public static void AddIPAddressToSecurityGroup() { var ec2Client = new AmazonEC2Client(); //Create and Initialize IpPermission Object var ipPermission = new IpPermission() { IpProtocol = "tcp", FromPort = 3389, //RDP port ToPort = 3389 }; ipPermission.IpRanges.Add(getExternalIp() + "/32"); //Create and initialize AuthorizeSecurityGroupIngress var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = ConfigurationManager.AppSettings["AWSSecurityGroupID"]; ingressRequest.IpPermissions.Add(ipPermission); try { //Authorize Ingress AuthorizeSecurityGroupIngressResponse ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); Console.WriteLine("IP address added to security group"); } catch (Amazon.EC2.AmazonEC2Exception e) { Console.WriteLine("** IP Address already exists in the security group. **"); //Console.WriteLine("Error:" + e); } }
internal void AuthorizeSecurityGroupIngress(string securityGroupName) { try { AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest() { SecurityGroupName = securityGroupName, Protocol = ProtocolType.Tcp.ToString(), StartPort = 80, EndPort = 80, CidrList = new[] { "0.0.0.0/0" }.ToList() }; _client.AuthorizeSecurityGroupIngress(request); request = new AuthorizeSecurityGroupIngressRequest() { SecurityGroupName = "TestSecurityGroup", Protocol = ProtocolType.Tcp.ToString(), StartPort = 22, EndPort = 22, CidrList = new[] { "0.0.0.0/0" }.ToList() }; _client.AuthorizeSecurityGroupIngress(request); } catch (Exception e) { WriteLog("Exception during AuthorizeSecurityGroupIngress {0}", e); } }
private void createSecurityGroup() { try { CreateSecurityGroupRequest requestSecurirtyGroup = new CreateSecurityGroupRequest(); requestSecurirtyGroup.GroupName = _securityGroups; requestSecurirtyGroup.GroupDescription = jwSecurityGroupDescription; CreateSecurityGroupResponse responseSecurityGroup = _service.CreateSecurityGroup(requestSecurirtyGroup); AuthorizeSecurityGroupIngressRequest requestAuthz = new AuthorizeSecurityGroupIngressRequest(); requestAuthz.GroupName = _securityGroups; requestAuthz.IpProtocol = "tcp"; requestAuthz.CidrIp = "0.0.0.0/0"; decimal[] ports = { 80, 443, 1443, 3389 }; foreach (decimal port in ports) { requestAuthz.FromPort = port; requestAuthz.ToPort = port; AuthorizeSecurityGroupIngressResponse responseAuthz = _service.AuthorizeSecurityGroupIngress(requestAuthz); } } catch (AmazonEC2Exception ex) { throw new Exception("Caught Exception: " + ex.XML); } }
public void AddIngressPermission(IpPermission permission) { var request = new AuthorizeSecurityGroupIngressRequest { GroupId = GetSecurityGroup().GroupId, IpPermissions = { permission } }; try { client.AuthorizeSecurityGroupIngress(request); } catch (AmazonEC2Exception e) { // If the ingress rule already exists then don't complain. The // user might have created it manually or they deleted their // .last-config or .last-ip files. if (e.ErrorCode.Equals("InvalidPermission.Duplicate")) { logger.Warn("Tried to create a duplicate ingress rule for group " + request.GroupId); return; } throw; } }
public void SetSecurityGroupRules(string groupId, List <IpPermission> ipPermissions) { var request = new AuthorizeSecurityGroupIngressRequest { GroupId = groupId, IpPermissions = ipPermissions }; _ec2Client.AuthorizeSecurityGroupIngress(request); }
private static void ManageSecurityGroups() { IAmazonEC2 ec2 = new Amazon.EC2.AmazonEC2Client(); var sgResponse = ec2.DescribeSecurityGroups(); string ipRange = "22.22.22.22/0"; List <string> ranges = new List <string>() { ipRange }; var ipPermission = new IpPermission(); ipPermission.IpProtocol = "tcp"; ipPermission.FromPort = 3333; ipPermission.ToPort = 3333; ipPermission.IpRanges = ranges; var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.IpPermissions.Add(ipPermission); var revokeRequest = new RevokeSecurityGroupIngressRequest(); revokeRequest.IpPermissions.Add(ipPermission); foreach (var sg in sgResponse.SecurityGroups) { try { if (new Random().Next(2) == 1) { ingressRequest.GroupId = sg.GroupId; var ingressResponse = ec2.AuthorizeSecurityGroupIngress(ingressRequest); } else { revokeRequest.GroupId = sg.GroupId; ec2.RevokeSecurityGroupIngress(revokeRequest); } //Console.WriteLine("New RDP rule for: " + ipRange); } catch (AmazonEC2Exception ex) { // Check the ErrorCode to see if the rule already exists. if ("InvalidPermission.Duplicate" == ex.ErrorCode) { //Console.WriteLine("An RDP rule for: {0} already exists.", ipRange); } else { // The exception was thrown for another reason, so re-throw the exception. //throw; } } } }
