public override void Invoke(AWSCredentials creds, RegionEndpoint region, int maxItems)
{
AmazonEC2Config config = new AmazonEC2Config();
config.RegionEndpoint = region;
ConfigureClient(config);
AmazonEC2Client client = new AmazonEC2Client(creds, config);
DescribeNetworkAclsResponse resp = new DescribeNetworkAclsResponse();
do
{
DescribeNetworkAclsRequest req = new DescribeNetworkAclsRequest
{
NextToken = resp.NextToken
,
MaxResults = maxItems
};
resp = client.DescribeNetworkAcls(req);
CheckError(resp.HttpStatusCode, "200");
foreach (var obj in resp.NetworkAcls)
{
AddObject(obj);
}
}while (!string.IsNullOrEmpty(resp.NextToken));
}
internal List <NetworkAcl> getNetworkAcls(string subnetId)
{
_statusProvider.UpdateStatus("BUSY: Getting Network ACL for the Subnet " + subnetId + "...");
DescribeNetworkAclsRequest req = new DescribeNetworkAclsRequest();
req.Filters.Add(new Filter()
{
Name = "association.subnet-id",
Values = new List <string>()
{
subnetId
}
}); return(_service.DescribeNetworkAcls(req).NetworkAcls);
}
// -----------------------------------------------------------------------
// Live Stack
public static void ProcessNetworkAclFromAWS(StackResourceSummary resource, CFStack stack, AmazonEC2Client ec2Client, string stackName)
{
DescribeNetworkAclsRequest naclRequest = new DescribeNetworkAclsRequest();
naclRequest.NetworkAclIds = new List <string> {
resource.PhysicalResourceId
};
DescribeNetworkAclsResponse response = ec2Client.DescribeNetworkAcls(naclRequest);
foreach (Amazon.EC2.Model.NetworkAcl nacl in response.NetworkAcls)
{
NetworkAcl n = new NetworkAcl();
n.LogicalId = resource.LogicalResourceId;
if (log)
{
Utils.WriteToFile(logFile, "AWS NACL: " + n.LogicalId.ToString(), true);
}
n.Type = "AWS::EC2::NetworkAcl";
n.Properties.VpcId = nacl.VpcId;
foreach (Amazon.EC2.Model.NetworkAclEntry e in nacl.Entries)
{
NetworkAclEntry ne = new NetworkAclEntry();
ne.RuleNumber = e.RuleNumber.ToString();
ne.CidrBlock = e.CidrBlock;
ne.Egress = e.Egress;
if (e.PortRange == null)
{
ne.FromPort = "ALL"; ne.ToPort = "ALL";
}
else
{
//FormatPortRange - Port range could be 0-0 -1-1 0-65535
string from = "";
string to = "";
FormatPortRange(e.PortRange.From.ToString(), e.PortRange.To.ToString(), out from, out to);
ne.FromPort = from;
ne.ToPort = to;
//------------------------------------------------------
}
//FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
ne.Protocol = FormatProtocol(e.Protocol);
//-------------------------------------------------------------------
ne.RuleAction = e.RuleAction;
//ICMP not included.
n.Properties.NetworkAclEntry.Add(ne);
if (e.PortRange == null)
{
if (log)
{
Utils.WriteToFile(logFile, ne.RuleNumber + " Protocol: " + e.Protocol + " | From: " + "null" + " To: " + "null", true);
}
}
else
{
if (log)
{
Utils.WriteToFile(logFile, ne.RuleNumber + " Protocol: " + e.Protocol + " | From: " + e.PortRange.From.ToString() + " To: " + e.PortRange.To.ToString(), true);
}
}
}
stack.Resources.Add(n);
}
}