public override void AddToLaunchConfiguration(LaunchConfiguration configuration)
{
base.AddToLaunchConfiguration(configuration);
var command = this.Config.Commands.AddCommand <Command>("CreateWindowsShare");
const string CreateWindowsShare = "c:/cfn/scripts/CreateWindowsShare.ps1";
var script = this.Config.Files.GetFile(CreateWindowsShare);
script.Source = "https://s3.amazonaws.com/gtbb/CreateWindowsShare.ps1";
command.Command = new FnJoinPowershellCommand(FnJoinDelimiter.Space,
CreateWindowsShare,
this.Path,
this.ShareName,
"@(",
new FnJoin(FnJoinDelimiter.Comma,
this.Accounts),
")");
SecurityGroup securityGroupSmbAccess = new SecurityGroup("Security Group For SMB Access", configuration.Subnet.Vpc);
securityGroupSmbAccess.AddIngress(PredefinedCidr.AllVpcs, Protocol.Tcp, Ports.Smb);
securityGroupSmbAccess.AddIngress(PredefinedCidr.AllVpcs, Protocol.Tcp, Ports.NetBt, Ports.NetBiosNameServices);
configuration.Template.Resources.Add(securityGroupSmbAccess.LogicalId, securityGroupSmbAccess);
Instance launchConfigurationAsInstance = configuration as Instance;
launchConfigurationAsInstance.SecurityGroupIds.Add(new ReferenceProperty(securityGroupSmbAccess));
}
private void AddSecurityGroup()
{
var launchConfigurationAsInstance = this.Instance as Instance;
var rdgwSecurityGroup = new SecurityGroup("Remote Desktop Security Group", launchConfigurationAsInstance.Subnet.Vpc);
this.Instance.Template.Resources.Add($"SecurityGroup4{this.Instance.LogicalId}", rdgwSecurityGroup);
rdgwSecurityGroup.AddIngress(PredefinedCidr.LocalGateway, Protocol.Tcp, Ports.RemoteDesktopProtocol, Ports.Ssl, Ports.Http);
rdgwSecurityGroup.AddIngress(PredefinedCidr.LocalGateway, Protocol.Udp, Ports.RdpAdmin);
rdgwSecurityGroup.AddIngress(PredefinedCidr.LocalGateway, Protocol.Icmp, Ports.All);
launchConfigurationAsInstance.SecurityGroupIds.Add(new ReferenceProperty(rdgwSecurityGroup));
}
private static Template GetTestEnvironmentTemplate(string domain)
{
Template returnTemplate = new Template(domain, "TestApp1YadayadaSoftwareComVpc", "StackTestApp1YadayadaSoftwareCom", domain.Replace('.', '-'), "10.1.0.0/16");
Vpc vpc = returnTemplate.Vpcs.Last();
Subnet subnetDmz = new Subnet(vpc, "10.0.0.0/24", AvailabilityZone.UsEast1A, true);
returnTemplate.Resources.Add("subnetDmz", subnetDmz);
Instance instanceWebServer = new Instance(subnetDmz, InstanceTypes.C4Large, StackTest.UsEastWindows2012R2Ami, OperatingSystem.Windows, false);
returnTemplate.Resources.Add("instanceWebServer", instanceWebServer);
instanceWebServer.Packages.Add(new InternetInformationServerPackage(null, "gtbb", "yadayada_iis"));
SecurityGroup securityGroupLoadBalancer = new SecurityGroup("Security Group for ELB", vpc);
securityGroupLoadBalancer.AddIngress(PredefinedCidr.TheWorld, Protocol.Tcp, Ports.Ssl);
securityGroupLoadBalancer.AddIngress(PredefinedCidr.TheWorld, Protocol.Tcp, Ports.Http);
returnTemplate.Resources.Add(securityGroupLoadBalancer.LogicalId, securityGroupLoadBalancer);
LoadBalancer loadBalancer = new LoadBalancer();
loadBalancer.HealthCheck.Target = "HTTP:80/healthcheck.htm";
loadBalancer.HealthCheck.HealthyThreshold = 2.ToString();
loadBalancer.HealthCheck.Interval = 300.ToString();
loadBalancer.HealthCheck.Timeout = 10.ToString();
loadBalancer.HealthCheck.UnhealthyThreshold = 10.ToString();
loadBalancer.Subnets.Add(new ReferenceProperty(subnetDmz));
loadBalancer.SecurityGroups.Add(securityGroupLoadBalancer);
LoadBalancer.Listener listenerHttps = new LoadBalancer.Listener((int)Ports.Ssl, (int)Ports.Http, "https");
listenerHttps.SSLCertificateId = "arn:aws:acm:us-east-1:570182474766:certificate/ec3dcdfd-cc6d-4af7-8119-290bf134fa4f";
loadBalancer.Instances.Add(new ReferenceProperty(instanceWebServer));
loadBalancer.Listeners.Add(listenerHttps);
LoadBalancer.Listener listenerHttp = new LoadBalancer.Listener((int)Ports.Http, (int)Ports.Http, "http");
loadBalancer.Instances.Add(new ReferenceProperty(instanceWebServer));
loadBalancer.Listeners.Add(listenerHttp);
returnTemplate.Resources.Add("LoadBalancer", loadBalancer);