static async Task Authorize(IAmazonEC2 ec2Client, IpPermission ipPermission, string securityGroupId) { logger.LogInformation("Authorize {}: {}", securityGroupId, IpPermissionToString(ipPermission)); var authorizeIngressRequest = new AuthorizeSecurityGroupIngressRequest(); authorizeIngressRequest.GroupId = securityGroupId; authorizeIngressRequest.IpPermissions.Add(ipPermission); var ingressResponse = await ec2Client.AuthorizeSecurityGroupIngressAsync(authorizeIngressRequest); logger.LogDebug("Authorize response code {}", ingressResponse.HttpStatusCode); }
public SecurityGroup CreateSecurityGroup() { //Setup a new security group var newSGRequest = new CreateSecurityGroupRequest() { GroupName = Configuration.SecurityGroupName, Description = Configuration.SecurityGroupDescription, VpcId = Configuration.VpcId }; var csgResponse = EC2Client.CreateSecurityGroup(newSGRequest); Console.WriteLine("Created new security group: " + csgResponse.GroupId); //Get the new security group var newSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = new[] { csgResponse.GroupId }.ToList() }; var newSgResponse = EC2Client.DescribeSecurityGroups(newSgRequest); var securityGroup = newSgResponse.SecurityGroups[0]; //Setup permissions for the security group var ipRanges = Configuration.SecurityGroupIpRanges.Split(',').ToList(); var permissions = Configuration.SecurityGroupIpPermissions.Split(','); var ipPermissions = permissions.Select(p => { var protocol = p.Substring(0, 3); var port = int.Parse(p.Substring(3)); return(new IpPermission() { IpProtocol = protocol, FromPort = port, ToPort = port, IpRanges = ipRanges }); }); //Set the permissions on the security group var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = securityGroup.GroupId; ingressRequest.IpPermissions = ipPermissions.ToList(); var ingressResponse = EC2Client.AuthorizeSecurityGroupIngress(ingressRequest); Console.WriteLine("Added permissions to security group: " + ingressResponse.HttpStatusCode); return(securityGroup); }
private async Task AddInboundRules(String groupId) { var request = new AuthorizeSecurityGroupIngressRequest { GroupId = groupId, IpPermissions = { new IpPermission { FromPort = -1, IpProtocol = "-1" } } }; await _client.AuthorizeSecurityGroupIngressAsync(request); }
private static string CreateSecurityGroup(IAmazonEC2 client, string vpcId, string groupName) { // Create a new empty group var newSgRequest = new CreateSecurityGroupRequest() { GroupName = groupName, Description = "Security group for AWS Talk", VpcId = vpcId }; // Get a handle to the newly created group var newSgResponse = client.CreateSecurityGroup(newSgRequest); var groups = new List <string>() { newSgResponse.GroupId }; var createdSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = groups }; var createdSgResponse = client.DescribeSecurityGroups(createdSgRequest); SecurityGroup theNewGroup = createdSgResponse.SecurityGroups[0]; // Add permissions to the group var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = theNewGroup.GroupId; ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 3389, ToPort = 3389, IpRanges = new List <string>() { "0.0.0.0/0" } }); // RDP ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 9999, ToPort = 9999, IpRanges = new List <string>() { "0.0.0.0/0" } }); // Worker API client.AuthorizeSecurityGroupIngress(ingressRequest); return(newSgResponse.GroupId); }
SecurityGroup AddSGIPrermissions(IAmazonEC2 ec2, SecurityGroup SG) { string ipRange = "0.0.0.0/0"; List <string> ranges = new List <string>() { ipRange }; var ipPermission1 = new IpPermission(); ipPermission1.IpProtocol = "tcp"; ipPermission1.FromPort = 22; ipPermission1.ToPort = 22; ipPermission1.IpRanges = ranges; var ipPermission2 = new IpPermission(); ipPermission2.IpProtocol = "tcp"; ipPermission2.FromPort = 3389; ipPermission2.ToPort = 3389; ipPermission2.IpRanges = ranges; // MessageBox.Show(SG.GroupId); // foreach ( IpPermission ipper in SG.IpPermissions) // { // ipper.FromPort // // } try { SG.IpPermissions.Add(ipPermission1); SG.IpPermissions.Add(ipPermission2); AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest = new AuthorizeSecurityGroupIngressRequest(); authorizeSecurityGroupIngressRequest.GroupId = SG.GroupId; //authorizeSecurityGroupIngressRequest.GroupName = MySG.GroupName; authorizeSecurityGroupIngressRequest.IpPermissions.Add(ipPermission1); authorizeSecurityGroupIngressRequest.IpPermissions.Add(ipPermission2); ec2.AuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest); } catch (Exception ex) { } return(SG); }
