public override void AddToLaunchConfiguration(LaunchConfiguration configuration) { base.AddToLaunchConfiguration(configuration); var command = this.Config.Commands.AddCommand <Command>("CreateWindowsShare"); const string CreateWindowsShare = "c:/cfn/scripts/CreateWindowsShare.ps1"; var script = this.Config.Files.GetFile(CreateWindowsShare); script.Source = "https://s3.amazonaws.com/gtbb/CreateWindowsShare.ps1"; command.Command = new FnJoinPowershellCommand(FnJoinDelimiter.Space, CreateWindowsShare, this.Path, this.ShareName, "@(", new FnJoin(FnJoinDelimiter.Comma, this.Accounts), ")"); SecurityGroup securityGroupSmbAccess = new SecurityGroup("Security Group For SMB Access", configuration.Subnet.Vpc); securityGroupSmbAccess.AddIngress(PredefinedCidr.AllVpcs, Protocol.Tcp, Ports.Smb); securityGroupSmbAccess.AddIngress(PredefinedCidr.AllVpcs, Protocol.Tcp, Ports.NetBt, Ports.NetBiosNameServices); configuration.Template.Resources.Add(securityGroupSmbAccess.LogicalId, securityGroupSmbAccess); Instance launchConfigurationAsInstance = configuration as Instance; launchConfigurationAsInstance.SecurityGroupIds.Add(new ReferenceProperty(securityGroupSmbAccess)); }
private void AddSecurityGroup() { var launchConfigurationAsInstance = this.Instance as Instance; var rdgwSecurityGroup = new SecurityGroup("Remote Desktop Security Group", launchConfigurationAsInstance.Subnet.Vpc); this.Instance.Template.Resources.Add($"SecurityGroup4{this.Instance.LogicalId}", rdgwSecurityGroup); rdgwSecurityGroup.AddIngress(PredefinedCidr.LocalGateway, Protocol.Tcp, Ports.RemoteDesktopProtocol, Ports.Ssl, Ports.Http); rdgwSecurityGroup.AddIngress(PredefinedCidr.LocalGateway, Protocol.Udp, Ports.RdpAdmin); rdgwSecurityGroup.AddIngress(PredefinedCidr.LocalGateway, Protocol.Icmp, Ports.All); launchConfigurationAsInstance.SecurityGroupIds.Add(new ReferenceProperty(rdgwSecurityGroup)); }
private static Template GetTestEnvironmentTemplate(string domain) { Template returnTemplate = new Template(domain, "TestApp1YadayadaSoftwareComVpc", "StackTestApp1YadayadaSoftwareCom", domain.Replace('.', '-'), "10.1.0.0/16"); Vpc vpc = returnTemplate.Vpcs.Last(); Subnet subnetDmz = new Subnet(vpc, "10.0.0.0/24", AvailabilityZone.UsEast1A, true); returnTemplate.Resources.Add("subnetDmz", subnetDmz); Instance instanceWebServer = new Instance(subnetDmz, InstanceTypes.C4Large, StackTest.UsEastWindows2012R2Ami, OperatingSystem.Windows, false); returnTemplate.Resources.Add("instanceWebServer", instanceWebServer); instanceWebServer.Packages.Add(new InternetInformationServerPackage(null, "gtbb", "yadayada_iis")); SecurityGroup securityGroupLoadBalancer = new SecurityGroup("Security Group for ELB", vpc); securityGroupLoadBalancer.AddIngress(PredefinedCidr.TheWorld, Protocol.Tcp, Ports.Ssl); securityGroupLoadBalancer.AddIngress(PredefinedCidr.TheWorld, Protocol.Tcp, Ports.Http); returnTemplate.Resources.Add(securityGroupLoadBalancer.LogicalId, securityGroupLoadBalancer); LoadBalancer loadBalancer = new LoadBalancer(); loadBalancer.HealthCheck.Target = "HTTP:80/healthcheck.htm"; loadBalancer.HealthCheck.HealthyThreshold = 2.ToString(); loadBalancer.HealthCheck.Interval = 300.ToString(); loadBalancer.HealthCheck.Timeout = 10.ToString(); loadBalancer.HealthCheck.UnhealthyThreshold = 10.ToString(); loadBalancer.Subnets.Add(new ReferenceProperty(subnetDmz)); loadBalancer.SecurityGroups.Add(securityGroupLoadBalancer); LoadBalancer.Listener listenerHttps = new LoadBalancer.Listener((int)Ports.Ssl, (int)Ports.Http, "https"); listenerHttps.SSLCertificateId = "arn:aws:acm:us-east-1:570182474766:certificate/ec3dcdfd-cc6d-4af7-8119-290bf134fa4f"; loadBalancer.Instances.Add(new ReferenceProperty(instanceWebServer)); loadBalancer.Listeners.Add(listenerHttps); LoadBalancer.Listener listenerHttp = new LoadBalancer.Listener((int)Ports.Http, (int)Ports.Http, "http"); loadBalancer.Instances.Add(new ReferenceProperty(instanceWebServer)); loadBalancer.Listeners.Add(listenerHttp); returnTemplate.Resources.Add("LoadBalancer", loadBalancer); SecurityGroup securityGroupElbToWebServer = new SecurityGroup("Allows Elb To Web Server", vpc); returnTemplate.Resources.Add(securityGroupElbToWebServer.LogicalId, securityGroupElbToWebServer); securityGroupElbToWebServer.AddIngress(securityGroupLoadBalancer, Protocol.Tcp, Ports.Http); instanceWebServer.SecurityGroupIds.Add(new ReferenceProperty(securityGroupElbToWebServer)); instanceWebServer.AddElasticIp(); SecurityGroup securityGroupRdpFromFairfaxToWebServer = new SecurityGroup("Allows RDP access from Fairfax", vpc); returnTemplate.Resources.Add(securityGroupRdpFromFairfaxToWebServer.LogicalId, securityGroupRdpFromFairfaxToWebServer); securityGroupRdpFromFairfaxToWebServer.AddIngress(new Fairfax(), Protocol.All, Ports.RemoteDesktopProtocol); instanceWebServer.SecurityGroupIds.Add(new ReferenceProperty(securityGroupRdpFromFairfaxToWebServer)); RecordSet recordSetElasticLoadBalancer = RecordSet.AddByHostedZoneName(returnTemplate, $"www.{domain}.".Replace(".", string.Empty), "yadayadasoftware.com.", $"www.{domain}.", RecordSet.RecordSetTypeEnum.CNAME); recordSetElasticLoadBalancer.AddResourceRecord(new FnGetAtt(loadBalancer, FnGetAttAttribute.AwsElasticLoadBalancingLoadBalancer)); loadBalancer.DependsOn.Add(instanceWebServer.Packages.Last().WaitCondition.LogicalId); return(returnTemplate); }
private Template GetSqlExpressDbTemplate() { var template = new Template("corp.getthebuybox.com", "vpcBasicDbInstanceTest", "StackBasicDbInstanceTest", "10.0.0.0/16"); var vpc = template.Vpcs.First(); vpc.EnableDnsHostnames = true; vpc.EnableDnsSupport = true; var subnet1 = new Subnet(vpc, "10.0.128.0/28", AvailabilityZone.UsEast1A, true); template.Resources.Add("subnetDb1", subnet1); RouteTable routeTable4Subnet1 = new RouteTable(vpc); template.Resources.Add("routeTable4Subnet1", routeTable4Subnet1); Route route4subnet1 = new Route(vpc.InternetGateway, "0.0.0.0/0", routeTable4Subnet1); template.Resources.Add("route4subnet1", route4subnet1); SubnetRouteTableAssociation subnetRouteTableAssociationSubnet1 = new SubnetRouteTableAssociation(subnet1, routeTable4Subnet1); template.Resources.Add(subnetRouteTableAssociationSubnet1.LogicalId, subnetRouteTableAssociationSubnet1); var subnet2 = new Subnet(template.Vpcs.First(), "10.0.64.0/28", AvailabilityZone.UsEast1E, true); template.Resources.Add("subnetDb2", subnet2); RouteTable routeTable4Subnet2 = new RouteTable(vpc); template.Resources.Add("routeTable4Subnet2", routeTable4Subnet2); Route route4subnet2 = new Route(vpc.InternetGateway, "0.0.0.0/0", routeTable4Subnet2); template.Resources.Add("route4subnet2", route4subnet2); SubnetRouteTableAssociation subnetRouteTableAssociationSubnet2 = new SubnetRouteTableAssociation(subnet2, routeTable4Subnet2); template.Resources.Add(subnetRouteTableAssociationSubnet2.LogicalId, subnetRouteTableAssociationSubnet2); var subnetGroup = new DbSubnetGroup("this is my subnet group description"); template.Resources.Add("dbSubnetGroup", subnetGroup); subnetGroup.AddSubnet(subnet1); subnetGroup.AddSubnet(subnet2); SecurityGroup securityGroup = new SecurityGroup("Allows access to SqlServer from everywhere", vpc); template.Resources.Add("securityGroupWorldWide", securityGroup); securityGroup.AddIngress(PredefinedCidr.TheWorld, Protocol.Tcp, Ports.MsSqlServer); var dbSecurityGroup = new DbSecurityGroup(vpc, "Why is a description required?"); template.Resources.Add("dbSecurityGroup", dbSecurityGroup); var dbSecurityGroupIngress = new DbSecurityGroupIngress(); dbSecurityGroupIngress.CIDRIP = "0.0.0.0/0"; dbSecurityGroup.AddDbSecurityGroupIngress(dbSecurityGroupIngress); DbInstance instance = new DbInstance(DbInstanceClassEnum.DbT2Micro, EngineType.SqlServerExpress, LicenseModelType.LicenseIncluded, Ebs.VolumeTypes.GeneralPurpose, 20, "MyMasterUsername", "YellowBeard123", subnetGroup, dbSecurityGroup); template.Resources.Add("instanceBasicDbInstanceTest", instance); instance.PubliclyAccessible = true.ToString().ToLowerInvariant(); return(template); }