SecurityGroup securityGroupElbToWebServer = new SecurityGroup("Allows Elb To Web Server", vpc);
returnTemplate.Resources.Add(securityGroupElbToWebServer.LogicalId, securityGroupElbToWebServer);
securityGroupElbToWebServer.AddIngress(securityGroupLoadBalancer, Protocol.Tcp, Ports.Http);
instanceWebServer.SecurityGroupIds.Add(new ReferenceProperty(securityGroupElbToWebServer));
instanceWebServer.AddElasticIp();
SecurityGroup securityGroupRdpFromFairfaxToWebServer = new SecurityGroup("Allows RDP access from Fairfax", vpc);
returnTemplate.Resources.Add(securityGroupRdpFromFairfaxToWebServer.LogicalId, securityGroupRdpFromFairfaxToWebServer);
securityGroupRdpFromFairfaxToWebServer.AddIngress(new Fairfax(), Protocol.All, Ports.RemoteDesktopProtocol);
instanceWebServer.SecurityGroupIds.Add(new ReferenceProperty(securityGroupRdpFromFairfaxToWebServer));
RecordSet recordSetElasticLoadBalancer = RecordSet.AddByHostedZoneName(returnTemplate,
$"www.{domain}.".Replace(".", string.Empty),
"yadayadasoftware.com.",
$"www.{domain}.", RecordSet.RecordSetTypeEnum.CNAME);
recordSetElasticLoadBalancer.AddResourceRecord(new FnGetAtt(loadBalancer, FnGetAttAttribute.AwsElasticLoadBalancingLoadBalancer));
loadBalancer.DependsOn.Add(instanceWebServer.Packages.Last().WaitCondition.LogicalId);
return(returnTemplate);
}
private Template GetSqlExpressDbTemplate()
{
var template = new Template("corp.getthebuybox.com", "vpcBasicDbInstanceTest", "StackBasicDbInstanceTest", "10.0.0.0/16");
var vpc = template.Vpcs.First();
vpc.EnableDnsHostnames = true;
vpc.EnableDnsSupport = true;
var subnet1 = new Subnet(vpc, "10.0.128.0/28", AvailabilityZone.UsEast1A, true);
template.Resources.Add("subnetDb1", subnet1);
RouteTable routeTable4Subnet1 = new RouteTable(vpc);
template.Resources.Add("routeTable4Subnet1", routeTable4Subnet1);
Route route4subnet1 = new Route(vpc.InternetGateway, "0.0.0.0/0", routeTable4Subnet1);
template.Resources.Add("route4subnet1", route4subnet1);
SubnetRouteTableAssociation subnetRouteTableAssociationSubnet1 = new SubnetRouteTableAssociation(subnet1, routeTable4Subnet1);
template.Resources.Add(subnetRouteTableAssociationSubnet1.LogicalId, subnetRouteTableAssociationSubnet1);
var subnet2 = new Subnet(template.Vpcs.First(), "10.0.64.0/28", AvailabilityZone.UsEast1E, true);
template.Resources.Add("subnetDb2", subnet2);
RouteTable routeTable4Subnet2 = new RouteTable(vpc);
template.Resources.Add("routeTable4Subnet2", routeTable4Subnet2);
Route route4subnet2 = new Route(vpc.InternetGateway, "0.0.0.0/0", routeTable4Subnet2);
template.Resources.Add("route4subnet2", route4subnet2);
SubnetRouteTableAssociation subnetRouteTableAssociationSubnet2 = new SubnetRouteTableAssociation(subnet2, routeTable4Subnet2);
template.Resources.Add(subnetRouteTableAssociationSubnet2.LogicalId, subnetRouteTableAssociationSubnet2);
var subnetGroup = new DbSubnetGroup("this is my subnet group description");
template.Resources.Add("dbSubnetGroup", subnetGroup);
subnetGroup.AddSubnet(subnet1);
subnetGroup.AddSubnet(subnet2);
SecurityGroup securityGroup = new SecurityGroup("Allows access to SqlServer from everywhere", vpc);
template.Resources.Add("securityGroupWorldWide", securityGroup);
securityGroup.AddIngress(PredefinedCidr.TheWorld, Protocol.Tcp, Ports.MsSqlServer);
var dbSecurityGroup = new DbSecurityGroup(vpc, "Why is a description required?");
template.Resources.Add("dbSecurityGroup", dbSecurityGroup);
var dbSecurityGroupIngress = new DbSecurityGroupIngress();
dbSecurityGroupIngress.CIDRIP = "0.0.0.0/0";
dbSecurityGroup.AddDbSecurityGroupIngress(dbSecurityGroupIngress);
DbInstance instance = new DbInstance(DbInstanceClassEnum.DbT2Micro,
EngineType.SqlServerExpress,
LicenseModelType.LicenseIncluded,
Ebs.VolumeTypes.GeneralPurpose,
20,
"MyMasterUsername",
"YellowBeard123",
subnetGroup,
dbSecurityGroup);
template.Resources.Add("instanceBasicDbInstanceTest", instance);
instance.PubliclyAccessible = true.ToString().ToLowerInvariant();
return(template);
}