public void AddRuleToEc2SecurityGroup(String ipRange = "1.1.1.1/1", String ipProtocol = "tcp", int fromPort = 3389, int toPort = 3389 , string secGroupName = DefaultSecurityGroup) { List <string> ranges = new List <string>() { ipRange }; var ipPermission = new IpPermission(); ipPermission.IpProtocol = ipProtocol; ipPermission.FromPort = fromPort; ipPermission.ToPort = toPort; ipPermission.IpRanges = ranges; var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = secGroupName; ingressRequest.IpPermissions.Add(ipPermission); var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); }
public async Task AuthorizeIngressAsync(IEnumerable <PortRangeDescription> portRanges) { if (portRanges.Count() == 0) { return; } this.Logger.Log("Allowing inbound access on {0}", string.Join(", ", portRanges)); var ingressRequest = new AuthorizeSecurityGroupIngressRequest() { GroupName = this.SecurityGroupName, IpPermissions = portRanges.Select(x => new IpPermission() { IpProtocol = x.Proto, FromPort = x.FromPort, ToPort = x.ToPort, IpRanges = new List <string>() { "0.0.0.0/0" }, }).ToList(), }; try { await this.Client.AuthorizeSecurityGroupIngressAsync(ingressRequest); } catch (AmazonEC2Exception e) { // Duplicate port settings are just fine if (e.ErrorCode != "InvalidPermission.Duplicate") { throw; } } this.Logger.Log("Inbound access authorised"); }
private static async Task GrantAccess(Permission permission, Region region) { //Specify a credentials var aws = new AmazonEC2Client("", "", RegionEndpoint.EUWest1); var batchCount = 0; foreach (var ipRangeBatch in region.IpRange.Batch(50)) { var securityGroupCreateRequest = new CreateSecurityGroupRequest { //Specify a VPC VpcId = "", GroupName = $"Azure {permission.Name} {batchCount}", Description = $"An auto generated security group to allow azure {region.Name} datacenters access to {permission.Name}" }; var securityGroupCreateResponse = await aws.CreateSecurityGroupAsync(securityGroupCreateRequest); var ingressRequest = new AuthorizeSecurityGroupIngressRequest { GroupId = securityGroupCreateResponse.GroupId, IpPermissions = ipRangeBatch.Select(ip => new IpPermission { IpProtocol = permission.IpProtocol, FromPort = permission.FromPort, ToPort = permission.ToPort, IpRanges = new List <string> { ip.Subnet } }).ToList() }; var ingressResponse = await aws.AuthorizeSecurityGroupIngressAsync(ingressRequest); batchCount++; } }
public static async Task OpenInboundPort(AmazonEC2Client ec2Client, int port, string protocol, string securityGroupName) { var ipPermission = new IpPermission { FromPort = port, ToPort = port, IpProtocol = protocol, Ipv4Ranges = new List <IpRange> { new IpRange { CidrIp = "0.0.0.0/0" } } }; var ipPermissions = new List <IpPermission> { ipPermission }; var request = new AuthorizeSecurityGroupIngressRequest { GroupName = securityGroupName, IpPermissions = ipPermissions }; var response = await ec2Client.AuthorizeSecurityGroupIngressAsync(request); }
public bool load_security_group_id() { write_log(region + " のセキュリティグループを確認しています。"); try { var client = get_client(); var query_req = new DescribeSecurityGroupsRequest(); query_req.Filters.Add(new Filter() { Name = "tag-value", Values = new List <string>() { Helper.build_name(setting_, "sg") } }); var query_res = client.DescribeSecurityGroups(query_req); write_log("自 IPAddress を確認しています。"); string ipaddress = Helper.get_remote_ipaddress() + "/32"; if (query_res.SecurityGroups.Count != 0) { security_group_id = query_res.SecurityGroups[0].GroupId; foreach (var row in query_res.SecurityGroups[0].IpPermissions) { foreach (var row2 in row.IpRanges) { if (row2.Equals(ipaddress)) { write_log(region + " のセキュリティグループは " + security_group_id + " です"); return(true); } } } } else { write_log(region + " にセキュリティグループを作成しています。"); var create_req = new CreateSecurityGroupRequest(); create_req.VpcId = vpc_id; create_req.GroupName = "ingress_ssh-sg"; create_req.Description = "from