static void ProcessNetworkAclFromTemplate(dynamic input, CFStack stack)
{
NetworkAcl nacl = new NetworkAcl();
nacl.LogicalId = input.Name;
nacl.Type = "AWS::EC2::NetworkAcl";
var props = input.Value["Properties"];
foreach (var prop in props)
{
switch ((string)prop.Name)
{
case "VpcId":
var a = prop.Value;
foreach (var item in a)
{
nacl.Properties.VpcId = item.Value;
}
break;
case "Tags":
break;
}
}
stack.Resources.Add(nacl);
}
static void ProcessEC2SecurityGroupIngressFromTemplate(dynamic input, CFStack stack)
{
EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress();
var rule = input.Value["Properties"];
//FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
sgi.IpProtocol = FormatProtocol(rule.IpProtocol.ToString());
//-------------------------------------------------------------------
//FormatPortRange - Port range could be 0-0 -1-1 0-65535
string from = "";
string to = "";
FormatPortRange(rule.FromPort.ToString(), rule.ToPort.ToString(), out from, out to);
sgi.FromPort = from;
sgi.ToPort = to;
//-------------------------------------------------------------------
sgi.CidrIp = rule.CidrIp;
if (rule.SourceSecurityGroupId != null)
{
if (rule.SourceSecurityGroupId != null)
{
var Ids = rule.SourceSecurityGroupId;
if (Ids.Value == null)
{
foreach (var Id in Ids)
{
sgi.SourceSecurityGroupId = Id.Value;
}
}
else
{
sgi.SourceSecurityGroupId = Ids.Value;
}
}
}
if (rule.GroupId != null)
{
sgi.GroupName = rule.GroupId["Ref"].Value;
EC2SecurityGroup x = stack.Resources.Find(n => n != null && n.LogicalId == rule.GroupId["Ref"].Value);
if (x != null)
{
x.Properties.SecurityGroupIngress.Add(sgi);
}
else
{
//TODO
//Either remember and process orphaned ingress rule
//Or write out to error log.
MessageBox.Show("Error", "Did not find security group " + sgi.GroupName + " to add ingress rule to", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
static void ProcessIAMUserFromTemplate(dynamic input, CFStack stack)
{
IAMUser u = new IAMUser();
u.LogicalId = input.Name;
u.Type = "AWS::IAM::User";
var props = input.Value["Properties"];
foreach (var prop in props)
{
switch ((string)prop.Name)
{
case "Path":
u.Properties.Path = prop.Value;
break;
case "Policies":
var policies = prop.Value;
foreach (var policy in policies)
{
IAMUserPolicy pol = new IAMUserPolicy();
pol.PolicyName = (string)policy["PolicyName"];
var policyDoc = policy["PolicyDocument"];
foreach (var statementItems in policyDoc)
{
foreach (var statement in statementItems.Value)
{
IAMUserStatement us = new IAMUserStatement();
us.Action = statement.Action;
us.Effect = statement.Effect;
us.Resource = statement.Resource;
pol.PolicyDocument.Statement.Add(us);
}
}
u.Properties.Policies.Add(pol);
}
break;
default:
break;
}
}
stack.Resources.Add(u);
}
private void compare_BTN_Click_1(object sender, EventArgs e)
{
if (StackOriginal1 == null || StackOriginal2 == null)
{
return;
}
ClearRTBBackgroundColour(richTextBox1);
ClearRTBBackgroundColour(richTextBox2);
CompareRemoves = toolStripMenuItem_CompareRemove.Checked;
StackCopy1 = StackOriginal1.DeepClone();
StackCopy2 = StackOriginal2.DeepClone();
CompareStacks();
ViewSwitch = true;
SwitchView_BTN.Enabled = true;
}
// -----------------------------------------------------------------------
// Template
public static void ProcessTemplateResources(dynamic input, CFStack stack)
{
foreach (var resource in input)
{
string logicalId = resource.Name;
switch ((string)resource.Value["Type"])
{
case "AWS::IAM::User":
//ProcessIAMUserFromTemplate(resource, stack);
break;
case "AWS::IAM::AccessKey":
