static void ProcessEC2SecurityGroupIngressFromTemplate(dynamic input, CFStack stack) { EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress(); var rule = input.Value["Properties"]; //FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp) sgi.IpProtocol = FormatProtocol(rule.IpProtocol.ToString()); //------------------------------------------------------------------- //FormatPortRange - Port range could be 0-0 -1-1 0-65535 string from = ""; string to = ""; FormatPortRange(rule.FromPort.ToString(), rule.ToPort.ToString(), out from, out to); sgi.FromPort = from; sgi.ToPort = to; //------------------------------------------------------------------- sgi.CidrIp = rule.CidrIp; if (rule.SourceSecurityGroupId != null) { if (rule.SourceSecurityGroupId != null) { var Ids = rule.SourceSecurityGroupId; if (Ids.Value == null) { foreach (var Id in Ids) { sgi.SourceSecurityGroupId = Id.Value; } } else { sgi.SourceSecurityGroupId = Ids.Value; } } } if (rule.GroupId != null) { sgi.GroupName = rule.GroupId["Ref"].Value; EC2SecurityGroup x = stack.Resources.Find(n => n != null && n.LogicalId == rule.GroupId["Ref"].Value); if (x != null) { x.Properties.SecurityGroupIngress.Add(sgi); } else { //TODO //Either remember and process orphaned ingress rule //Or write out to error log. MessageBox.Show("Error", "Did not find security group " + sgi.GroupName + " to add ingress rule to", MessageBoxButtons.OK, MessageBoxIcon.Error); } } }
public static void ProcessEC2SecurityGroupFromAWS(StackResourceSummary resource, CFStack stack, AmazonEC2Client ec2Client, Dictionary <string, string> secGroupMap, string stackName) { DescribeSecurityGroupsRequest secGroupRequest = new DescribeSecurityGroupsRequest(); //Set request to use Phisical Id secGroupRequest.GroupIds = new List <string> { resource.PhysicalResourceId }; //Attempt to get security group using physical Id DescribeSecurityGroupsResponse response = GetSecurityGroup(ec2Client, secGroupRequest); if (response == null) { //Set request to use Logical Id and Stack Name Tags secGroupRequest.GroupIds.Clear(); List <Filter> f = new List <Filter>(); f.Add(new Filter { Name = "tag:aws:cloudformation:logical-id", Values = new List <string>() { resource.LogicalResourceId } }); f.Add(new Filter { Name = "tag:aws:cloudformation:stack-name", Values = new List <string>() { stackName } }); secGroupRequest.Filters = f; //Attempt to get security group using logical Id response = GetSecurityGroup(ec2Client, secGroupRequest); } if (response == null | response.SecurityGroups.Count == 0) { return; } foreach (SecurityGroup group in response.SecurityGroups) { EC2SecurityGroup sg = new EC2SecurityGroup(); sg.LogicalId = resource.LogicalResourceId; if (log) { Utils.WriteToFile(logFile, "AWS SG: " + sg.LogicalId.ToString(), true); } sg.Type = "AWS::EC2::SecurityGroup"; sg.Properties.GroupDescription = group.Description; sg.Properties.VpcId = group.VpcId; foreach (IpPermission perms in group.IpPermissions) { for (int i = 0; i < perms.IpRanges.Count; i++) { EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress(); //FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp) sgi.IpProtocol = FormatProtocol(perms.IpProtocol); //-------------------------------------------------------------------- //FormatPortRange - Port range could be 0-0 -1-1 0-65535 string from = ""; string to = ""; FormatPortRange(perms.FromPort.ToString(), perms.ToPort.ToString(), out from, out to); sgi.FromPort = from; sgi.ToPort = to; //------------------------------------------------------ sgi.CidrIp = perms.IpRanges[i]; sg.Properties.SecurityGroupIngress.Add(sgi); if (log) { Utils.WriteToFile(logFile, " Protocol: " + perms.IpProtocol + " | From: " + perms.FromPort.ToString() + " To: " + perms.ToPort.ToString(), true); } } for (int i = 0; i < perms.UserIdGroupPairs.Count; i++) { EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress(); //FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp) sgi.IpProtocol = FormatProtocol(perms.IpProtocol); //-------------------------------------------------------------------- //FormatPortRange - Port range could be 0-0 -1-1 0-65535 string from = ""; string to = ""; FormatPortRange(perms.FromPort.ToString(), perms.ToPort.ToString(), out from, out to); sgi.FromPort = from; sgi.ToPort = to; //------------------------------------------------------- sg.Properties.SecurityGroupIngress.Add(sgi); string groupName; if (secGroupMap.TryGetValue(perms.UserIdGroupPairs[i].GroupId, out groupName)) { sgi.SourceSecurityGroupId = groupName; } else { sgi.SourceSecurityGroupId = perms.UserIdGroupPairs[i].GroupId; } if (log) { Utils.WriteToFile(logFile, " Protocol: " + perms.IpProtocol + " | From: " + perms.FromPort.ToString() + " To: " + perms.ToPort.ToString(), true); } } } stack.Resources.Add(sg); } }
static void ProcessEC2SecurityGroupFromTemplate(dynamic input, CFStack stack) { EC2SecurityGroup sg = new EC2SecurityGroup(); sg.LogicalId = input.Name; sg.Type = "AWS::EC2::SecurityGroup"; var props = input.Value["Properties"]; foreach (var prop in props) { //Attempt to deal with values that are calculated using CloudFormation functions like Join. if (prop.Value.ToString().Contains("Fn::")) { prop.Value = "Calulated value"; } switch ((string)prop.Name) { case "GroupDescription": sg.Properties.GroupDescription = prop.Value.ToString(); break; case "VpcId": var a = prop.Value; sg.Properties.VpcId = a.Value; break; case "Tags": break; case "SecurityGroupIngress": var ingressRules = prop.Value; foreach (var rule in ingressRules) { EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress(); //FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp) sgi.IpProtocol = FormatProtocol(rule.IpProtocol.ToString()); //------------------------------------------------------------------- //FormatPortRange - Port range could be 0-0 -1-1 0-65535 string from = ""; string to = ""; FormatPortRange(rule.FromPort.ToString(), rule.ToPort.ToString(), out from, out to); sgi.FromPort = from; sgi.ToPort = to; //------------------------------------------------------- sgi.CidrIp = rule.CidrIp; if (rule.SourceSecurityGroupId != null) { var Ids = rule.SourceSecurityGroupId; foreach (var Id in Ids) { sgi.SourceSecurityGroupId = Id.Value; } } sg.Properties.SecurityGroupIngress.Add(sgi); } break; } } stack.Resources.Add(sg); }