public static void CreateLambdaFunction(string functionName, string iamRoleName, out string iamRoleArn, out string functionArn) { var iamCreateResponse = iamClient.CreateRole(new CreateRoleRequest { RoleName = iamRoleName, AssumeRolePolicyDocument = LAMBDA_ASSUME_ROLE_POLICY }); iamRoleArn = iamCreateResponse.Role.Arn; var statement = new Statement(Statement.StatementEffect.Allow); statement.Actions.Add(S3ActionIdentifiers.PutObject); statement.Actions.Add(S3ActionIdentifiers.GetObject); statement.Resources.Add(new Resource("*")); var policy = new Amazon.Auth.AccessControlPolicy.Policy(); policy.Statements.Add(statement); iamClient.PutRolePolicy(new PutRolePolicyRequest { RoleName = iamRoleName, PolicyName = "admin", PolicyDocument = policy.ToJson() }); // Wait for the role and policy to propagate Thread.Sleep(5000); MemoryStream stream = CreateScriptStream(); var uploadRequest = new CreateFunctionRequest { FunctionName = functionName, Code = new FunctionCode { ZipFile = stream }, Handler = "helloworld.handler", //Mode = Mode.Event, Runtime = Runtime.Nodejs, Role = iamCreateResponse.Role.Arn }; var uploadResponse = Client.CreateFunction(uploadRequest); createdFunctionNames.Add(functionName); Assert.IsTrue(uploadResponse.CodeSize > 0); Assert.IsNotNull(uploadResponse.FunctionArn); functionArn = uploadResponse.FunctionArn; }
public void Save(string sourceArn, IAmazonSimpleNotificationService client) { ActionIdentifier[] actions = { SNSActionIdentifiers.Subscribe}; var snsPolicy = new Policy() .WithStatements(GetDefaultStatement(sourceArn)) .WithStatements(new Statement(Statement.StatementEffect.Allow) .WithPrincipals(_accountIds.Select(a => new Principal(a)).ToArray()) .WithResources(new Resource(sourceArn)) .WithActionIdentifiers(actions)); var attributeValue = snsPolicy.ToJson(); var setQueueAttributesRequest = new SetTopicAttributesRequest(sourceArn, "Policy", attributeValue); client.SetTopicAttributes(setQueueAttributesRequest); }
public static void Save(string sourceArn, string queueArn, string queueUrl, IAmazonSQS client) { var topicArnWildcard = CreateTopicArnWildcard(sourceArn); ActionIdentifier[] actions = { SQSActionIdentifiers.SendMessage }; Policy sqsPolicy = new Policy() .WithStatements(new Statement(Statement.StatementEffect.Allow) .WithPrincipals(Principal.AllUsers) .WithResources(new Resource(queueArn)) .WithConditions(ConditionFactory.NewSourceArnCondition(topicArnWildcard)) .WithActionIdentifiers(actions)); SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest(); setQueueAttributesRequest.QueueUrl = queueUrl; setQueueAttributesRequest.Attributes["Policy"] = sqsPolicy.ToJson(); client.SetQueueAttributes(setQueueAttributesRequest); }
public void TestAnonymousPrincipal() { var policy = new Policy { Statements = { new Statement(Statement.StatementEffect.Deny) { Principals = { Principal.Anonymous } } } }; var json = policy.ToJson(); Console.WriteLine(json); Assert.IsTrue(json.Contains("\"Principal\" : \"*\"")); var roundTripPolicy = Policy.FromJson(json); Assert.AreEqual(Principal.Anonymous, roundTripPolicy.Statements[0].Principals[0]); }
public ISubscribeReponseMessage Subscribe(string queueUrl) { var sqsConfig = new AmazonSQSConfig {ServiceURL = SqsServiceUrl}; var snsConfig = new AmazonSimpleNotificationServiceConfig {ServiceURL = SnsServiceUrl}; using (var sqsClient = _awsConfig.CreateAwsClient<AmazonSQSClient>(sqsConfig)) { var attributesRequest = new GetQueueAttributesRequest(queueUrl, new List<string> {"QueueArn"}); var attributesResponse = sqsClient.GetQueueAttributes(attributesRequest); using (var snsClient = _awsConfig.CreateAwsClient<AmazonSimpleNotificationServiceClient>(snsConfig)) { var subribeResonse = snsClient.Subscribe(new SubscribeRequest(TopicArn, "sqs", attributesResponse.QueueARN)); } var actions = new ActionIdentifier[2]; actions[0] = SQSActionIdentifiers.SendMessage; actions[1] = SQSActionIdentifiers.ReceiveMessage; var sqsPolicy = new Policy().WithStatements( new Statement(Statement.StatementEffect.Allow).WithPrincipals(Principal.AllUsers) .WithResources( new Resource(attributesResponse.QueueARN)) .WithConditions( ConditionFactory.NewSourceArnCondition( TopicArn)) .WithActionIdentifiers(actions)); var setQueueAttributesRequest = new SetQueueAttributesRequest(); var attributes = new Dictionary<string, string> {{"Policy", sqsPolicy.ToJson()}}; var attRequest = new SetQueueAttributesRequest(attributesRequest.QueueUrl, attributes); sqsClient.SetQueueAttributes(attRequest); return new SubcriptionMessage("Ok"); } }