break;
case "AWS::EC2::SecurityGroup":
ProcessEC2SecurityGroupFromTemplate(resource, stack);
break;
case "AWS::EC2::SecurityGroupIngress":
ProcessEC2SecurityGroupIngressFromTemplate(resource, stack);
break;
case "AWS::EC2::NetworkAcl":
ProcessNetworkAclFromTemplate(resource, stack);
break;
case "AWS::EC2::NetworkAclEntry":
ProcessNetworkAclEntryFromTemplate(resource, stack);
break;
default:
break;
}
}
}
private void WriteOutput(CFStack s, RichTextBox rtb, string source, string name)
{
rtb.Clear();
rtb.AppendText("Source: " + source); rtb.AppendText(Environment.NewLine);
rtb.AppendText("Name/Path: " + name); rtb.AppendText(Environment.NewLine); rtb.AppendText(Environment.NewLine);
rtb.AppendText("Decription: " + s.Description); rtb.AppendText(Environment.NewLine);
rtb.AppendText("Resources"); rtb.AppendText(Environment.NewLine);
foreach (var resource in s.Resources)
{
rtb.AppendText(tab1); rtb.AppendText(resource.LogicalId); rtb.AppendText(Environment.NewLine);
rtb.AppendText(tab2); rtb.AppendText("Type: " + resource.Type); rtb.AppendText(Environment.NewLine);
var properties = resource.Properties;
string type = resource.Type;
switch (type)
{
case "AWS::EC2::SecurityGroup":
EC2SecurityGroup group = (EC2SecurityGroup)resource;
rtb.AppendText(tab3); rtb.AppendText("Group Description: " + group.Properties.GroupDescription); rtb.AppendText(Environment.NewLine);
var rules = group.Properties.SecurityGroupIngress.OrderBy(a => a.IpProtocol).ThenBy(a => a.ToPort).ThenBy(a => a.FromPort).ThenBy(a => a.CidrIp).ThenBy(a => a.SourceSecurityGroupId);
foreach (var rule in rules)
{
if (rule.StateChanged == false)
{
rtb.AppendText(tab4);
}
else
{
rtb.AppendText(diffMarker); rtb.AppendText(tab3);
}
//Check if Protocol exists in Dictionary else use the number
if (Protocols.ContainsKey(rule.IpProtocol))
{
rtb.AppendText("Protocol: " + Protocols[rule.IpProtocol] + " (" + rule.IpProtocol + ") | ");
}
else
{
rtb.AppendText("Protocol: " + "Custom" + " (" + rule.IpProtocol + ") | ");
}
if (rule.FromPort.Equals(rule.ToPort, StringComparison.Ordinal))
{
rtb.AppendText("Port Range: " + rule.FromPort + " | ");
}
else
{
rtb.AppendText("Port Range: " + rule.FromPort + "-" + rule.ToPort + " | ");
}
if (rule.CidrIp != null)
{
rtb.AppendText("Source: " + rule.CidrIp);
}
else
{
rtb.AppendText("Source: " + rule.SourceSecurityGroupId);
}
rtb.AppendText(Environment.NewLine);
}
break;
case "AWS::EC2::NetworkAcl":
NetworkAcl acl = (NetworkAcl)resource;
rtb.AppendText(tab3); rtb.AppendText("VpcId: " + acl.Properties.VpcId); rtb.AppendText(Environment.NewLine);
var aclEntry = acl.Properties.NetworkAclEntry.OrderBy(a => a.Egress).ThenBy(a => a.RuleNumber);
bool egressDisplayed = false;
bool ingressDisplayed = false;
foreach (var rule in aclEntry)
{
//Rule #, Type, Protocol, Port Range, Source, Allow/Deny
if (rule.Egress == false && ingressDisplayed == false)
{
rtb.AppendText(tab4); rtb.AppendText("Inbound Rules"); rtb.AppendText(Environment.NewLine);
ingressDisplayed = true;
}
else if (rule.Egress == true && egressDisplayed == false)
{
rtb.AppendText(tab4); rtb.AppendText("Outbound Rules"); rtb.AppendText(Environment.NewLine);
egressDisplayed = true;
}
if (rule.StateChanged == false)
{
rtb.AppendText(tab5);
}
else
{
rtb.AppendText(diffMarker); rtb.AppendText(tab4);
}
rtb.AppendText("Rule: " + rule.RuleNumber + " | ");
//Check if Protocol exists in Dictionary else use the number
if (Protocols.ContainsKey(rule.Protocol))
{
rtb.AppendText("Protocol: " + Protocols[rule.Protocol] + " (" + rule.Protocol + ") | ");
}
else
{
