/// <summary>
/// The AuthorizeSecurityGroupIngress operation adds permissions to a security
/// group.
/// Permissions are specified by the IP protocol (TCP, UDP or ICMP), the source of
/// the request (by IP range or an Amazon EC2 user-group pair), the source and
/// destination port ranges (for TCP and UDP), and the ICMP codes and types (for
/// ICMP). When authorizing ICMP, -1 can be used as a wildcard in the type and code
/// fields.
/// Permission changes are propagated to instances within the security group as
/// quickly as possible. However, depending on the number of instances, a small
/// delay might occur.
/// When authorizing a user/group pair permission, GroupName,
/// SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When
/// authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and
/// CidrIp must be specified. Mixing these two types of parameters is not allowed.
///
/// </summary>
/// <param name="service">Instance of AmazonEC2 service</param>
/// <param name="request">AuthorizeSecurityGroupIngressRequest request</param>
public static void InvokeAuthorizeSecurityGroupIngress(AmazonEC2 service, AuthorizeSecurityGroupIngressRequest request)
{
try
{
AuthorizeSecurityGroupIngressResponse response = service.AuthorizeSecurityGroupIngress(request);
Console.WriteLine ("Service Response");
Console.WriteLine ("=============================================================================");
Console.WriteLine ();
Console.WriteLine(" AuthorizeSecurityGroupIngressResponse");
if (response.IsSetResponseMetadata())
{
Console.WriteLine(" ResponseMetadata");
ResponseMetadata responseMetadata = response.ResponseMetadata;
if (responseMetadata.IsSetRequestId())
{
Console.WriteLine(" RequestId");
Console.WriteLine(" {0}", responseMetadata.RequestId);
}
}
}
catch (AmazonEC2Exception ex)
{
Console.WriteLine("Caught Exception: " + ex.Message);
Console.WriteLine("Response Status Code: " + ex.StatusCode);
Console.WriteLine("Error Code: " + ex.ErrorCode);
Console.WriteLine("Error Type: " + ex.ErrorType);
Console.WriteLine("Request ID: " + ex.RequestId);
Console.WriteLine("XML: " + ex.XML);
}
}
private async Task AddInboundRules(String groupId)
{
var request = new AuthorizeSecurityGroupIngressRequest
{
GroupId = groupId,
IpPermissions =
{
new IpPermission { FromPort = -1, IpProtocol = "-1" }
}
};
await _client.AuthorizeSecurityGroupIngressAsync(request);
}
public object Execute(ExecutorContext context)
{
var cmdletContext = context as CmdletContext;
// create request
var request = new Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest();
if (cmdletContext.GroupId != null)
{
request.GroupId = cmdletContext.GroupId;
}
if (cmdletContext.GroupName != null)
{
request.GroupName = cmdletContext.GroupName;
}
if (cmdletContext.IpPermission != null)
{
request.IpPermissions = cmdletContext.IpPermission;
}
if (cmdletContext.TagSpecification != null)
{
request.TagSpecifications = cmdletContext.TagSpecification;
}
CmdletOutput output;
// issue call
var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint);
try
{
var response = CallAWSServiceOperation(client, request);
object pipelineOutput = null;
pipelineOutput = cmdletContext.Select(response, this);
output = new CmdletOutput
{
PipelineOutput = pipelineOutput,
ServiceResponse = response
};
}
catch (Exception e)
{
output = new CmdletOutput {
ErrorResponse = e
};
}
return(output);
}
/// <summary>
/// <para>Adds one or more ingress rules to a security group.</para> <para><b>IMPORTANT:</b> EC2-Classic: You can have up to 100 rules per
/// group. EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules). </para> <para>Rule changes are propagated to
/// instances within the security group as quickly as possible. However, a small delay might occur.</para> <para>[EC2-Classic] This action gives
/// one or more CIDR IP address ranges permission to access a security group in your account, or gives one or more security groups (called the
/// <i>source groups</i> ) permission to access a security group for your account. A source group can be for your own AWS account, or
/// another.</para> <para>[EC2-VPC] This action gives one or more CIDR IP address ranges permission to access a security group in your VPC, or
/// gives one or more other security groups (called the <i>source groups</i> ) permission to access a security group for your VPC. The security
/// groups must all be for the same VPC.</para>
/// </summary>
///
/// <param name="authorizeSecurityGroupIngressRequest">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress
/// service method on AmazonEC2.</param>
///
public AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest)
{
IAsyncResult asyncResult = invokeAuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest, null, null, true);
return EndAuthorizeSecurityGroupIngress(asyncResult);
}