specific ipaddress."; var create_res = client.CreateSecurityGroup(create_req); security_group_id = create_res.GroupId; set_name_tag(client, security_group_id, Helper.build_name(setting_, "sg")); write_log("セキュリティグループ " + security_group_id + " を作成しました。"); } write_log("セキュリティグループ " + security_group_id + " に " + ipaddress + " を関連付けます。"); IpPermission ipPermission_22 = new IpPermission(); ipPermission_22.ToPort = 22; ipPermission_22.FromPort = 22; ipPermission_22.IpProtocol = "6"; ipPermission_22.IpRanges.Add(ipaddress); IpPermission ipPermission_53556 = new IpPermission(); ipPermission_53556.ToPort = 53556; ipPermission_53556.FromPort = 53556; ipPermission_53556.IpProtocol = "6"; ipPermission_53556.IpRanges.Add(ipaddress); var authorize_req = new AuthorizeSecurityGroupIngressRequest(); authorize_req.GroupId = security_group_id; authorize_req.IpPermissions = new List <IpPermission>() { ipPermission_22, ipPermission_53556 }; client.AuthorizeSecurityGroupIngress(authorize_req); set_name_tag(client, security_group_id, Helper.build_name(setting_, "sg")); write_log("セキュリティグループ " + security_group_id + " を作成しました。"); } catch (Exception ex) { write_log("ERROR: " + ex.ToString()); return(false); } return(true); }
/// <summary> /// Authorize Security Group Ingress /// </summary> /// <param name="request">Authorize Security Group Ingress request</param> /// <returns>Authorize Security Group Ingress Response from the service</returns> /// <remarks> /// The AuthorizeSecurityGroupIngress operation adds permissions to a security /// group. /// Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of /// the request (by IP range or an Amazon EC2 user-group pair), the source and /// destination port ranges (for TCP and UDP), and the ICMP codes and types (for /// ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code /// fields. /// Permission changes are propagated to instances within the security group as /// quickly as possible. However, depending on the number of instances, a small /// delay might occur. /// When authorizing a user/group pair permission, GroupName, /// SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When /// authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and /// CidrIp must be specified. Mixing these two types of parameters is not allowed. /// /// </remarks> public AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request) { return(Invoke <AuthorizeSecurityGroupIngressResponse>("AuthorizeSecurityGroupIngressResponse.xml")); }
/// <summary> /// Authorize ingress to a security group /// </summary> /// <param name="request">The request object</param> public SecurityGroupResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request) { XContainer response = AsyncSupport.RunAsyncJob(this, request); return DeserialiseResponse<SecurityGroupResponse>(response, request.Command); }
//[Obsolete] public async Task <string> CreateEC2InstanceAsync(int serverType = 0) { string secGroupName = "myec2"; string instanceID = ""; if (serverType == (int)AWSConstants.server_types.EC2) { //Step 1:- check for the security Groups var isSGExists = await IsSecurityGroupsExistsAsync(secGroupName); //Step 2:- Create Security Groups if (!isSGExists) { SecurityGroup securityGroup = CreateSecurityGroupAsync(secGroupName).Result; string ipRange = "0.0.0.0/0"; List <string> ranges = new List <string> { ipRange }; //Step 3:- Attach the IP Permissions IpPermission ipPermission = new IpPermission() { IpProtocol = "All traffic", FromPort = 0, ToPort = 65535, IpRanges = ranges }; var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = securityGroup.GroupId; ingressRequest.IpPermissions.Add(ipPermission); var ingressResponse = amazonEC2Client.AuthorizeSecurityGroupIngressAsync(ingressRequest); //Step 4:- Create Key Pairs (.pem file) string keyPairName = CreateKeyPair(); //Step 5:- Create Launch Request Object string amiID = "ami-0b6158cfa2ae7b493"; List <string> groups = new List <string>() { securityGroup.GroupId }; var launchRequest = new RunInstancesRequest() { ImageId = amiID, InstanceType = "t2.micro", MinCount = 1, MaxCount = 1, KeyName = keyPairName, SecurityGroupIds = groups }; var launchResponse = await amazonEC2Client.RunInstancesAsync(launchRequest); var instances = launchResponse.Reservation.Instances; var instanceIds = new List <string>(); foreach (Instance