rtb.AppendText("Protocol: " + "Custom" + " (" + rule.Protocol + ") | ");
}
//ALL ports could be 0-0 or -1 or 0-65535
if (rule.FromPort.Equals(rule.ToPort, StringComparison.Ordinal))
{
if ((rule.FromPort == "0" && rule.ToPort == "0") || (rule.FromPort == "-1" && rule.ToPort == "-1"))
{
rtb.AppendText("Port Range: ALL | ");
}
else
{
rtb.AppendText("Port Range: " + rule.FromPort + " | ");
}
}
else
{
if (rule.FromPort == "0" && rule.ToPort == "65535")
{
rtb.AppendText("Port Range: ALL | ");
}
else
{
rtb.AppendText("Port Range: " + rule.FromPort + "-" + rule.ToPort + " | ");
}
}
rtb.AppendText("Source: " + rule.CidrBlock + " | ");
rtb.AppendText("Allow/Deny: " + rule.RuleAction.ToUpper());
rtb.AppendText(Environment.NewLine);
}
break;
}
rtb.AppendText(Environment.NewLine);
}
// Highlight Textbox Lines
for (int i = 0; i < rtb.Lines.Length; i++)
{
if (rtb.Lines[i].Contains("*"))
{
int selectionStart = rtb.GetFirstCharIndexFromLine(i);
int selectionEnd = rtb.Lines[i].Count();
rtb.SelectionStart = selectionStart;
rtb.SelectionLength = selectionEnd;
rtb.SelectionBackColor = System.Drawing.Color.Yellow;
}
}
}
private void ProcessLiveStackResourcess(ListStackResourcesResponse liveStackResources, CFStack stack, AmazonEC2Client ec2Client, Dictionary <string, string> secGroupMap, string stackName, AmazonCloudFormationClient cfClient)
{
foreach (StackResourceSummary liveStackResource in liveStackResources.StackResourceSummaries)
{
switch (liveStackResource.ResourceType)
{
case "AWS::EC2::SecurityGroup":
AWSUtils.ProcessEC2SecurityGroupFromAWS(liveStackResource, stack, ec2Client, secGroupMap, stackName);
break;
case "AWS::EC2::NetworkAcl":
AWSUtils.ProcessNetworkAclFromAWS(liveStackResource, stack, ec2Client, stackName);
break;
default:
break;
}
}
if (liveStackResources.NextToken != null)
{
ListStackResourcesRequest lr = new ListStackResourcesRequest();
lr.StackName = stackName;
lr.NextToken = liveStackResources.NextToken;
liveStackResources = cfClient.ListStackResources(lr);
ProcessLiveStackResourcess(liveStackResources, stack, ec2Client, secGroupMap, stackName, cfClient);
}
}
//private ListStackResourcesResponse ListStackResources(string stackName, AmazonCloudFormationClient cfClient, string nextToken = null)
//{
// ListStackResourcesRequest lr = new ListStackResourcesRequest();
// lr.StackName = stackName;
// lr.NextToken = nextToken;
// ListStackResourcesResponse liveStackResources = cfClient.ListStackResources(lr);
// return liveStackResources;
//}
private void ProcessLiveStack(string stackName, AmazonCloudFormationClient cfClient, AmazonEC2Client ec2Client, RichTextBox rtb, CFStack stack)
{
Dictionary <string, string> secGroupMap = new Dictionary <string, string>();
DescribeSecurityGroupsRequest secGroupRequestAll = new DescribeSecurityGroupsRequest();
//Get all security group Id's and cf logicalId's (if any)
DescribeSecurityGroupsResponse secGroupResponseAll = ec2Client.DescribeSecurityGroups(secGroupRequestAll);
foreach (SecurityGroup sg in secGroupResponseAll.SecurityGroups)
{
string value = "none";
foreach (Amazon.EC2.Model.Tag tag in sg.Tags)
{
if (tag.Key.Contains("aws:cloudformation:logical-id"))
{
value = tag.Value;
}
}
secGroupMap.Add(sg.GroupId, value);
}
//Get Live Stack
DescribeStacksRequest cfRequest = new DescribeStacksRequest();
cfRequest.StackName = stackName;
DescribeStacksResponse liveStack = cfClient.DescribeStacks(cfRequest);
stack.Description = liveStack.Stacks[0].Description;
//Get Stack Resouces
//Need to use ListStackResourcesRequest to be able to get stacks with more than 100 resources
