/// <summary> /// The AuthorizeSecurityGroupIngress operation adds permissions to a security /// group. /// Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of /// the request (by IP range or an Amazon EC2 user-group pair), the source and /// destination port ranges (for TCP and UDP), and the ICMP codes and types (for /// ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code /// fields. /// Permission changes are propagated to instances within the security group as /// quickly as possible. However, depending on the number of instances, a small /// delay might occur. /// When authorizing a user/group pair permission, GroupName, /// SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When /// authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and /// CidrIp must be specified. Mixing these two types of parameters is not allowed. /// /// </summary> /// <param name="service">Instance of AmazonEC2 service</param> /// <param name="request">AuthorizeSecurityGroupIngressRequest request</param> public static void InvokeAuthorizeSecurityGroupIngress(AmazonEC2 service, AuthorizeSecurityGroupIngressRequest request) { try { AuthorizeSecurityGroupIngressResponse response = service.AuthorizeSecurityGroupIngress(request); Console.WriteLine ("Service Response"); Console.WriteLine ("============================================================================="); Console.WriteLine (); Console.WriteLine(" AuthorizeSecurityGroupIngressResponse"); if (response.IsSetResponseMetadata()) { Console.WriteLine(" ResponseMetadata"); ResponseMetadata responseMetadata = response.ResponseMetadata; if (responseMetadata.IsSetRequestId()) { Console.WriteLine(" RequestId"); Console.WriteLine(" {0}", responseMetadata.RequestId); } } } catch (AmazonEC2Exception ex) { Console.WriteLine("Caught Exception: " + ex.Message); Console.WriteLine("Response Status Code: " + ex.StatusCode); Console.WriteLine("Error Code: " + ex.ErrorCode); Console.WriteLine("Error Type: " + ex.ErrorType); Console.WriteLine("Request ID: " + ex.RequestId); Console.WriteLine("XML: " + ex.XML); } }
private async Task AddInboundRules(String groupId) { var request = new AuthorizeSecurityGroupIngressRequest { GroupId = groupId, IpPermissions = { new IpPermission { FromPort = -1, IpProtocol = "-1" } } }; await _client.AuthorizeSecurityGroupIngressAsync(request); }
public object Execute(ExecutorContext context) { var cmdletContext = context as CmdletContext; // create request var request = new Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest(); if (cmdletContext.GroupId != null) { request.GroupId = cmdletContext.GroupId; } if (cmdletContext.GroupName != null) { request.GroupName = cmdletContext.GroupName; } if (cmdletContext.IpPermission != null) { request.IpPermissions = cmdletContext.IpPermission; } if (cmdletContext.TagSpecification != null) { request.TagSpecifications = cmdletContext.TagSpecification; } CmdletOutput output; // issue call var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint); try { var response = CallAWSServiceOperation(client, request); object pipelineOutput = null; pipelineOutput = cmdletContext.Select(response, this); output = new CmdletOutput { PipelineOutput = pipelineOutput, ServiceResponse = response }; } catch (Exception e) { output = new CmdletOutput { ErrorResponse = e }; } return(output); }
/// <summary> /// <para>Adds one or more ingress rules to a security group.</para> <para><b>IMPORTANT:</b> EC2-Classic: You can have up to 100 rules per /// group. EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules). </para> <para>Rule changes are propagated to /// instances within the security group as quickly as possible. However, a small delay might occur.</para> <para>[EC2-Classic] This action gives /// one or more CIDR IP address ranges permission to access a security group in your account, or gives one or more security groups (called the /// <i>source groups</i> ) permission to access a security group for your account. A source group can be for your own AWS account, or /// another.</para> <para>[EC2-VPC] This action gives one or more CIDR IP address ranges permission to access a security group in your VPC, or /// gives one or more other security groups (called the <i>source groups</i> ) permission to access a security group for your VPC. The security /// groups must all be for the same VPC.</para> /// </summary> /// /// <param name="authorizeSecurityGroupIngressRequest">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress /// service method on AmazonEC2.</param> /// public AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest) { IAsyncResult asyncResult = invokeAuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest, null, null, true); return EndAuthorizeSecurityGroupIngress(asyncResult); }
IAsyncResult invokeAuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest, AsyncCallback callback, object state, bool synchronized) { IRequest irequest = new AuthorizeSecurityGroupIngressRequestMarshaller().Marshall(authorizeSecurityGroupIngressRequest); var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.GetInstance(); AsyncResult result = new AsyncResult(irequest, callback, state, synchronized, signer, unmarshaller); Invoke(result); return result; }
private Amazon.EC2.Model.AuthorizeSecurityGroupIngressResponse CallAWSServiceOperation(IAmazonEC2 client, Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "Amazon Elastic Compute Cloud (EC2)", "AuthorizeSecurityGroupIngress"); try { #if DESKTOP return(client.AuthorizeSecurityGroupIngress(request)); #elif CORECLR return(client.AuthorizeSecurityGroupIngressAsync(request).GetAwaiter().GetResult()); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } }
/// <summary> /// <para>Adds one or more ingress rules to a security group.</para> <para><b>IMPORTANT:</b> EC2-Classic: You can have up to 100 rules per /// group. EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules). </para> <para>Rule changes are propagated to /// instances within the security group as quickly as possible. However, a small delay might occur.</para> <para>[EC2-Classic] This action gives /// one or more CIDR IP address ranges permission to access a security group in your account, or gives one or more security groups (called the /// <i>source groups</i> ) permission to access a security group for your account. A source group can be for your own AWS account, or /// another.</para> <para>[EC2-VPC] This action gives one or more CIDR IP address ranges permission to access a security group in your VPC, or /// gives one or more other security groups (called the <i>source groups</i> ) permission to access a security group for your VPC. The security /// groups must all be for the same VPC.</para> /// </summary> /// /// <param name="authorizeSecurityGroupIngressRequest">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress /// service method on AmazonEC2.</param> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> public Task<AuthorizeSecurityGroupIngressResponse> AuthorizeSecurityGroupIngressAsync(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest, CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller(); var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.GetInstance(); return Invoke<IRequest, AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResponse>(authorizeSecurityGroupIngressRequest, marshaller, unmarshaller, signer, cancellationToken); }
internal AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request) { var task = AuthorizeSecurityGroupIngressAsync(request); try { return task.Result; } catch(AggregateException e) { ExceptionDispatchInfo.Capture(e.InnerException).Throw(); return null; } }
public async Task AuthorizeIngressAsync(IEnumerable<PortRangeDescription> portRanges) { if (portRanges.Count() == 0) return; this.Logger.Log("Allowing inbound access on {0}", string.Join(", ", portRanges)); var ingressRequest = new AuthorizeSecurityGroupIngressRequest() { GroupName = this.SecurityGroupName, IpPermissions = portRanges.Select(x => new IpPermission() { IpProtocol = x.Proto, FromPort = x.FromPort, ToPort = x.ToPort, IpRanges = new List<string>() { "0.0.0.0/0" }, }).ToList(), }; try { await this.Client.AuthorizeSecurityGroupIngressAsync(ingressRequest); } catch (AmazonEC2Exception e) { // Duplicate port settings are just fine if (e.ErrorCode != "InvalidPermission.Duplicate") throw; } this.Logger.Log("Inbound access authorised"); }
/// <summary> /// Adds one or more ingress rules to a security group. /// /// <important> /// <para> /// EC2-Classic: You can have up to 100 rules per group. /// </para> /// /// <para> /// EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules). /// </para> /// </important> /// <para> /// Rule changes are propagated to instances within the security group as quickly as possible. /// However, a small delay might occur. /// </para> /// /// <para> /// [EC2-Classic] This action gives one or more CIDR IP address ranges permission to access /// a security group in your account, or gives one or more security groups (called the /// <i>source groups</i>) permission to access a security group for your account. A source /// group can be for your own AWS account, or another. /// </para> /// /// <para> /// [EC2-VPC] This action gives one or more CIDR IP address ranges permission to access /// a security group in your VPC, or gives one or more other security groups (called the /// <i>source groups</i>) permission to access a security group for your VPC. The security /// groups must all be for the same VPC. /// </para> /// </summary> /// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress service method.</param> /// /// <returns>The response from the AuthorizeSecurityGroupIngress service method, as returned by EC2.</returns> public AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request) { var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller(); var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.Instance; return Invoke<AuthorizeSecurityGroupIngressRequest,AuthorizeSecurityGroupIngressResponse>(request, marshaller, unmarshaller); }
protected override void ProcessRecord() { AmazonEC2 client = base.GetClient(); Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest request = new Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest(); request.UserId = this._UserId; request.GroupName = this._GroupName; request.SourceSecurityGroupName = this._SourceSecurityGroupName; request.SourceSecurityGroupOwnerId = this._SourceSecurityGroupOwnerId; request.IpProtocol = this._IpProtocol; request.FromPort = this._FromPort; request.ToPort = this._ToPort; request.CidrIp = this._CidrIp; Amazon.EC2.Model.AuthorizeSecurityGroupIngressResponse response = client.AuthorizeSecurityGroupIngress(request); }
public void SetSecurityGroupRules(string groupId, List<IpPermission> ipPermissions) { var request = new AuthorizeSecurityGroupIngressRequest { GroupId = groupId, IpPermissions = ipPermissions }; _ec2Client.AuthorizeSecurityGroupIngress(request); }
public string CreateSecurityGroup(string vpcId, string boostrapId) { string secGroupName = SEC_GROUP_PREFIX + boostrapId; if (SecurityGroupExist(secGroupName)) { DeleteSecurityGroup(secGroupName); } var newGroupRequest = new CreateSecurityGroupRequest() { GroupName = secGroupName, Description = "Security Group for ConDep integration tests", VpcId = vpcId, }; var newGroupResponse = _client.CreateSecurityGroup(newGroupRequest); var publicIp = GetPublicIp() + "/32"; var ruleRequest = new AuthorizeSecurityGroupIngressRequest() { GroupId = newGroupResponse.GroupId, IpPermissions = new List<IpPermission> { new IpPermission { FromPort = 0, ToPort = 65535, IpProtocol = "tcp", IpRanges = new List<string> { publicIp } }, new IpPermission { FromPort = -1, ToPort = -1, IpProtocol = "icmp", IpRanges = new List<string> { publicIp } }, new IpPermission { FromPort = 1024, ToPort = 65535, IpProtocol = "tcp", IpRanges = new List<string> { "0.0.0.0/0" } } } }; _client.AuthorizeSecurityGroupIngress(ruleRequest); return newGroupResponse.GroupId; }