item in instances) { instanceIds.Add(item.InstanceId); Console.WriteLine(); Console.WriteLine("New instance: " + item.InstanceId); Console.WriteLine("Instance state: " + item.State.Name); } //Step 6:- Describe Instances to know the status of the instances var instanceRequest = new DescribeInstancesRequest { InstanceIds = new List <string> { instanceIds[0] } }; while (true) { var response = await amazonEC2Client.DescribeInstancesAsync(instanceRequest); if (response.Reservations[0].Instances[0].State.Name == InstanceStateName.Running) { instanceID = response.Reservations[0].Instances[0].PublicDnsName + "With the status of " + InstanceStateName.Running; break; } } } } return(instanceID); }
/// <summary> /// Run a single item /// </summary> /// <param name="item">The item to run</param> public void RunItem(EC2SecurityGroupEntry item) { AmazonEC2Client ec2Client = new AmazonEC2Client( Config.BaseSettings.AWSAccessKeyID, Config.BaseSettings.AWSSecretAccessKey, new AmazonEC2Config { RegionEndpoint = RegionEndpoint }); //1) Revoke Old entries/permissions if (IpState.HasOldIP && IpState.Changed) { bool oldIpStillInUse = MultiClientState? .Clients? .Where(mcei => mcei.IP == IpState.OldIP) .Any() ?? false; if (!oldIpStillInUse) { RevokeSecurityGroupIngressRequest revokeRequest = new RevokeSecurityGroupIngressRequest { GroupId = item.GroupId, IpPermissions = new List <IpPermission> { new IpPermission { IpProtocol = item.IpProtocol, FromPort = item.PortRange.FromPort, ToPort = item.PortRange.ToPort, Ipv4Ranges = new List <IpRange> { new IpRange { CidrIp = IpState.NewIPRange } } } } }; RevokeSecurityGroupIngressResponse revokeResponse = null; try { revokeResponse = ec2Client .RevokeSecurityGroupIngressAsync(revokeRequest) .GetAwaiter() .GetResult(); //Output Output($"EC2SG: Revoked Security Group Rule: {item} for Old IP: {IpState.OldIP}"); } catch (Exception ex) { //In this case we do nothing. //The old rule was not removed for whatever reason, but we choose to do nothing here //so that the new rules continue to be added. Output($"EC2SG: [ACTION REQUIRED] An exception was thrown while trying to revoke Security Group Rule: {item} for Old IP: {IpState.OldIP}\nRule was likely not revoked.\nException was: {ex}"); } } } //2) Insert new entries/permissions AuthorizeSecurityGroupIngressRequest authorizeRequest = new AuthorizeSecurityGroupIngressRequest { GroupId = item.GroupId, IpPermissions = new List <IpPermission> { new IpPermission { IpProtocol = "tcp", FromPort = item.PortRange.FromPort, ToPort = item.PortRange.ToPort, Ipv4Ranges = new List <IpRange> { new IpRange { CidrIp = IpState.NewIPRange } } } } }; AuthorizeSecurityGroupIngressResponse authorizeResponse = null; try { //Output Output($"EC2SG: START : Adding Security Group Rule: {item} for New IP: {IpState.NewIP}"); //Send authorizeResponse = ec2Client .AuthorizeSecurityGroupIngressAsync(authorizeRequest) .GetAwaiter() .GetResult(); } catch (AmazonEC2Exception ex) { //Diagnostics Debug.WriteLine($"{DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss.fff")}: EXCEPTION: \n" + ex.ToString()); //Handle if (string.Equals(ex.ErrorCode, "InvalidPermission.Duplicate", StringComparison.InvariantCultureIgnoreCase)) { //Apparently it is already there, and we're perfectly happy with that Output($"EC2SG: ERROR : The entry: {item} for New IP: {IpState.NewIP} was already present. No entry was added."); } else { //Don't really know quite exactly what went wrong :-| Output($"EC2SG: ERROR : While adding the entry: {item} for New IP: {IpState.NewIP} an exception was thrown. Error Code: {ex.ErrorCode}, Message: {ex.Message}"); } } catch (Exception ex) { //Diagnostics Debug.WriteLine($"{DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss.fff")}: EXCEPTION: \n" + ex.ToString()); //Throw throw new ApplicationException("EC2SG: An unknown exception was thrown while trying to update AWS EC2 Security Group", ex); } finally { //Output Output($"EC2SG: COMPLETE: Finished adding Security Group Rule: {item} for New IP: {IpState.NewIP}"); } }
