancer.LoadBalancerArn, targetGroup_http.TargetGroupArn, certificateArn: cert.CertificateArn).Result.PrintResponse();
Console.WriteLine("Creating HTTP Listener...");
var listener_http = elb.CreateHttpListenerAsync(loadBalancer.LoadBalancerArn, targetGroup_http.TargetGroupArn, resource.Port).Result.PrintResponse();
if (resource.IsPublic && !resource.ZonePublic.IsNullOrWhitespace())
{
Console.WriteLine("Creating Route53 DNS Record for the public zone...");
e53.UpsertCNameRecordAsync(
resource.ZonePublic,
name: resource.DNSCName,
value: loadBalancer.DNSName,
ttl: 60).Await();
}
if (!resource.ZonePrivate.IsNullOrWhitespace())
{
Console.WriteLine("Creating Route53 DNS Record for the private zone...");
e53.UpsertCNameRecordAsync(
resource.ZonePrivate,
name: resource.DNSCName,
value: loadBalancer.DNSName,
ttl: 60).Await();
}
Console.WriteLine("Initializeing Cluster...");
var createClusterResponse = ecs.CreateClusterAsync(resource.ClusterName).Result.PrintResponse();
Console.WriteLine("Creating Log Group...");
cw.CreateLogGroupAsync(resource.LogGroupName).Await();
Console.WriteLine("Creating Task Definitions...");
var taskDefinition = ecs.RegisterFargateTaskAsync(
executionRoleArn: resource.RoleName,
family: resource.TaskFamily,
cpu: resource.CPU,
memory: resource.Memory,
name: resource.TaskDefinitionName,
image: resource.Image,
envVariables: resource.Environment,
logGroup: resource.LogGroupName,
ports: resource.Ports).Result.PrintResponse();
Console.WriteLine("Creating Service...");
var service = ecs.CreateFargateServiceAsync(
name: resource.ServiceName,
taskDefinition: taskDefinition,
desiredCount: resource.DesiredCount,
cluster: resource.ClusterName,
targetGroup: targetGroup_http,
assignPublicIP: resource.IsPublic,
securityGroups: resource.SecurityGroups,
subnets: resource.Subnets
).Result.PrintResponse();
Console.WriteLine($"Creating Cloud Watch Metric '{resource.ELBHealthyMetricAlarmName}'...");
var metricAlarm = cw.UpsertAELBMetricAlarmAsync(elb,
name: resource.ELBHealthyMetricAlarmName,
loadBalancer: resource.LoadBalancerName, targetGroup: resource.TargetGroupName,
metric: CloudWatchHelper.ELBMetricName.HealthyHostCount,
comparisonOperator: Amazon.CloudWatch.ComparisonOperator.LessThanThreshold,
treshold: 1).Result.PrintResponse();
}