private static string CreateSecurityGroup(IAmazonEC2 client, string vpcId, string groupName) { // Create a new empty group var newSgRequest = new CreateSecurityGroupRequest() { GroupName = groupName, Description = "Security group for AWS Talk", VpcId = vpcId }; // Get a handle to the newly created group var newSgResponse = client.CreateSecurityGroup(newSgRequest); var groups = new List<string>() { newSgResponse.GroupId }; var createdSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = groups }; var createdSgResponse = client.DescribeSecurityGroups(createdSgRequest); SecurityGroup theNewGroup = createdSgResponse.SecurityGroups[0]; // Add permissions to the group var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = theNewGroup.GroupId; ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 3389, ToPort = 3389, IpRanges = new List<string>() { "0.0.0.0/0" } }); // RDP ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 9999, ToPort = 9999, IpRanges = new List<string>() { "0.0.0.0/0" } }); // Worker API client.AuthorizeSecurityGroupIngress(ingressRequest); return newSgResponse.GroupId; }
private void createSecurityGroup() { try { CreateSecurityGroupRequest requestSecurirtyGroup = new CreateSecurityGroupRequest(); requestSecurirtyGroup.GroupName = _securityGroups; requestSecurirtyGroup.GroupDescription = jwSecurityGroupDescription; CreateSecurityGroupResponse responseSecurityGroup = _service.CreateSecurityGroup(requestSecurirtyGroup); AuthorizeSecurityGroupIngressRequest requestAuthz = new AuthorizeSecurityGroupIngressRequest(); requestAuthz.GroupName = _securityGroups; requestAuthz.IpProtocol = "tcp"; requestAuthz.CidrIp = "0.0.0.0/0"; decimal[] ports = { 80, 443, 1443, 3389 }; foreach (decimal port in ports) { requestAuthz.FromPort = port; requestAuthz.ToPort = port; AuthorizeSecurityGroupIngressResponse responseAuthz = _service.AuthorizeSecurityGroupIngress(requestAuthz); } } catch (AmazonEC2Exception ex) { throw new Exception("Caught Exception: " + ex.XML); } }
/// <summary> /// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation. /// <seealso cref="Amazon.EC2.IAmazonEC2.AuthorizeSecurityGroupIngress"/> /// </summary> /// /// <param name="authorizeSecurityGroupIngressRequest">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress /// operation on AmazonEC2.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param> /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> public IAsyncResult BeginAuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest, AsyncCallback callback, object state) { return invokeAuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest, callback, state, false); }
/// <summary> /// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress operation on AmazonEC2Client.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param> /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> /// /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndAuthorizeSecurityGroupIngress /// operation.</returns> public IAsyncResult BeginAuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request, AsyncCallback callback, object state) { var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller(); var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.Instance; return BeginInvoke<AuthorizeSecurityGroupIngressRequest>(request, marshaller, unmarshaller, callback, state); }
/// <summary> /// <para> The AuthorizeSecurityGroupIngress operation adds permissions to a security group. </para> <para> Permissions are specified by the IP /// protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port /// ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, <c>-1</c> can be used as a wildcard in the type /// and code fields. </para> <para> Permission changes are propagated to instances within the security group as quickly as possible. However, /// depending on the number of instances, a small delay might occur. </para> /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress /// service method on AmazonEC2.</param> public AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request) { var task = AuthorizeSecurityGroupIngressAsync(request); try { return task.Result; } catch(AggregateException e) { throw e.InnerException; } }
/// <summary> /// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress operation.</param> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> /// <returns>The task object representing the asynchronous operation.</returns> public Task<AuthorizeSecurityGroupIngressResponse> AuthorizeSecurityGroupIngressAsync(AuthorizeSecurityGroupIngressRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller(); var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.Instance; return InvokeAsync<AuthorizeSecurityGroupIngressRequest,AuthorizeSecurityGroupIngressResponse>(request, marshaller, unmarshaller, cancellationToken); }
/// <summary> /// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation. /// <seealso cref="Amazon.EC2.IAmazonEC2.AuthorizeSecurityGroupIngress"/> /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress operation.</param> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> /// <returns>The task object representing the asynchronous operation.</returns> public async Task<AuthorizeSecurityGroupIngressResponse> AuthorizeSecurityGroupIngressAsync(AuthorizeSecurityGroupIngressRequest request, CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller(); var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.GetInstance(); var response = await Invoke<IRequest, AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResponse>(request, marshaller, unmarshaller, signer, cancellationToken) .ConfigureAwait(continueOnCapturedContext: false); return response; }