IAsyncResult invokeAuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest, AsyncCallback callback, object state, bool synchronized)
{
IRequest irequest = new AuthorizeSecurityGroupIngressRequestMarshaller().Marshall(authorizeSecurityGroupIngressRequest);
var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.GetInstance();
AsyncResult result = new AsyncResult(irequest, callback, state, synchronized, signer, unmarshaller);
Invoke(result);
return result;
}
private Amazon.EC2.Model.AuthorizeSecurityGroupIngressResponse CallAWSServiceOperation(IAmazonEC2 client, Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "Amazon Elastic Compute Cloud (EC2)", "AuthorizeSecurityGroupIngress");
try
{
#if DESKTOP
return(client.AuthorizeSecurityGroupIngress(request));
#elif CORECLR
return(client.AuthorizeSecurityGroupIngressAsync(request).GetAwaiter().GetResult());
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
/// <summary>
/// <para>Adds one or more ingress rules to a security group.</para> <para><b>IMPORTANT:</b> EC2-Classic: You can have up to 100 rules per
/// group. EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules). </para> <para>Rule changes are propagated to
/// instances within the security group as quickly as possible. However, a small delay might occur.</para> <para>[EC2-Classic] This action gives
/// one or more CIDR IP address ranges permission to access a security group in your account, or gives one or more security groups (called the
/// <i>source groups</i> ) permission to access a security group for your account. A source group can be for your own AWS account, or
/// another.</para> <para>[EC2-VPC] This action gives one or more CIDR IP address ranges permission to access a security group in your VPC, or
/// gives one or more other security groups (called the <i>source groups</i> ) permission to access a security group for your VPC. The security
/// groups must all be for the same VPC.</para>
/// </summary>
///
/// <param name="authorizeSecurityGroupIngressRequest">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress
/// service method on AmazonEC2.</param>
/// <param name="cancellationToken">
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
/// </param>
public Task<AuthorizeSecurityGroupIngressResponse> AuthorizeSecurityGroupIngressAsync(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest, CancellationToken cancellationToken = default(CancellationToken))
{
var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller();
var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.GetInstance();
return Invoke<IRequest, AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResponse>(authorizeSecurityGroupIngressRequest, marshaller, unmarshaller, signer, cancellationToken);
}
internal AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request)
{
var task = AuthorizeSecurityGroupIngressAsync(request);
try
{
return task.Result;
}
catch(AggregateException e)
{
ExceptionDispatchInfo.Capture(e.InnerException).Throw();
return null;
}
}
public async Task AuthorizeIngressAsync(IEnumerable<PortRangeDescription> portRanges)
{
if (portRanges.Count() == 0)
return;
this.Logger.Log("Allowing inbound access on {0}", string.Join(", ", portRanges));
var ingressRequest = new AuthorizeSecurityGroupIngressRequest()
{
GroupName = this.SecurityGroupName,
IpPermissions = portRanges.Select(x => new IpPermission()
{
IpProtocol = x.Proto,
FromPort = x.FromPort,
ToPort = x.ToPort,
IpRanges = new List<string>() { "0.0.0.0/0" },
}).ToList(),
};
try
{
await this.Client.AuthorizeSecurityGroupIngressAsync(ingressRequest);
}
catch (AmazonEC2Exception e)
{
// Duplicate port settings are just fine
if (e.ErrorCode != "InvalidPermission.Duplicate")
throw;
}
this.Logger.Log("Inbound access authorised");
}
/// <summary>
/// Adds one or more ingress rules to a security group.
///
/// <important>
/// <para>
/// EC2-Classic: You can have up to 100 rules per group.
/// </para>
///
/// <para>
/// EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules).
/// </para>
/// </important>
/// <para>
/// Rule changes are propagated to instances within the security group as quickly as possible.
/// However, a small delay might occur.
/// </para>
///
/// <para>
/// [EC2-Classic] This action gives one or more CIDR IP address ranges permission to access
/// a security group in your account, or gives one or more security groups (called the
/// <i>source groups</i>) permission to access a security group for your account. A source
/// group can be for your own AWS account, or another.
/// </para>
///
/// <para>
/// [EC2-VPC] This action gives one or more CIDR IP address ranges permission to access
/// a security group in your VPC, or gives one or more other security groups (called the
/// <i>source groups</i>) permission to access a security group for your VPC. The security
/// groups must all be for the same VPC.