// enumerate VPC security group and create a security group for EC2-VPC public void create_lunch_checkstatus_for_istance() { //Create an Amazon EC2 Client Using the the SDK var ec2Client = new AmazonEC2Client(); // enumerate VPC security group string secGroupName = "my-sample-sg-vpc"; SecurityGroup mySG = null; string vpcID = "vpc-7cdc5904"; Amazon.EC2.Model.Filter vpcFilter = new Amazon.EC2.Model.Filter { Name = "vpc-id", Values = new List <string>() { vpcID } }; var dsgRequest = new DescribeSecurityGroupsRequest(); dsgRequest.Filters.Add(vpcFilter); var dsgResponse = ec2Client.DescribeSecurityGroups(dsgRequest); List <SecurityGroup> mySGs = dsgResponse.SecurityGroups; foreach (SecurityGroup item in mySGs) { Console.WriteLine("Existing security group: " + item.GroupId); if (item.GroupName == secGroupName) { mySG = item; } } //create a security group for EC2-VPC if (mySG == null) { var newSGRequest = new CreateSecurityGroupRequest() { GroupName = secGroupName, Description = "My sample security group for EC2-VPC", VpcId = vpcID }; var csgResponse = ec2Client.CreateSecurityGroup(newSGRequest); Console.WriteLine(); Console.WriteLine("New security group: " + csgResponse.GroupId); List <string> Groups = new List <string>() { csgResponse.GroupId }; var newSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = Groups }; var newSgResponse = ec2Client.DescribeSecurityGroups(newSgRequest); mySG = newSgResponse.SecurityGroups[0]; } //Create and initialize an IpPermission object. //iprange = the IP addresses of your local machine string ipRange = "0.0.0.0/0"; List <string> ranges = new List <string>() { ipRange }; var ipPermission = new IpPermission() { IpProtocol = "tcp", //The beginning and end of the port range. This example specifies a single port, 3389, which is used to communicate with Windows over RDP. //it should be changed if u launch a linux instance (use 22 insted ) FromPort = 3389, ToPort = 3389, IpRanges = ranges }; //Create and initialize an AuthorizeSecurityGroupIngressRequest object. var ingressRequest = new AuthorizeSecurityGroupIngressRequest(); ingressRequest.GroupId = mySG.GroupId; ingressRequest.IpPermissions.Add(ipPermission); //Pass the request object to the AuthorizeSecurityGroupIngress method, which returns an AuthorizeSecurityGroupIngressResponse object. var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); Console.WriteLine("New RDP rule for: " + ipRange); //Create and initialize a network interface.for lunch enstance string subnetID = "subnet-048d6c59"; List <string> groups = new List <string>() { mySG.GroupId }; var eni = new InstanceNetworkInterfaceSpecification() { DeviceIndex = 0, SubnetId = subnetID, Groups = groups, AssociatePublicIpAddress = true }; List <InstanceNetworkInterfaceSpecification> enis = new List <InstanceNetworkInterfaceSpecification>() { eni }; string amiID = "ami-06a0d33fc8d328de0"; string keyPairName = "my-sample-key"; var launchRequest = new RunInstancesRequest() { ImageId = amiID, InstanceType = "m3.large", MinCount = 1, MaxCount = 1, KeyName = keyPairName, NetworkInterfaces = enis }; //launch RunInstancesResponse launchResponse = ec2Client.RunInstances(launchRequest); List <String> instanceIds = new List <string>(); foreach (Instance instance in launchResponse.Reservation.Instances) { Console.WriteLine(instance.InstanceId); instanceIds.Add(instance.InstanceId); } //check the status of the enstance var instanceRequest = new DescribeInstancesRequest(); instanceRequest.InstanceIds = new List <string>(); instanceRequest.InstanceIds.AddRange(instanceIds); var response = ec2Client.DescribeInstances(instanceRequest); Console.WriteLine(response.Reservations[0].Instances[0].State.Name); }
private void create_security_group_rule(string key, string secret, Amazon.RegionEndpoint region, string security_group, string serverports, string ipEnpoint = "") { HttpStatusCode ret = HttpStatusCode.OK; string ip = "0.0.0.0"; MailAddress fromMailer = null; MailAddress toMailer = null; string mailhost = ""; int mailport = 0; bool mailssl = false; string mailuser = ""; string mailpass = ""; bool loadConfig = true; string partialmsg = ""; if (ipEnpoint != string.Empty) { ip = get_external_ip(ipEnpoint); } if (loadConfig) { try { fromMailer = new MailAddress(ConfigurationManager.AppSettings["MAIL-FROM"].ToString()); toMailer = new MailAddress(ConfigurationManager.AppSettings["MAIL-TO"].ToString()); mailhost = ConfigurationManager.AppSettings["MAIL-HOST"].ToString(); mailport = int.Parse(ConfigurationManager.AppSettings["MAIL-PORT"].ToString()); mailssl = bool.Parse(ConfigurationManager.AppSettings["MAIL-SSL"].ToString()); mailuser = ConfigurationManager.AppSettings["MAIL-USER"].ToString(); mailpass = ConfigurationManager.AppSettings["MAIL-PASS"].ToString(); ipEnpoint = ConfigurationManager.AppSettings["IP-ENDPOINT"].ToString(); ip = get_external_ip(ipEnpoint); } catch { loadConfig = false; } } if (ip != "") { try { AmazonEC2Client ec2Client = null; AWSCredentials credentials = new Amazon.Runtime.BasicAWSCredentials(key, secret); ec2Client = new AmazonEC2Client(credentials, region); IpRange ipRange = new IpRange { CidrIp = ip + "/32", Description = "Rule created by aws-security-group-access-rule at " + DateTime.Now.ToString() }; var ingressRequest = new AuthorizeSecurityGroupIngressRequest { GroupId = security_group }; var listaPortas = serverports.Split(','); foreach (var item in listaPortas) { var ipPermission = new IpPermission { IpProtocol = "tcp", FromPort = Int16.Parse(item), ToPort = Int16.Parse(item) }; ipPermission.Ipv4Ranges.Add(ipRange); ingressRequest.IpPermissions.Add(ipPermission); } var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest); partialmsg += "[AWS Response :: " + ingressResponse.HttpStatusCode.ToString() + "]"; ret = ingressResponse.HttpStatusCode; #region Debug Section /* * switch (ingressResponse.HttpStatusCode) * { * case HttpStatusCode.Continue: partialmsg += ""; break; * case HttpStatusCode.SwitchingProtocols: partialmsg += ""; break; * case HttpStatusCode.OK: partialmsg += ""; break; * case HttpStatusCode.Created: partialmsg += ""; break; * case HttpStatusCode.Accepted: partialmsg += ""; break; * case HttpStatusCode.NonAuthoritativeInformation: partialmsg += ""; break; * case HttpStatusCode.NoContent: partialmsg += ""; break; * case HttpStatusCode.ResetContent: partialmsg += ""; break; * case HttpStatusCode.PartialContent: partialmsg += ""; break; * case HttpStatusCode.MultipleChoices: partialmsg += ""; break; * case HttpStatusCode.MovedPermanently: partialmsg += ""; break; * case HttpStatusCode.Found: partialmsg += ""; break; * case HttpStatusCode.SeeOther: partialmsg += ""; break; * case HttpStatusCode.NotModified: partialmsg += ""; break; * case HttpStatusCode.UseProxy: partialmsg += ""; break; * case HttpStatusCode.Unused: partialmsg += ""; break; * case HttpStatusCode.TemporaryRedirect: partialmsg += ""; break; * case HttpStatusCode.BadRequest: partialmsg += ""; break; * case HttpStatusCode.Unauthorized: partialmsg += ""; break; * case HttpStatusCode.PaymentRequired: partialmsg += ""; break; * case HttpStatusCode.Forbidden: partialmsg += ""; break; * case HttpStatusCode.NotFound: partialmsg += ""; break; * case HttpStatusCode.MethodNotAllowed: partialmsg += ""; break; * case HttpStatusCode.NotAcceptable: partialmsg += ""; break; * case HttpStatusCode.ProxyAuthenticationRequired: partialmsg += ""; break; * case HttpStatusCode.RequestTimeout: partialmsg += ""; break; * case HttpStatusCode.Conflict: partialmsg += ""; break; * case HttpStatusCode.Gone: partialmsg += ""; break; * case HttpStatusCode.LengthRequired: partialmsg += ""; break; * case HttpStatusCode.PreconditionFailed: partialmsg += ""; break; * case HttpStatusCode.RequestEntityTooLarge: partialmsg += ""; break; * case HttpStatusCode.RequestUriTooLong: partialmsg += ""; break; * case HttpStatusCode.UnsupportedMediaType: partialmsg += ""; break; * case HttpStatusCode.RequestedRangeNotSatisfiable: partialmsg += ""; break; * case HttpStatusCode.ExpectationFailed: partialmsg += ""; break; * case HttpStatusCode.UpgradeRequired: partialmsg += ""; break; * case HttpStatusCode.InternalServerError: partialmsg += ""; break; * case HttpStatusCode.NotImplemented: partialmsg += ""; break; * case HttpStatusCode.BadGateway: partialmsg += ""; break; * case HttpStatusCode.ServiceUnavailable: partialmsg += ""; break; * case HttpStatusCode.GatewayTimeout: partialmsg += ""; break; * case HttpStatusCode.HttpVersionNotSupported: partialmsg += ""; break; * } */ #endregion } catch (AmazonEC2Exception ex) { ret = ex.StatusCode; partialmsg += "[ERROR-CODE " + ex.ErrorCode + "] " + ex.Message + "<BR>"; } finally { if (loadConfig) { sendEmail(mailhost, mailport, mailssl, mailuser, mailpass, fromMailer, toMailer, "[aws-security-group-access-rule]" + ret.ToString(), string.Format("Access granted to ports {1} by IP {0}", ip, serverports) ); } } } void sendEmail(string hostname, int port, bool ssl, string user, string pass, MailAddress fromMail, MailAddress toMail, string subject, string message, bool ishtml = false) { MailMessage msg = new MailMessage { Subject = subject, Body = message, IsBodyHtml = ishtml, Priority = MailPriority.High, From = fromMail }; msg.To.Add(toMail); SmtpClient mailClient = new SmtpClient { Host = hostname, Port = port, UseDefaultCredentials = false, Credentials = new NetworkCredential(user, pass), EnableSsl = ssl }; mailClient.Send(msg); } }
public async Task <IActionResult> Post(IpModel model) { if (model == null) { return(BadRequest(new { Success = false, Message = "Invalid model." })); } if (!Request.Headers.ContainsKey("Api-Secret")) { return(BadRequest(new { success = false, message = "Missing Secret header" })); } var values = Request.Headers["Api-Secret"]; var apiSecret = Environment.GetEnvironmentVariable("AWSHELPER_API_SECRET"); if (values.FirstOrDefault(x => x == apiSecret) == null) { return(Unauthorized(new { success = false, message = "Invalid secret header" })); } if (string.IsNullOrEmpty(model.Name) || string.IsNullOrWhiteSpace(model.Name)) { return(BadRequest(new { Success = false, Message = "Invalid name" })); } var namePrefix = Environment.GetEnvironmentVariable("AWSHELPER_NAME_PREFIX"); var groupId = Environment.GetEnvironmentVariable("AWSHELPER_GROUP_ID"); var accessId = Environment.GetEnvironmentVariable("AWSHELPER_ACCESS_ID"); var accessSecret = Environment.GetEnvironmentVariable("AWSHELPER_ACCESS_SECRET"); var endpoint = RegionEndpoint.GetBySystemName(Environment.GetEnvironmentVariable("AWSHELPER_REGION")); var client = new AmazonEC2Client(accessId, accessSecret, endpoint); var req = new DescribeSecurityGroupsRequest(); req.GroupIds.Add(groupId); var request = new UpdateSecurityGroupRuleDescriptionsIngressRequest { GroupId = groupId }; try { var secGroupRequest = new DescribeSecurityGroupsRequest(); secGroupRequest.GroupIds.Add(groupId); var get = await client.DescribeSecurityGroupsAsync(secGroupRequest); var securityGroup = get.SecurityGroups.FirstOrDefault(); if (securityGroup == null) { return(BadRequest(new { Success = false, Message = "Security group not found." })); } var description = $"{namePrefix}{model.Name}"; var ipRangeListRemoved = new List <IpRange>(); var ipRangeListAdded = new List <IpRange>(); foreach (var permission in securityGroup.IpPermissions) { foreach (var ipRange in permission.Ipv4Ranges) { if (description.Equals(ipRange.Description) && permission.ToPort == model.Port) { ipRangeListRemoved.Add(ipRange); } } permission.Ipv4Ranges.RemoveAll(x => ipRangeListRemoved.Contains(x)); } if (ipRangeListRemoved.Any()) { var revokeRequest = new RevokeSecurityGroupIngressRequest(); revokeRequest.GroupId = groupId; revokeRequest.IpPermissions.Add(new IpPermission { FromPort = model.Port, IpProtocol = model.Protocol, ToPort = model.Port, Ipv4Ranges = new List <IpRange>(ipRangeListRemoved) }); await client.RevokeSecurityGroupIngressAsync(revokeRequest); } var authorizeRequest = new AuthorizeSecurityGroupIngressRequest(); authorizeRequest.GroupId = groupId; var authorizeIpRange = new IpRange { CidrIp = $"{model.Ip}/32", Description = description }; authorizeRequest.IpPermissions.Add(new IpPermission { FromPort = model.Port, IpProtocol = model.Protocol, ToPort = model.Port, Ipv4Ranges = new List <IpRange> { authorizeIpRange } }); var authorizeResult = await client.AuthorizeSecurityGroupIngressAsync(authorizeRequest); return(Ok(new { Success = true, Message = "Action completed." })); } catch (Exception ex) { return(BadRequest(new { Success = false, Message = ex.Message })); } }
internal void AuthorizeSecurityGroupIngress(string securityGroupName) { try { Client session = new Client(serviceUri, apiKey, secretKey); AuthorizeSecurityGroupIngressRequest request = new AuthorizeSecurityGroupIngressRequest() { SecurityGroupName = securityGroupName, Protocol = ProtocolType.tcp, StartPort = 80, EndPort = 80, CidrList = "0.0.0.0/0" }; session.AuthorizeSecurityGroupIngress(request); request = new AuthorizeSecurityGroupIngressRequest() { SecurityGroupName = "TestSecurityGroup", Protocol = ProtocolType.tcp, StartPort = 22, EndPort = 22, CidrList = "0.0.0.0/0" }; session.AuthorizeSecurityGroupIngress(request); } catch (Exception e) { WriteLog("Exception during AuthorizeSecurityGroupIngress {0}", e); } }