public async Task CopySecurityGroup(string sourceSgId, string targetSgName, string description) { var sReq = new DescribeSecurityGroupsRequest() { GroupIds = new List <string>() { sourceSgId } }; //client.va var sResp = await client.DescribeSecurityGroupsAsync(sReq); if (sResp.SecurityGroups.Count > 0) { var sSG = sResp.SecurityGroups[0]; SecurityGroup tSG; var filters = new List <Filter>(); var filter = new Filter("group-name", new List <string> { targetSgName }); filters.Add(filter); var tReq = new DescribeSecurityGroupsRequest() { Filters = filters }; var tResp = await client.DescribeSecurityGroupsAsync(tReq); if (tResp.SecurityGroups.Count > 0) { tSG = tResp.SecurityGroups[0]; tSG.IpPermissions = sSG.IpPermissions; var uRequest = new UpdateSecurityGroupRuleDescriptionsIngressRequest() { GroupId = tSG.GroupId }; await client.UpdateSecurityGroupRuleDescriptionsIngressAsync(uRequest); } else { var cReq = new CreateSecurityGroupRequest() { Description = description, GroupName = targetSgName, VpcId = sSG.VpcId }; var cResp = await client.CreateSecurityGroupAsync(cReq); AssignNameToResource(cResp.GroupId, targetSgName); } } }
public async Task <IActionResult> Post(IpModel model) { if (model == null) { return(BadRequest(new { Success = false, Message = "Invalid model." })); } if (!Request.Headers.ContainsKey("Api-Secret")) { return(BadRequest(new { success = false, message = "Missing Secret header" })); } var values = Request.Headers["Api-Secret"]; var apiSecret = Environment.GetEnvironmentVariable("AWSHELPER_API_SECRET"); if (values.FirstOrDefault(x => x == apiSecret) == null) { return(Unauthorized(new { success = false, message = "Invalid secret header" })); } if (string.IsNullOrEmpty(model.Name) || string.IsNullOrWhiteSpace(model.Name)) { return(BadRequest(new { Success = false, Message = "Invalid name" })); } var namePrefix = Environment.GetEnvironmentVariable("AWSHELPER_NAME_PREFIX"); var groupId = Environment.GetEnvironmentVariable("AWSHELPER_GROUP_ID"); var accessId = Environment.GetEnvironmentVariable("AWSHELPER_ACCESS_ID"); var accessSecret = Environment.GetEnvironmentVariable("AWSHELPER_ACCESS_SECRET"); var endpoint = RegionEndpoint.GetBySystemName(Environment.GetEnvironmentVariable("AWSHELPER_REGION")); var client = new AmazonEC2Client(accessId, accessSecret, endpoint); var req = new DescribeSecurityGroupsRequest(); req.GroupIds.Add(groupId); var request = new UpdateSecurityGroupRuleDescriptionsIngressRequest { GroupId = groupId }; try { var secGroupRequest = new DescribeSecurityGroupsRequest(); secGroupRequest.GroupIds.Add(groupId); var get = await client.DescribeSecurityGroupsAsync(secGroupRequest); var securityGroup = get.SecurityGroups.FirstOrDefault(); if (securityGroup == null) { return(BadRequest(new { Success = false, Message = "Security group not found." })); } var description = $"{namePrefix}{model.Name}"; var ipRangeListRemoved = new List <IpRange>(); var ipRangeListAdded = new List <IpRange>(); foreach (var permission in securityGroup.IpPermissions) { foreach (var ipRange in permission.Ipv4Ranges) { if (description.Equals(ipRange.Description) && permission.ToPort == model.Port) { ipRangeListRemoved.Add(ipRange); } } permission.Ipv4Ranges.RemoveAll(x => ipRangeListRemoved.Contains(x)); } if (ipRangeListRemoved.Any()) { var revokeRequest = new RevokeSecurityGroupIngressRequest(); revokeRequest.GroupId = groupId; revokeRequest.IpPermissions.Add(new IpPermission { FromPort = model.Port, IpProtocol = model.Protocol, ToPort = model.Port, Ipv4Ranges = new List <IpRange>(ipRangeListRemoved) }); await client.RevokeSecurityGroupIngressAsync(revokeRequest); } var authorizeRequest = new AuthorizeSecurityGroupIngressRequest(); authorizeRequest.GroupId = groupId; var authorizeIpRange = new IpRange { CidrIp = $"{model.Ip}/32", Description = description }; authorizeRequest.IpPermissions.Add(new IpPermission { FromPort = model.Port, IpProtocol = model.Protocol, ToPort = model.Port, Ipv4Ranges = new List <IpRange> { authorizeIpRange } }); var authorizeResult = await client.AuthorizeSecurityGroupIngressAsync(authorizeRequest); return(Ok(new { Success = true, Message = "Action completed." })); } catch (Exception ex) { return(BadRequest(new { Success = false, Message = ex.Message })); } }