/// </para>
/// </summary>
/// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress service method.</param>
///
/// <returns>The response from the AuthorizeSecurityGroupIngress service method, as returned by EC2.</returns>
public AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request)
{
var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller();
var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.Instance;
return Invoke<AuthorizeSecurityGroupIngressRequest,AuthorizeSecurityGroupIngressResponse>(request, marshaller, unmarshaller);
}
protected override void ProcessRecord()
{
AmazonEC2 client = base.GetClient();
Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest request = new Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest();
request.UserId = this._UserId;
request.GroupName = this._GroupName;
request.SourceSecurityGroupName = this._SourceSecurityGroupName;
request.SourceSecurityGroupOwnerId = this._SourceSecurityGroupOwnerId;
request.IpProtocol = this._IpProtocol;
request.FromPort = this._FromPort;
request.ToPort = this._ToPort;
request.CidrIp = this._CidrIp;
Amazon.EC2.Model.AuthorizeSecurityGroupIngressResponse response = client.AuthorizeSecurityGroupIngress(request);
}
public void SetSecurityGroupRules(string groupId, List<IpPermission> ipPermissions)
{
var request = new AuthorizeSecurityGroupIngressRequest
{
GroupId = groupId,
IpPermissions = ipPermissions
};
_ec2Client.AuthorizeSecurityGroupIngress(request);
}
public string CreateSecurityGroup(string vpcId, string boostrapId)
{
string secGroupName = SEC_GROUP_PREFIX + boostrapId;
if (SecurityGroupExist(secGroupName))
{
DeleteSecurityGroup(secGroupName);
}
var newGroupRequest = new CreateSecurityGroupRequest()
{
GroupName = secGroupName,
Description = "Security Group for ConDep integration tests",
VpcId = vpcId,
};
var newGroupResponse = _client.CreateSecurityGroup(newGroupRequest);
var publicIp = GetPublicIp() + "/32";
var ruleRequest = new AuthorizeSecurityGroupIngressRequest()
{
GroupId = newGroupResponse.GroupId,
IpPermissions = new List<IpPermission>
{
new IpPermission
{
FromPort = 0,
ToPort = 65535,
IpProtocol = "tcp",
IpRanges = new List<string>
{
publicIp
}
},
new IpPermission
{
FromPort = -1,
ToPort = -1,
IpProtocol = "icmp",
IpRanges = new List<string>
{
publicIp
}
},
new IpPermission
{
FromPort = 1024,
ToPort = 65535,
IpProtocol = "tcp",
IpRanges = new List<string>
{
"0.0.0.0/0"
}
}
}
};
_client.AuthorizeSecurityGroupIngress(ruleRequest);
return newGroupResponse.GroupId;
}
private static string CreateSecurityGroup(IAmazonEC2 client, string vpcId, string groupName)
{
// Create a new empty group
var newSgRequest = new CreateSecurityGroupRequest()
{
GroupName = groupName,
Description = "Security group for AWS Talk",
VpcId = vpcId
};
// Get a handle to the newly created group
var newSgResponse = client.CreateSecurityGroup(newSgRequest);
var groups = new List<string>() { newSgResponse.GroupId };
var createdSgRequest = new DescribeSecurityGroupsRequest() { GroupIds = groups };
var createdSgResponse = client.DescribeSecurityGroups(createdSgRequest);
SecurityGroup theNewGroup = createdSgResponse.SecurityGroups[0];
// Add permissions to the group
var ingressRequest = new AuthorizeSecurityGroupIngressRequest();
ingressRequest.GroupId = theNewGroup.GroupId;
ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 3389, ToPort = 3389, IpRanges = new List<string>() { "0.0.0.0/0" } }); // RDP
ingressRequest.IpPermissions.Add(new IpPermission() { IpProtocol = "tcp", FromPort = 9999, ToPort = 9999, IpRanges = new List<string>() { "0.0.0.0/0" } }); // Worker API
client.AuthorizeSecurityGroupIngress(ingressRequest);
return newSgResponse.GroupId;
}
private void createSecurityGroup()
{
try
{
CreateSecurityGroupRequest requestSecurirtyGroup = new CreateSecurityGroupRequest();
requestSecurirtyGroup.GroupName = _securityGroups;
requestSecurirtyGroup.GroupDescription = jwSecurityGroupDescription;
CreateSecurityGroupResponse responseSecurityGroup = _service.CreateSecurityGroup(requestSecurirtyGroup);
AuthorizeSecurityGroupIngressRequest requestAuthz = new AuthorizeSecurityGroupIngressRequest();
requestAuthz.GroupName = _securityGroups;
requestAuthz.IpProtocol = "tcp";
requestAuthz.CidrIp = "0.0.0.0/0";
decimal[] ports = { 80, 443, 1443, 3389 };
foreach (decimal port in ports)
{
requestAuthz.FromPort = port;
requestAuthz.ToPort = port;
AuthorizeSecurityGroupIngressResponse responseAuthz = _service.AuthorizeSecurityGroupIngress(requestAuthz);
}
}
catch (AmazonEC2Exception ex)
{
throw new Exception("Caught Exception: " + ex.XML);
}
}
/// <summary>
/// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation.
/// <seealso cref="Amazon.EC2.IAmazonEC2.AuthorizeSecurityGroupIngress"/>
/// </summary>
///
/// <param name="authorizeSecurityGroupIngressRequest">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress
/// operation on AmazonEC2.</param>
/// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
/// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
/// procedure using the AsyncState property.</param>
public IAsyncResult BeginAuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest authorizeSecurityGroupIngressRequest, AsyncCallback callback, object state)
{
return invokeAuthorizeSecurityGroupIngress(authorizeSecurityGroupIngressRequest, callback, state, false);
}
/// <summary>
/// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation.
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress operation on AmazonEC2Client.</param>
/// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
/// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
/// procedure using the AsyncState property.</param>
///
/// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndAuthorizeSecurityGroupIngress
/// operation.</returns>
public IAsyncResult BeginAuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request, AsyncCallback callback, object state)
{
var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller();
var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.Instance;
return BeginInvoke<AuthorizeSecurityGroupIngressRequest>(request, marshaller, unmarshaller,
callback, state);
}
/// <summary>
/// <para> The AuthorizeSecurityGroupIngress operation adds permissions to a security group. </para> <para> Permissions are specified by the IP
/// protocol (TCP, UDP or ICMP), the source of the request (by IP range or an Amazon EC2 user-group pair), the source and destination port
/// ranges (for TCP and UDP), and the ICMP codes and types (for ICMP). When authorizing ICMP, <c>-1</c> can be used as a wildcard in the type
/// and code fields. </para> <para> Permission changes are propagated to instances within the security group as quickly as possible. However,
/// depending on the number of instances, a small delay might occur. </para>
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress
/// service method on AmazonEC2.</param>
public AuthorizeSecurityGroupIngressResponse AuthorizeSecurityGroupIngress(AuthorizeSecurityGroupIngressRequest request)
{
var task = AuthorizeSecurityGroupIngressAsync(request);
try
{
return task.Result;
}
catch(AggregateException e)
{
throw e.InnerException;
}
}
/// <summary>
/// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation.
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress operation.</param>
/// <param name="cancellationToken">
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
/// </param>
/// <returns>The task object representing the asynchronous operation.</returns>
public Task<AuthorizeSecurityGroupIngressResponse> AuthorizeSecurityGroupIngressAsync(AuthorizeSecurityGroupIngressRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken))
{
var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller();
var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.Instance;
return InvokeAsync<AuthorizeSecurityGroupIngressRequest,AuthorizeSecurityGroupIngressResponse>(request, marshaller,
unmarshaller, cancellationToken);
}
/// <summary>
/// Initiates the asynchronous execution of the AuthorizeSecurityGroupIngress operation.
/// <seealso cref="Amazon.EC2.IAmazonEC2.AuthorizeSecurityGroupIngress"/>
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the AuthorizeSecurityGroupIngress operation.</param>
/// <param name="cancellationToken">
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
/// </param>
/// <returns>The task object representing the asynchronous operation.</returns>
public async Task<AuthorizeSecurityGroupIngressResponse> AuthorizeSecurityGroupIngressAsync(AuthorizeSecurityGroupIngressRequest request, CancellationToken cancellationToken = default(CancellationToken))
{
var marshaller = new AuthorizeSecurityGroupIngressRequestMarshaller();
var unmarshaller = AuthorizeSecurityGroupIngressResponseUnmarshaller.GetInstance();
var response = await Invoke<IRequest, AuthorizeSecurityGroupIngressRequest, AuthorizeSecurityGroupIngressResponse>(request, marshaller, unmarshaller, signer, cancellationToken)
.ConfigureAwait(continueOnCapturedContext: false);
return response;
}
