Describes a security group rule.
private static string GetRangeText(IpPermission rule, string ipRange) { var rangeText = string.Empty; if (!string.IsNullOrEmpty(ipRange)) { var prefix = string.Empty; if (rule.FromPort <= 0 && rule.ToPort <= 65535) { prefix = "All "; } var from = ipRange; if (from == "0.0.0.0/0") { from = "anywhere"; } var to = "N/A"; if (rule.ToPort >= 0) { to = "port " + rule.ToPort; } if (rule.FromPort >= 0 && rule.FromPort < rule.ToPort) { to = "ports " + rule.FromPort + "-" + rule.ToPort; } if ((rule.FromPort == 0 && rule.ToPort == 0) || (rule.FromPort == 0 && rule.ToPort == 65535)) { to = "all ports"; } var protocol = rule.IpProtocol.ToUpper(); if (rule.IpProtocol.Equals("-1")) { protocol = "All protocol"; } rangeText += prefix + protocol + " traffic to " + to + " from " + from + "." + Environment.NewLine; } return rangeText; }
private static string GetRuleText(IpPermission rule, string securityGroupId) { var ruleText = string.Empty; if (rule != null) { var prefix = string.Empty; if (rule.FromPort <= 0 && rule.ToPort <= 65535) { prefix = "All "; } var from = "Unknown"; if (rule.UserIdGroupPairs.Count > 0) { var group = GetSecurityGroupFromID(securityGroupId); from = group.GroupName + " security group"; } var to = "N/A"; if (rule.ToPort >= 0) { to = "port " + rule.ToPort; } if (rule.FromPort >= 0 && rule.FromPort < rule.ToPort) { to = "ports " + rule.FromPort + "-" + rule.ToPort; } if ((rule.FromPort == 0 && rule.ToPort == 0) || (rule.FromPort == 0 && rule.ToPort == 65535)) { to = "all ports"; } var protocol = rule.IpProtocol.ToUpper(); if (rule.IpProtocol.Equals("-1")) { protocol = "All protocol"; } ruleText += prefix + protocol + " traffic to " + to + " from " + from + "." + Environment.NewLine; } return ruleText; }
/// <summary> /// This method will create a VPC, a public subnet, private subnet and a NAT EC2 instance to allow EC2 instances in the private /// subnet to establish outbound connections to the internet. /// </summary> /// <param name="ec2Client">The ec2client used to create the VPC</param> /// <param name="request">The properties used to create the VPC.</param> /// <returns>The response contains all the VPC objects that were created.</returns> public static LaunchVPCWithPublicAndPrivateSubnetsResponse LaunchVPCWithPublicAndPrivateSubnets(IAmazonEC2 ec2Client, LaunchVPCWithPublicAndPrivateSubnetsRequest request) { LaunchVPCWithPublicAndPrivateSubnetsResponse response = new LaunchVPCWithPublicAndPrivateSubnetsResponse(); LaunchVPCWithPublicSubnet(ec2Client, request, response); response.PrivateSubnet = ec2Client.CreateSubnet(new CreateSubnetRequest() { AvailabilityZone = request.PrivateSubnetAvailabilityZone ?? response.PublicSubnet.AvailabilityZone, CidrBlock = request.PrivateSubnetCiderBlock, VpcId = response.VPC.VpcId }).Subnet; WriteProgress(request.ProgressCallback, "Created private subnet {0}", response.PublicSubnet.SubnetId); WaitTillTrue(((Func<bool>)(() => (ec2Client.DescribeSubnets(new DescribeSubnetsRequest() { SubnetIds = new List<string>() { response.PrivateSubnet.SubnetId } }).Subnets.Count == 1)))); ec2Client.CreateTags(new CreateTagsRequest() { Resources = new List<string>() { response.PrivateSubnet.SubnetId }, Tags = new List<Tag>() { new Tag() { Key = "Name", Value = "Private" } } }); WriteProgress(request.ProgressCallback, "Launching NAT instance"); response.NATInstance = LaunchNATInstance(ec2Client, new LaunchNATInstanceRequest() { InstanceType = request.InstanceType, KeyName = request.KeyName, SubnetId = response.PublicSubnet.SubnetId }); WriteProgress(request.ProgressCallback, "NAT instance is available"); var defaultRouteTable = GetDefaultRouteTable(ec2Client, response.VPC.VpcId); if (defaultRouteTable == null) throw new AmazonEC2Exception("No default route table found for VPC"); ec2Client.CreateRoute(new CreateRouteRequest() { RouteTableId = defaultRouteTable.RouteTableId, DestinationCidrBlock = "0.0.0.0/0", InstanceId = response.NATInstance.InstanceId }); WriteProgress(request.ProgressCallback, "Added route to the NAT instance in the default route table"); if (request.ConfigureDefaultVPCGroupForNAT) { var defaultSecurityGroup = GetDefaultSecurityGroup(ec2Client, response.VPC.VpcId); var groupId = ec2Client.CreateSecurityGroup(new CreateSecurityGroupRequest() { VpcId = response.VPC.VpcId, GroupName = "NATGroup", Description = "Give EC2 Instances access through the NAT" }).GroupId; WriteProgress(request.ProgressCallback, "Created security group for NAT configuration"); IpPermission spec = new IpPermission { IpProtocol = "-1", IpRanges = new List<string>{ "0.0.0.0/0"}, UserIdGroupPairs = new List<UserIdGroupPair>() { new UserIdGroupPair() { GroupId = groupId } } }; ec2Client.AuthorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest() { IpPermissions = new List<IpPermission>() { spec }, GroupId = defaultSecurityGroup.GroupId }); WriteProgress(request.ProgressCallback, "Added permission to the default security group {0} to allow traffic from security group {1}", defaultSecurityGroup.GroupId, groupId); response.NATSecurityGroup = ec2Client.DescribeSecurityGroups(new DescribeSecurityGroupsRequest() { GroupIds = new List<string>(){ groupId } }).SecurityGroups[0]; } return response; }