ListStackResourcesRequest lr = new ListStackResourcesRequest();
lr.StackName = stackName;
ListStackResourcesResponse liveStackResources = cfClient.ListStackResources(lr);
ProcessLiveStackResourcess(liveStackResources, stack, ec2Client, secGroupMap, stackName, cfClient);
stack.Resources.Sort((a, b) => a.LogicalId.CompareTo(b.LogicalId));
WriteOutput(stack, rtb, source1_CB.Text, templateOrStack1_TB.Text);
}
private void ProcessTemplate(string jsonString, RichTextBox rtb, string path, CFStack stack)
{
//Stack From Template
var template = JsonConvert.DeserializeObject <dynamic>(jsonString);
stack.Description = template.Description;
var r = template.Resources;
//Process StackResources
AWSUtils.ProcessTemplateResources(template.Resources, stack);
stack.Resources.Sort((a, b) => a.LogicalId.CompareTo(b.LogicalId));
WriteOutput(stack, rtb, source1_CB.Text, templateOrStack1_TB.Text);
}
private void Go_Window2()
{
if (inputsAreValid(source2_CB, profile2_CB, templateOrStack2_TB, validation2_LB))
{
AmazonCloudFormationClient CFclient = null;
AmazonEC2Client EC2client = null;
StackOriginal2 = new CFStack();
StackCopy2 = new CFStack();
try
{
profileName2 = profile2_CB.Text;
if (validateTemplate_CB.Checked || source2_CB.Text == "AWS")
{
var creds = new StoredProfileAWSCredentials(profileName2);
CFclient = new AmazonCloudFormationClient(creds);
EC2client = new AmazonEC2Client(creds);
}
switch (source2_CB.Text)
{
case "Template":
templatePath2 = templateOrStack2_TB.Text.Trim();
using (StreamReader sr = new StreamReader(templatePath2))
{
jasonString2 = sr.ReadToEnd();
if (validateTemplate_CB.Checked)
{
if (validateTemplate(jasonString2, CFclient))
{
ProcessTemplate(jasonString2, richTextBox2, templatePath2, StackOriginal2);
}
}
else
{
ProcessTemplate(jasonString2, richTextBox2, templatePath2, StackOriginal2);
}
}
break;
case "AWS":
stackName2 = templateOrStack2_TB.Text.Trim();
ProcessLiveStack(stackName2, CFclient, EC2client, richTextBox2, StackOriginal2);
break;
}
profileName2 = profile2_CB.Text.Trim();
}
catch (Exception ex)
{
richTextBox2.Text = ex.Message;
}
finally
{
if (CFclient != null)
{
CFclient.Dispose();
}
if (EC2client != null)
{
EC2client.Dispose();
}
}
}
}
static void ProcessNetworkAclEntryFromTemplate(dynamic input, CFStack stack)
{
NetworkAclEntry ne = new NetworkAclEntry();
var rule = input.Value["Properties"];
ne.Protocol = rule.Protocol;
ne.CidrBlock = rule.CidrBlock;
ne.Egress = (bool)rule.Egress;
ne.RuleNumber = rule.RuleNumber;
ne.RuleAction = rule.RuleAction;
if (rule.NetworkAclId != null)
{
var a = rule.NetworkAclId;
foreach (var item in a)
{
ne.NetworkAclId = item.Value;
}
}
if (rule.PortRange != null)
{
var range = rule.PortRange;
foreach (var item in range)
{
if (item.Name == "To")
{
if (item.Value == "-1")
{
ne.ToPort = "ALL";
}
else
{
ne.ToPort = item.Value;
}
}
if (item.Name == "From")
{
if (item.Value == "-1")
{
ne.ToPort = "ALL";
}
else
{
ne.FromPort = item.Value;
}
}
}
}
else //If port range is not specified in the template then AWS sets it to ALL
{
ne.FromPort = "ALL";
ne.ToPort = "ALL";
}
//Format PortRange
string from = "";
string to = "";
FormatPortRange(ne.FromPort, ne.ToPort, out from, out to);
ne.FromPort = from;
ne.ToPort = to;
if (rule.Icmp != null)
{
//May not be needed
}
if (ne.NetworkAclId != null)
{
NetworkAcl x = stack.Resources.Find(n => n != null && n.LogicalId == ne.NetworkAclId);
if (x != null)
{
x.Properties.NetworkAclEntry.Add(ne);
}
else
{
//TODO
//Either remember and process orphaned ingress rule
//Or write out to error log.
MessageBox.Show("Error", "Did not find NACL " + ne.NetworkAclId + " to add entry to", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
public static void ProcessEC2SecurityGroupFromAWS(StackResourceSummary resource, CFStack stack, AmazonEC2Client ec2Client, Dictionary <string, string> secGroupMap, string stackName)
{
DescribeSecurityGroupsRequest secGroupRequest = new DescribeSecurityGroupsRequest();
//Set request to use Phisical Id
secGroupRequest.GroupIds = new List <string> {
resource.PhysicalResourceId
};
//Attempt to get security group using physical Id
DescribeSecurityGroupsResponse response = GetSecurityGroup(ec2Client, secGroupRequest);
if (response == null)
{
//Set request to use Logical Id and Stack Name Tags
secGroupRequest.GroupIds.Clear();
List <Filter> f = new List <Filter>();
f.Add(new Filter {
Name = "tag:aws:cloudformation:logical-id", Values = new List <string>()
{
resource.LogicalResourceId
}
});
f.Add(new Filter {
Name = "tag:aws:cloudformation:stack-name", Values = new List <string>()
{
stackName
}
});
secGroupRequest.Filters = f;
//Attempt to get security group using logical Id
response = GetSecurityGroup(ec2Client, secGroupRequest);
}
if (response == null | response.SecurityGroups.Count == 0)
{
return;
}
foreach (SecurityGroup group in response.SecurityGroups)
{
EC2SecurityGroup sg = new EC2SecurityGroup();
sg.LogicalId = resource.LogicalResourceId;
if (log)
{
Utils.WriteToFile(logFile, "AWS SG: " + sg.LogicalId.ToString(), true);
}
sg.Type = "AWS::EC2::SecurityGroup";
sg.Properties.GroupDescription = group.Description;
sg.Properties.VpcId = group.VpcId;
foreach (IpPermission perms in group.IpPermissions)
{
for (int i = 0; i < perms.IpRanges.Count; i++)
{
EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress();
//FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
sgi.IpProtocol = FormatProtocol(perms.IpProtocol);
//--------------------------------------------------------------------
//FormatPortRange - Port range could be 0-0 -1-1 0-65535
string from = "";
string to = "";
FormatPortRange(perms.FromPort.ToString(), perms.ToPort.ToString(), out from, out to);
sgi.FromPort = from;
sgi.ToPort = to;
//------------------------------------------------------
sgi.CidrIp = perms.IpRanges[i];
sg.Properties.SecurityGroupIngress.Add(sgi);
if (log)
{
Utils.WriteToFile(logFile, " Protocol: " + perms.IpProtocol + " | From: " + perms.FromPort.ToString() + " To: " + perms.ToPort.ToString(), true);
}
}
for (int i = 0; i < perms.UserIdGroupPairs.Count; i++)
{
EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress();
//FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
sgi.IpProtocol = FormatProtocol(perms.IpProtocol);
//--------------------------------------------------------------------
//FormatPortRange - Port range could be 0-0 -1-1 0-65535
string from = "";
string to = "";
FormatPortRange(perms.FromPort.ToString(), perms.ToPort.ToString(), out from, out to);
sgi.FromPort = from;
sgi.ToPort = to;
//-------------------------------------------------------
sg.Properties.SecurityGroupIngress.Add(sgi);
string groupName;
if (secGroupMap.TryGetValue(perms.UserIdGroupPairs[i].GroupId, out groupName))
{
sgi.SourceSecurityGroupId = groupName;
}
else
{
sgi.SourceSecurityGroupId = perms.UserIdGroupPairs[i].GroupId;
}
if (log)
{
Utils.WriteToFile(logFile, " Protocol: " + perms.IpProtocol + " | From: " + perms.FromPort.ToString() + " To: " + perms.ToPort.ToString(), true);
}
}
}
stack.Resources.Add(sg);
}
}
// -----------------------------------------------------------------------
// Live Stack
public static void ProcessNetworkAclFromAWS(StackResourceSummary resource, CFStack stack, AmazonEC2Client ec2Client, string stackName)
{
DescribeNetworkAclsRequest naclRequest = new DescribeNetworkAclsRequest();
naclRequest.NetworkAclIds = new List <string> {
resource.PhysicalResourceId
};
DescribeNetworkAclsResponse response = ec2Client.DescribeNetworkAcls(naclRequest);
foreach (Amazon.EC2.Model.NetworkAcl nacl in response.NetworkAcls)
{
NetworkAcl n = new NetworkAcl();
n.LogicalId = resource.LogicalResourceId;
if (log)
{
Utils.WriteToFile(logFile, "AWS NACL: " + n.LogicalId.ToString(), true);
}
n.Type = "AWS::EC2::NetworkAcl";
n.Properties.VpcId = nacl.VpcId;
foreach (Amazon.EC2.Model.NetworkAclEntry e in nacl.Entries)
{
NetworkAclEntry ne = new NetworkAclEntry();
ne.RuleNumber = e.RuleNumber.ToString();
ne.CidrBlock = e.CidrBlock;
ne.Egress = e.Egress;
if (e.PortRange == null)
{
ne.FromPort = "ALL"; ne.ToPort = "ALL";
}
else
{
//FormatPortRange - Port range could be 0-0 -1-1 0-65535
string from = "";
string to = "";
FormatPortRange(e.PortRange.From.ToString(), e.PortRange.To.ToString(), out from, out to);
ne.FromPort = from;
ne.ToPort = to;
//------------------------------------------------------
}
//FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
ne.Protocol = FormatProtocol(e.Protocol);
//-------------------------------------------------------------------
ne.RuleAction = e.RuleAction;
//ICMP not included.
n.Properties.NetworkAclEntry.Add(ne);
if (e.PortRange == null)
{
if (log)
{
Utils.WriteToFile(logFile, ne.RuleNumber + " Protocol: " + e.Protocol + " | From: " + "null" + " To: " + "null", true);
}
}
else
{
if (log)
{
Utils.WriteToFile(logFile, ne.RuleNumber + " Protocol: " + e.Protocol + " | From: " + e.PortRange.From.ToString() + " To: " + e.PortRange.To.ToString(), true);
}
}
}
stack.Resources.Add(n);
}
}
static void ProcessEC2SecurityGroupFromTemplate(dynamic input, CFStack stack)
{
EC2SecurityGroup sg = new EC2SecurityGroup();
sg.LogicalId = input.Name;
sg.Type = "AWS::EC2::SecurityGroup";
var props = input.Value["Properties"];
foreach (var prop in props)
{
//Attempt to deal with values that are calculated using CloudFormation functions like Join.
if (prop.Value.ToString().Contains("Fn::"))
{
prop.Value = "Calulated value";
}
switch ((string)prop.Name)
{
case "GroupDescription":
sg.Properties.GroupDescription = prop.Value.ToString();
break;
case "VpcId":
var a = prop.Value;
sg.Properties.VpcId = a.Value;
break;
case "Tags":
break;
case "SecurityGroupIngress":
var ingressRules = prop.Value;
foreach (var rule in ingressRules)
{
EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress();
//FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
sgi.IpProtocol = FormatProtocol(rule.IpProtocol.ToString());
//-------------------------------------------------------------------
//FormatPortRange - Port range could be 0-0 -1-1 0-65535
string from = "";
string to = "";
FormatPortRange(rule.FromPort.ToString(), rule.ToPort.ToString(), out from, out to);
sgi.FromPort = from;
sgi.ToPort = to;
//-------------------------------------------------------
sgi.CidrIp = rule.CidrIp;
if (rule.SourceSecurityGroupId != null)
{
var Ids = rule.SourceSecurityGroupId;
foreach (var Id in Ids)
{
sgi.SourceSecurityGroupId = Id.Value;
}
}
sg.Properties.SecurityGroupIngress.Add(sgi);
}
break;
}
}
stack.Resources.Add(sg);
}
private void CompareNetworkAcl(NetworkAcl originalResource1, NetworkAcl originalResource2, NetworkAcl copyResource, CFStack copyStack)
{
List <NetworkAclEntry> compareList = copyResource.Properties.NetworkAclEntry;
foreach (NetworkAclEntry x in originalResource1.Properties.NetworkAclEntry)
{
//Note NetworkAclId is always null for AWS stack resource
var y = originalResource2.Properties.NetworkAclEntry.Find(n => n != null && n.RuleNumber == x.RuleNumber && n.RuleAction == x.RuleAction && n.Egress.ToString() == x.Egress.ToString() && n.CidrBlock == x.CidrBlock && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.Protocol == x.Protocol);