public void create_sqs_queue() { GetUserNameAndPassword(); var sqsClient = Amazon.AWSClientFactory.CreateAmazonSQSClient(_key, _secret); var snsTopic = Amazon.AWSClientFactory.CreateAmazonSNSClient(_key, _secret); var topicArn = "arn:aws:sns:us-east-1:451419498740:Elliott-has-an-awesome-blog"; //Create a new SQS queue var createQueueRequest = new CreateQueueRequest().WithQueueName("elliotts-blog"); var createQueueResponse = sqsClient.CreateQueue(createQueueRequest); // keep the queueUrl handy var queueUrl = createQueueResponse.CreateQueueResult.QueueUrl; // get the Access Resource Name so we can allow the SNS to put messages on it var getQueueArnRequest = new GetQueueAttributesRequest() .WithQueueUrl(queueUrl) .WithAttributeName("QueueArn"); var getQueueArnResponse = sqsClient.GetQueueAttributes(getQueueArnRequest); var queueArn = getQueueArnResponse.GetQueueAttributesResult.Attribute[0].Value; //create a Policy for the SQS queue that allows SNS to publish to it var allowSnsStatement = new Statement(Statement.StatementEffect.Allow) .WithPrincipals(Principal.AllUsers) .WithResources(new Resource(queueArn)) .WithConditions(ConditionFactory.NewSourceArnCondition(topicArn)) .WithActionIdentifiers(SQSActionIdentifiers.SendMessage); var policy = new Policy("allow sns").WithStatements(new[] {allowSnsStatement}); var attribute = new Attribute().WithName("Policy").WithValue(policy.ToJson()); var setQueueAttributesRequest = new SetQueueAttributesRequest().WithQueueUrl(queueUrl).WithAttribute(attribute); sqsClient.SetQueueAttributes(setQueueAttributesRequest); // ok, now lets create the subscription for sqs with the queueArn we created var subscribeRequest = new SubscribeRequest() .WithEndpoint(queueArn) .WithTopicArn(topicArn) .WithProtocol("sqs"); snsTopic.Subscribe(subscribeRequest); }
public virtual void GrantNotificationPermission(AmazonSQSClient sqsClient, string queueArn, string queueUrl, string topicArn) { // Create a policy to allow the queue to receive notifications from the SNS topic var policy = new Policy("SubscriptionPermission") { Statements = { new Statement(Statement.StatementEffect.Allow) { Actions = {SQSActionIdentifiers.SendMessage}, Principals = {new Principal("*")}, Conditions = {ConditionFactory.NewSourceArnCondition(topicArn)}, Resources = {new Resource(queueArn)} } } }; var attributes = new Dictionary<string, string>(); attributes.Add("Policy", policy.ToJson()); // Create the request to set the queue attributes for policy var setQueueAttributesRequest = new SetQueueAttributesRequest { QueueUrl = queueUrl, Attributes = attributes }; // Set the queue policy sqsClient.SetQueueAttributes(setQueueAttributesRequest); }
public void LambdaFunctionTest() { const string HELLO_SCRIPT = @"console.log('Loading http') exports.handler = function (request, response) { response.write(""Hello, world!""); response.end(); console.log(""Request completed""); }"; MemoryStream stream = new MemoryStream(); using (ZipArchive archive = new ZipArchive(stream, ZipArchiveMode.Create, true)) { var entry = archive.CreateEntry("helloworld.js"); using (var entryStream = entry.Open()) using (var writer = new StreamWriter(entryStream)) { writer.Write(HELLO_SCRIPT); } } stream.Position = 0; var functionName = "HelloWorld"; bool uploaded = false; var iamRoleName = "Lambda-" + DateTime.Now.Ticks; bool iamRoleCreated = false; try { var iamCreateResponse = iamClient.CreateRole(new CreateRoleRequest { RoleName = iamRoleName, AssumeRolePolicyDocument = LAMBDA_ASSUME_ROLE_POLICY }); var statement = new Statement(Statement.StatementEffect.Allow); statement.Actions.Add(S3ActionIdentifiers.PutObject); statement.Actions.Add(S3ActionIdentifiers.GetObject); statement.Resources.Add(new Resource("*")); var policy = new Policy(); policy.Statements.Add(statement); iamClient.PutRolePolicy(new PutRolePolicyRequest { RoleName = iamRoleName, PolicyName = "admin", PolicyDocument = policy.ToJson() }); // Wait for the role and policy to propagate Thread.Sleep(5000); var uploadRequest = new UploadFunctionRequest { FunctionName = functionName, FunctionZip = stream, Handler = "helloworld.handler", Mode = Mode.Event, Runtime = Runtime.Nodejs, