public SessionAWSCredentials GetSamlRoleCredentails(string samlAssertion, string awsRole) { string[] role = awsRole.Split(','); AssumeRoleWithSAMLRequest samlRequest = new AssumeRoleWithSAMLRequest(); samlRequest.SAMLAssertion = samlAssertion; samlRequest.RoleArn = role[1]; samlRequest.PrincipalArn = role[0]; samlRequest.DurationSeconds = 3600; AmazonSecurityTokenServiceClient sts; AssumeRoleWithSAMLResponse samlResponse; try { sts = new AmazonSecurityTokenServiceClient(); samlResponse = sts.AssumeRoleWithSAML(samlRequest); } catch { sts = new AmazonSecurityTokenServiceClient("a", "b", "c"); samlResponse = sts.AssumeRoleWithSAML(samlRequest); } SessionAWSCredentials sessionCredentials = new SessionAWSCredentials( samlResponse.Credentials.AccessKeyId, samlResponse.Credentials.SecretAccessKey, samlResponse.Credentials.SessionToken); return(sessionCredentials); }
public static async Task <SessionAWSCredentials> GetTemporaryFederatedCredentialsAsync(string bucketName) { var config = new AmazonSecurityTokenServiceConfig(); var stsClient = new AmazonSecurityTokenServiceClient(config); var federationTokenRequest = new GetFederationTokenRequest(); federationTokenRequest.DurationSeconds = 7200; federationTokenRequest.Name = "User1"; federationTokenRequest.Policy = @"{ ""Statement"": [ { ""Sid"":""Stmt1311212314284"", ""Action"":[""s3:ListBucket""], ""Effect"":""Allow"", ""Resource"":""arn:aws:s3:::" + bucketName + @""" } ] } "; GetFederationTokenResponse federationTokenResponse = await stsClient.GetFederationTokenAsync(federationTokenRequest); Credentials credentials = federationTokenResponse.Credentials; var sessionCredentials = new SessionAWSCredentials( credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken); return(sessionCredentials); }
public async Task CreateWithRoleArn_CreatesClientWithCredentials() { var roleArn = "test arn"; var instance = CreateInstance(); var credentials = new SessionAWSCredentials("key", "secret", "token"); StsClient.AssumeRoleAsync(Arg.Any <AssumeRoleRequest>()).Returns(new AssumeRoleResponse { Credentials = new Credentials { AccessKeyId = credentials.GetCredentials().AccessKey, SecretAccessKey = credentials.GetCredentials().SecretKey, SessionToken = credentials.GetCredentials().Token, } }); var result = await instance.Create(roleArn); await StsFactory.Received().Create(); await StsClient.Received().AssumeRoleAsync( Arg.Is <AssumeRoleRequest>(req => req.RoleArn == roleArn && req.RoleSessionName != null) ); TestUtils.AssertClientHasCredentials((AmazonServiceClient)result, credentials); }
public void SignRequest_should_apply_signature_to_request_right_culture() { Thread.CurrentThread.CurrentCulture = new CultureInfo("th"); var creds = new SessionAWSCredentials("ExampleKey", "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY", "token1") .GetCredentials(); SignV4Util.SignRequest(_sampleRequest, _sampleBody, creds, "us-east-1", "iam"); var amzDateValue = _sampleRequest.Headers.XAmzDate; Assert.False(String.IsNullOrEmpty(amzDateValue)); var amzDates = amzDateValue.Split(','); Assert.AreEqual(2, amzDates.Length); Assert.True(amzDates[1].StartsWith(DateTime.UtcNow.Year.ToString())); Trace.WriteLine("X-Amz-Date: " + amzDateValue); var auth = _sampleRequest.Headers.Authorization; Assert.False(String.IsNullOrEmpty(auth)); Trace.WriteLine("Authorize: " + auth); var token = _sampleRequest.Headers.XAmzSecurityToken; Assert.False(String.IsNullOrEmpty(token)); Trace.WriteLine("Token: " + token); }
internal async Task <string> PutPreFillData <T>(T preFillData, PreFillMeta preFillMeta) { RegionEndpoint regionEndpoint = RegionEndpoint.GetBySystemName(preFillMeta.s3.region); SessionAWSCredentials sessionAWSCredentials = new SessionAWSCredentials( preFillMeta.credentials.AccessKeyId, preFillMeta.credentials.SecretAccessKey, preFillMeta.credentials.SessionToken ); AmazonS3Client amazonS3Client = new AmazonS3Client(sessionAWSCredentials, regionEndpoint); PutObjectRequest request = new PutObjectRequest { BucketName = preFillMeta.s3.bucket, Key = preFillMeta.s3.key, ContentBody = JsonConvert.SerializeObject(preFillData), ContentType = "application/json", CannedACL = S3CannedACL.Private, ServerSideEncryptionMethod = ServerSideEncryptionMethod.AES256, }; await amazonS3Client.PutObjectAsync(request); return(preFillMeta.preFillFormDataId); }
private void CreateClient() { if (this.service.StartsWith("http://", StringComparison.OrdinalIgnoreCase) || this.service.StartsWith("https://", StringComparison.OrdinalIgnoreCase)) { // Local DynamoDB instance (for testing) var credentials = new BasicAWSCredentials("dummy", "dummyKey"); this.ddbClient = new AmazonDynamoDBClient(credentials, new AmazonDynamoDBConfig { ServiceURL = this.service }); } else if (!string.IsNullOrEmpty(this.accessKey) && !string.IsNullOrEmpty(this.secretKey) && !string.IsNullOrEmpty(this.token)) { // AWS DynamoDB instance (auth via explicit credentials and token) var credentials = new SessionAWSCredentials(this.accessKey, this.secretKey, this.token); this.ddbClient = new AmazonDynamoDBClient(credentials, new AmazonDynamoDBConfig { RegionEndpoint = AWSUtils.GetRegionEndpoint(this.service) }); } else if (!string.IsNullOrEmpty(this.accessKey) && !string.IsNullOrEmpty(this.secretKey)) { // AWS DynamoDB instance (auth via explicit credentials) var credentials = new BasicAWSCredentials(this.accessKey, this.secretKey); this.ddbClient = new AmazonDynamoDBClient(credentials, new AmazonDynamoDBConfig { RegionEndpoint = AWSUtils.GetRegionEndpoint(this.service) }); } else { // AWS DynamoDB instance (implicit auth - EC2 IAM Roles etc) this.ddbClient = new AmazonDynamoDBClient(new AmazonDynamoDBConfig { RegionEndpoint = AWSUtils.GetRegionEndpoint(this.service) }); } }
public FilesRepository(IAmazonS3 s3Client, IOptions <SessionAwsCredentialsOptions> sessionAwsCredentialsOptions) { var env = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT"); _sessionAwsCredentialsOptions = sessionAwsCredentialsOptions.Value; if (env.Contains("Local")) { // TODO: we must improve this client initialization, this code commented is just to test in the local environment. create a temporal session to test locally, use SSO temporal keys, update these keys in app settings SessionAWSCredentials tempCredentials = new SessionAWSCredentials(_sessionAwsCredentialsOptions.AwsAccessKeyId, _sessionAwsCredentialsOptions.AwsSecretAccessKey, _sessionAwsCredentialsOptions.Token); _s3Client = new AmazonS3Client(tempCredentials, RegionEndpoint.APSoutheast1); } else { // TODO: example using IAM keys // IAM //var credentials = new BasicAWSCredentials(_sessionAwsCredentialsOptions.AwsAccessKeyId, _sessionAwsCredentialsOptions.AwsSecretAccessKey); //_s3Client = new AmazonS3Client(RegionEndpoint.APSoutheast1); // TODO: using IAM role, deployed to development, staging or production _s3Client = s3Client; } }
/// <summary> /// Lists the objects in an Amazon S3 bucket using temporary federated /// credentials. /// </summary> /// <param name="bucketRegion">The AWS Region where the S3 bucket is /// located.</param> /// <param name="bucketName">The name of the S3 bucket whose objects we /// will list.</param> public static async Task ListObjectsAsync(RegionEndpoint bucketRegion, string bucketName) { try { Console.WriteLine("Listing objects stored in a bucket"); // Credentials use the default AWS SDK for .NET credential search chain. // On local development machines, this is your default profile. SessionAWSCredentials tempCredentials = await GetTemporaryFederatedCredentialsAsync(bucketName); // Create a client by providing temporary security credentials. using var client = new AmazonS3Client(bucketRegion); ListObjectsRequest listObjectRequest = new (); listObjectRequest.BucketName = bucketName; ListObjectsResponse response = await client.ListObjectsAsync(listObjectRequest); List <S3Object> objects = response.S3Objects; Console.WriteLine($"Object count = {objects.Count}", objects.Count); Console.WriteLine("Press any key to continue..."); Console.ReadKey(); } catch (AmazonS3Exception e) { Console.WriteLine($"Error: {e.Message}"); } }
/// <summary> /// Uses temporary credentials to list the objects in an Amazon S3 /// bucket. /// </summary> /// <param name="credentials">Temporary AWS Credentials.</param> /// <param name="bucketRegion">The Region where the bucket is located.</param> /// <param name="bucketName">The name of the bucket to access.</param> public static async Task ListObjectsAsync(SessionAWSCredentials credentials, RegionEndpoint bucketRegion, string bucketName) { try { // Credentials use the default AWS SDK for .NET credential search chain. // On local development machines, this is your default profile. Console.WriteLine("Listing objects stored in a bucket"); // Create a client by providing temporary security credentials. using var client = new AmazonS3Client(credentials, bucketRegion); var listObjectRequest = new ListObjectsRequest { BucketName = bucketName, }; // Send request to Amazon S3. ListObjectsResponse response = await client.ListObjectsAsync(listObjectRequest); List <S3Object> objects = response.S3Objects; Console.WriteLine("Object count = {0}", objects.Count); } catch (AmazonS3Exception s3Exception) { Console.WriteLine(s3Exception.Message, s3Exception.InnerException); } catch (AmazonSecurityTokenServiceException stsException) { Console.WriteLine(stsException.Message, stsException.InnerException); } }
public AWSCredentials GetCredential() { AWSCredentials credentials = null; if (Profile.IsNotNullOrEmpty()) { credentials = GetCredentialsFromProfile(); } else { if (AccessKey.IsNotNullOrEmpty() || SecretKey.IsNotNullOrEmpty()) { if (SessionToken.IsNullOrEmpty()) { credentials = new BasicAWSCredentials(AccessKey, SecretKey); } else { credentials = new SessionAWSCredentials(AccessKey, SecretKey, SessionToken); } } } if (RoleArn.IsNotNullOrEmpty()) { credentials = AssumeRole(credentials); } return(credentials); }
private static async Task ListObjectsAsync() { try { Console.WriteLine("Listing objects stored in a bucket"); // Credentials use the default AWS SDK for .NET credential search chain. // On local development machines, this is your default profile. SessionAWSCredentials tempCredentials = await GetTemporaryFederatedCredentialsAsync(); // Create a client by providing temporary security credentials. using (client = new AmazonS3Client(bucketRegion)) { ListObjectsRequest listObjectRequest = new ListObjectsRequest(); listObjectRequest.BucketName = bucketName; ListObjectsResponse response = await client.ListObjectsAsync(listObjectRequest); List <S3Object> objects = response.S3Objects; Console.WriteLine("Object count = {0}", objects.Count); Console.WriteLine("Press any key to continue..."); Console.ReadKey(); } } catch (AmazonS3Exception e) { Console.WriteLine("Error encountered ***. Message:'{0}' when writing an object", e.Message); } catch (Exception e) { Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message); } }
public static AmazonS3Client GetApi(AccountConfiguration account) { AWSCredentials credentials; if (account.AdditionalSettings != null && account.AdditionalSettings.ContainsKey("UseSessionToken") && Convert.ToBoolean(account.AdditionalSettings["UseSessionToken"]) == true && account.AdditionalSettings.ContainsKey("SessionToken")) { credentials = new SessionAWSCredentials(account.Id, account.Secret, account.AdditionalSettings["SessionToken"]); } else { credentials = new BasicAWSCredentials(account.Id, account.Secret); } var region = RegionEndpoint.USWest1; if (account.AdditionalSettings != null && account.AdditionalSettings.ContainsKey("AWSRegion")) { var regionName = account.AdditionalSettings["AWSRegion"]; region = RegionEndpoint.GetBySystemName(regionName); } var api = GetApi(credentials, region); return(api); }
public async Task UploadFileToS3Async(S3Credentials sc, IFormFile f) { RegionEndpoint bucketRegion = RegionEndpoint.USEast1; var sessionCredentials = new SessionAWSCredentials(sc.AccessKeyId, sc.SecretAccessKey, sc.SessionToken); IAmazonS3 s3Client = new AmazonS3Client(sessionCredentials, bucketRegion); try { var fileTransferUtility = new TransferUtility(s3Client); await fileTransferUtility.UploadAsync(f.OpenReadStream(), sc.Bucket, sc.Key); Console.WriteLine("Upload 3 completed"); } catch (AmazonS3Exception e) { Console.WriteLine("Error encountered on server. Message:'{0}' when writing an object", e.Message); } catch (Exception e) { Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message); } }
private async Task <FormSubmission <T> > GetFormSubmission <T>(FormSubmissionRetrievalConfiguration formRetrievalData) { if (formRetrievalData == null || formRetrievalData.s3 == null || formRetrievalData.credentials == null) { throw new Exception("Could not create credentials to retrieve form submission data"); } RegionEndpoint regionEndpoint = RegionEndpoint.GetBySystemName(formRetrievalData.s3.region); SessionAWSCredentials sessionAWSCredentials = new SessionAWSCredentials( formRetrievalData.credentials.AccessKeyId, formRetrievalData.credentials.SecretAccessKey, formRetrievalData.credentials.SessionToken ); AmazonS3Client amazonS3Client = new AmazonS3Client(sessionAWSCredentials, regionEndpoint); string responseBody = ""; using (GetObjectResponse response = await amazonS3Client.GetObjectAsync(formRetrievalData.s3.bucket, formRetrievalData.s3.key, null)) using (Stream responseStream = response.ResponseStream) using (StreamReader reader = new StreamReader(responseStream)) { responseBody = reader.ReadToEnd(); } return(JsonConvert.DeserializeObject <FormSubmission <T> >(responseBody)); }
public async Task <List <S3Object> > GetAllObjectFromS3(string bucketName) { try { SessionAWSCredentials tempCredentials = _sessionCredential; // Create client by providing temporary security credentials. using (client = new AmazonS3Client(tempCredentials, Amazon.RegionEndpoint.APSoutheast2)) { ListObjectsRequest listObjectRequest = new ListObjectsRequest { BucketName = bucketName }; // Send request to Amazon S3. ListObjectsResponse response = await client.ListObjectsAsync(listObjectRequest); List <S3Object> objects = response.S3Objects; return(objects); } } catch (AmazonS3Exception s3Exception) { Console.WriteLine(s3Exception.Message, s3Exception.InnerException); } catch (AmazonSecurityTokenServiceException stsException) { Console.WriteLine(stsException.Message, stsException.InnerException); } throw new Exception("Can not list object from Amazone S3 Bucket"); }
async static Task <List <SendDataPoint> > GetSesStatsForAccount(string Account) { string strRoleARN = "arn:aws:iam::" + Account + ":role/" + AssumedRoleName; Amazon.SecurityToken.AmazonSecurityTokenServiceClient stsClient = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(); var assumeRoleResponse = await stsClient.AssumeRoleAsync(new Amazon.SecurityToken.Model.AssumeRoleRequest { RoleArn = strRoleARN, RoleSessionName = "TempSession" }); SessionAWSCredentials sessionCredentials = new SessionAWSCredentials(assumeRoleResponse.Credentials.AccessKeyId, assumeRoleResponse.Credentials.SecretAccessKey, assumeRoleResponse.Credentials.SessionToken); var regions = new Amazon.RegionEndpoint[] { Amazon.RegionEndpoint.USEast1, Amazon.RegionEndpoint.USWest2, Amazon.RegionEndpoint.EUWest1 }; List <SendDataPoint> lst = new List <SendDataPoint>(); foreach (var region in regions) { Console.WriteLine($"Checking {region.ToString()} for account {Account}"); AmazonSimpleEmailServiceClient sesClient = new AmazonSimpleEmailServiceClient(sessionCredentials, region); var response = await sesClient.GetSendStatisticsAsync(); lst.AddRange(response.SendDataPoints); } return(lst); }
public void TestAssumeRole() { var clientId = Guid.NewGuid(); var roleArn = _role.Arn; const string sessionName = "NetUser"; // sleep for IAM data to propagate Thread.Sleep(TimeSpan.FromSeconds(10)); var sts = new AmazonSecurityTokenServiceClient(_userCredentials); Thread.Sleep(TimeSpan.FromSeconds(60)); var result = sts.AssumeRole(new AssumeRoleRequest { RoleArn = roleArn, RoleSessionName = sessionName, DurationSeconds = 3600, ExternalId = clientId.ToString() }); var credentials = result.Credentials; var sessionCredentials = new SessionAWSCredentials(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken); var client = new AmazonIdentityManagementServiceClient(sessionCredentials); var response = client.ListRoles(); Assert.IsNotNull(response); client = new AmazonIdentityManagementServiceClient(credentials); response = client.ListRoles(); Assert.IsNotNull(response); }
private async Task EC2Instance(AssetScanCompletedEvent request) { IAmazonSecurityTokenService STSClient = new AmazonSecurityTokenServiceClient("AKIAXMJHA33LOQPJKCXO", "t1EvatLh4zIl7cBNyGR8rEE2k1vgKOiiDu6wg8IT", RegionEndpoint.USEast2); using (var client = STSClient) { GetSessionTokenRequest getSessionTokenRequest = new GetSessionTokenRequest() { DurationSeconds = 900 }; GetSessionTokenResponse tokenResponse = await client.GetSessionTokenAsync(getSessionTokenRequest); //Console.WriteLine("SecretAccessKey: "+tokenResponse.Credentials.SecretAccessKey+" \n AccessKeyId: "+tokenResponse.Credentials.AccessKeyId+"\n SessionToken: "+tokenResponse.Credentials.SessionToken+" \n Expiration: "+tokenResponse.Credentials.Expiration); var response = STSClient.AssumeRoleAsync(new AssumeRoleRequest { RoleArn = "arn:aws:iam::507424857814:role/DemoEC2", RoleSessionName = "EC2User", DurationSeconds = 900 }); var tempCredentials = new SessionAWSCredentials ( response.Result.Credentials.AccessKeyId, response.Result.Credentials.SecretAccessKey, response.Result.Credentials.SessionToken ); // var test= new BasicAWSCredentials("AKIAXMJHA33LOQPJKCXO","t1EvatLh4zIl7cBNyGR8rEE2k1vgKOiiDu6wg8IT"); //Console.WriteLine("SecretAccessKey: " + response.Result.Credentials.SecretAccessKey + " \n AccessKey: " + response.Result.Credentials.AccessKeyId + " \n SessionToken: " + response.Result.Credentials.SessionToken + " \n Expiration: " + response.Result.Credentials.Expiration); //await Task.Delay(900500); //Console.WriteLine("Afetr 15 minute ......."); IAmazonEC2 ec2 = new AmazonEC2Client(tempCredentials, Amazon.RegionEndpoint.USEast2); //Amazon.Util.EC2InstanceMetadata.Hostname; // list of Instance var result = await ec2.DescribeInstancesAsync(); // Console.WriteLine("\n List of Instance"); foreach (var reservation in result.Reservations) { foreach (var instance in reservation.Instances) { _logger.LogInformation("EC2 for instance ID {0} {1} {2}", request.ScanID, instance.InstanceId, instance.InstanceType); //Console.WriteLine(instance.InstanceId); } } //Console.WriteLine("\n Get by InstanceID"); //var response2 = ec2.DescribeInstancesAsync(new DescribeInstancesRequest //{ // InstanceIds = new List<string> // { // "i-0e76148b03298009a" // } //}); //Console.WriteLine(response2.Result.HttpStatusCode); } }
public AWSStepFunctionsAPI(SessionAWSCredentials sessionAWSCredentials) { this.sessionAWSCredentials = sessionAWSCredentials; var credentials = sessionAWSCredentials.GetCredentials(); basicAWSCredentials = new BasicAWSCredentials(credentials.AccessKey, credentials.SecretKey); amazonStepFunctionsClient = new AmazonStepFunctionsClient(sessionAWSCredentials); }
public AWSLambdaAPI(SessionAWSCredentials sessionAWSCredentials) { this.sessionAWSCredentials = sessionAWSCredentials; var credentials = sessionAWSCredentials.GetCredentials(); basicAWSCredentials = new BasicAWSCredentials(credentials.AccessKey, credentials.SecretKey); amazonLambdaClient = new AmazonLambdaClient(sessionAWSCredentials); }
/// <summary> /// provide support for resolving AthenaAPI from AWS environment /// </summary> /// <param name="sessionAWSCredentials"></param> public AWSAthenaAPI(SessionAWSCredentials sessionAWSCredentials) { this.sessionAWSCredentials = sessionAWSCredentials; var credentials = sessionAWSCredentials.GetCredentials(); basicAWSCredentials = new BasicAWSCredentials(credentials.AccessKey, credentials.SecretKey); amazonAthenaClient = new AmazonAthenaClient(sessionAWSCredentials); DefaultOutputLocation = Environment.GetEnvironmentVariable("AWSAthenaDefaultOutputLocation"); }
protected virtual IAwsClientFactory CreateClientFactory() { var credentials = new SessionAWSCredentials(AccessKeyId, SecretAccessKey, SessionToken); return(new DefaultAwsClientFactory(credentials) { ServiceUri = ServiceUri }); }
private async Task TestConnection() { if (this.TestResult != null) { return; } m_lblTestResult.Visible = true; if (string.IsNullOrEmpty(this.AccessKey) || string.IsNullOrEmpty(this.SecretKey)) { m_lblTestResult.Text = "Please enter Access Key and Secret Key"; return; } if (m_chkUseSessionToken.Checked == true && string.IsNullOrEmpty(this.SessionToken)) { m_lblTestResult.Text = "Please enter Session Token"; return; } this.Enabled = false; m_lblTestResult.Text = "Testing Connection..."; this.TestResult = null; AWSCredentials credentials; if (m_chkUseSessionToken.Checked == false) { credentials = new BasicAWSCredentials(this.AccessKey, this.SecretKey); } else { credentials = new SessionAWSCredentials(this.AccessKey, this.SecretKey, this.SessionToken); } try { using (var api = AmazonS3Helper.GetApi(credentials, this.AWSRegion)) { var buckets = await api.ListBucketsAsync(); m_lblTestResult.Text = "Connection succeeded."; this.TestResult = true; } } catch (Exception ex) { m_lblTestResult.Text = "Connection failed!"; this.TestResult = false; } finally { this.Enabled = true; } }
public RavenAwsGlacierClient(GlacierSettings glacierSettings, Config.Categories.BackupConfiguration configuration, Progress progress = null, CancellationToken cancellationToken = default) { if (glacierSettings == null) { throw new ArgumentNullException(nameof(glacierSettings)); } if (configuration == null) { throw new ArgumentNullException(nameof(configuration)); } if (string.IsNullOrWhiteSpace(glacierSettings.AwsAccessKey)) { throw new ArgumentException("AWS Access Key cannot be null or empty"); } if (string.IsNullOrWhiteSpace(glacierSettings.AwsSecretKey)) { throw new ArgumentException("AWS Secret Key cannot be null or empty"); } if (string.IsNullOrWhiteSpace(glacierSettings.VaultName)) { throw new ArgumentException("AWS Vault Name cannot be null or empty"); } if (string.IsNullOrWhiteSpace(glacierSettings.AwsRegionName)) { throw new ArgumentException("AWS Region Name cannot be null or empty"); } var region = RegionEndpoint.GetBySystemName(glacierSettings.AwsRegionName); AWSCredentials credentials; if (string.IsNullOrWhiteSpace(glacierSettings.AwsSessionToken)) { credentials = new BasicAWSCredentials(glacierSettings.AwsAccessKey, glacierSettings.AwsSecretKey); } else { credentials = new SessionAWSCredentials(glacierSettings.AwsAccessKey, glacierSettings.AwsSecretKey, glacierSettings.AwsSessionToken); } _client = new AmazonGlacierClient(credentials, new AmazonGlacierConfig { RegionEndpoint = region, Timeout = configuration.CloudStorageOperationTimeout.AsTimeSpan }); _region = glacierSettings.AwsRegionName; _vaultName = glacierSettings.VaultName; _progress = progress; _cancellationToken = cancellationToken; }
private void CreateClient() { if (this.service.StartsWith("http://", StringComparison.OrdinalIgnoreCase) || this.service.StartsWith("https://", StringComparison.OrdinalIgnoreCase)) { // Local DynamoDB instance (for testing) var credentials = new BasicAWSCredentials("dummy", "dummyKey"); this.ddbClient = new AmazonDynamoDBClient(credentials, new AmazonDynamoDBConfig { ServiceURL = this.service }); } else if (!string.IsNullOrEmpty(this.accessKey) && !string.IsNullOrEmpty(this.secretKey) && !string.IsNullOrEmpty(this.token)) { // AWS DynamoDB instance (auth via explicit credentials and token) var credentials = new SessionAWSCredentials(this.accessKey, this.secretKey, this.token); this.ddbClient = new AmazonDynamoDBClient(credentials, new AmazonDynamoDBConfig { RegionEndpoint = AWSUtils.GetRegionEndpoint(this.service) }); } else if (!string.IsNullOrEmpty(this.accessKey) && !string.IsNullOrEmpty(this.secretKey)) { // AWS DynamoDB instance (auth via explicit credentials) var credentials = new BasicAWSCredentials(this.accessKey, this.secretKey); this.ddbClient = new AmazonDynamoDBClient(credentials, new AmazonDynamoDBConfig { RegionEndpoint = AWSUtils.GetRegionEndpoint(this.service) }); } else if (!string.IsNullOrEmpty(this.profileName)) { // AWS DynamoDB instance (auth via explicit credentials and token found in a named profile) var chain = new CredentialProfileStoreChain(); if (chain.TryGetAWSCredentials(this.profileName, out var credentials)) { this.ddbClient = new AmazonDynamoDBClient( credentials, new AmazonDynamoDBConfig { RegionEndpoint = AWSUtils.GetRegionEndpoint(this.service) }); } else { throw new InvalidOperationException( $"AWS named profile '{this.profileName}' provided, but credentials could not be retrieved"); } } else { // AWS DynamoDB instance (implicit auth - EC2 IAM Roles etc) this.ddbClient = new AmazonDynamoDBClient(new AmazonDynamoDBConfig { RegionEndpoint = AWSUtils.GetRegionEndpoint(this.service) }); } }
virtual public AmazonS3Client AppMode_CreateS3Client(Credentials credentials, RegionEndpoint regionEndpoint) { AmazonS3Client s3Client; var sessionCredentials = new SessionAWSCredentials( credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken); s3Client = new AmazonS3Client(sessionCredentials, regionEndpoint); return(s3Client); }
protected virtual async Task <SessionAWSCredentials> GetTemporaryFederatedCredentialsAsync( AwsBlobProviderConfiguration configuration) { Check.NotNullOrWhiteSpace(configuration.Name, nameof(configuration.Name)); Check.NotNullOrWhiteSpace(configuration.Policy, nameof(configuration.Policy)); var temporaryCredentialsCache = await Cache.GetAsync(configuration.TemporaryCredentialsCacheKey); if (temporaryCredentialsCache == null) { AmazonSecurityTokenServiceClient stsClient; if (!configuration.AccessKeyId.IsNullOrEmpty() && !configuration.SecretAccessKey.IsNullOrEmpty()) { stsClient = new AmazonSecurityTokenServiceClient(configuration.AccessKeyId, configuration.SecretAccessKey); } else { var awsCredentials = GetAwsCredentials(configuration); stsClient = awsCredentials == null ? new AmazonSecurityTokenServiceClient() : new AmazonSecurityTokenServiceClient(awsCredentials); } using (stsClient) { var federationTokenRequest = new GetFederationTokenRequest { DurationSeconds = configuration.DurationSeconds, Name = configuration.Name, Policy = configuration.Policy }; var federationTokenResponse = await stsClient.GetFederationTokenAsync(federationTokenRequest); var credentials = federationTokenResponse.Credentials; temporaryCredentialsCache = await SetTemporaryCredentialsCache(configuration, credentials); } } var sessionCredentials = new SessionAWSCredentials( StringEncryptionService.Decrypt(temporaryCredentialsCache.AccessKeyId), StringEncryptionService.Decrypt(temporaryCredentialsCache.SecretAccessKey), StringEncryptionService.Decrypt(temporaryCredentialsCache.SessionToken)); return(sessionCredentials); }
virtual public bool AppMode_TestSnsAccess(RegionEndpoint regionEndpoint, SessionAWSCredentials credentials) { try { var snsClient = new AmazonSimpleNotificationServiceClient(credentials, regionEndpoint); snsClient.ListTopics(new ListTopicsRequest()); return(true); } catch { return(false); } }
virtual public bool AppMode_TestSqsAccess(RegionEndpoint regionEndpoint, SessionAWSCredentials credentials) { try { var sqsClient = new AmazonSQSClient(credentials, regionEndpoint); sqsClient.ListQueues(new ListQueuesRequest()); return(true); } catch { return(false); } }
virtual public bool AppMode_TestIamAccess(RegionEndpoint regionEndpoint, SessionAWSCredentials credentials) { try { var iamClient = new AmazonIdentityManagementServiceClient(credentials, regionEndpoint); iamClient.ListUsers(new ListUsersRequest()); return(true); } catch { return(false); } }