if (y == null)
{
if (CompareRemoves == false)
{
var z = copyResource.Properties.NetworkAclEntry.Find(n => n != null && n.RuleNumber == x.RuleNumber && n.RuleAction == x.RuleAction && n.Egress.ToString() == x.Egress.ToString() && n.CidrBlock == x.CidrBlock && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.Protocol == x.Protocol);
if (z != null)
{
z.StateChanged = true;
}
}
}
else
{
if (CompareRemoves == true)
{
var z = copyResource.Properties.NetworkAclEntry.Find(n => n != null && n.RuleNumber == x.RuleNumber && n.RuleAction == x.RuleAction && n.Egress.ToString() == x.Egress.ToString() && n.CidrBlock == x.CidrBlock && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.Protocol == x.Protocol);
if (z != null)
{
compareList.Remove(z);
}
}
}
}
if (copyResource.Properties.NetworkAclEntry.Count() == 0)
{
copyStack.Resources.Remove(copyResource);
}
}
private void CompareSecurityGroups(EC2SecurityGroup originalResource1, EC2SecurityGroup originalResource2, EC2SecurityGroup copyResource, CFStack copyStack)
{
List <EC2SecurityGroupIngress> compareList = copyResource.Properties.SecurityGroupIngress;
foreach (EC2SecurityGroupIngress x in originalResource1.Properties.SecurityGroupIngress)
{
var y = originalResource2.Properties.SecurityGroupIngress.Find(n => n != null && n.CidrIp == x.CidrIp && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.IpProtocol == x.IpProtocol && n.SourceSecurityGroupId == x.SourceSecurityGroupId);
if (y == null)
{
if (CompareRemoves == false)
{
var z = copyResource.Properties.SecurityGroupIngress.Find(n => n != null && n.CidrIp == x.CidrIp && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.IpProtocol == x.IpProtocol && n.SourceSecurityGroupId == x.SourceSecurityGroupId);
if (z != null)
{
z.StateChanged = true;
}
}
}
else
{
if (CompareRemoves == true)
{
var z = copyResource.Properties.SecurityGroupIngress.Find(n => n != null && n.CidrIp == x.CidrIp && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.IpProtocol == x.IpProtocol && n.SourceSecurityGroupId == x.SourceSecurityGroupId);
if (z != null)
{
copyResource.Properties.SecurityGroupIngress.Remove(z);
}
}
}
}
if (copyResource.Properties.SecurityGroupIngress.Count() == 0)
{
copyStack.Resources.Remove(copyResource);
}
}
private void Go_Window1()
{
if (inputsAreValid(source1_CB, profile1_CB, templateOrStack1_TB, validation1_LB))
{
AmazonCloudFormationClient CFclient = null;
AmazonEC2Client EC2client = null;
StackOriginal1 = new CFStack();
StackCopy1 = new CFStack();
try
{
profileName1 = profile1_CB.Text;
if (validateTemplate_CB.Checked || source1_CB.Text == "AWS")
{
var creds = new StoredProfileAWSCredentials(profileName1);
CFclient = new AmazonCloudFormationClient(creds);
EC2client = new AmazonEC2Client(creds);
}
switch (source1_CB.Text)
{
case "Template":
templatePath1 = templateOrStack1_TB.Text.Trim();
using (StreamReader sr = new StreamReader(templatePath1))
{
jasonString1 = sr.ReadToEnd();
if (validateTemplate_CB.Checked)
{
if (validateTemplate(jasonString1, CFclient))
{
ProcessTemplate(jasonString1, richTextBox1, templatePath1, StackOriginal1);
}
}
else
{
ProcessTemplate(jasonString1, richTextBox1, templatePath1, StackOriginal1);
}
}
break;
case "AWS":
stackName1 = templateOrStack1_TB.Text.Trim();
ProcessLiveStack(stackName1, CFclient, EC2client, richTextBox1, StackOriginal1);
break;
}
profileName1 = profile1_CB.Text.Trim();
}
catch (Exception ex)
{
richTextBox1.Text = ex.Message + Environment.NewLine + ex.StackTrace;
}
finally
{
if (CFclient != null)
{
CFclient.Dispose();
}
if (EC2client != null)
{
EC2client.Dispose();
}
}
}
}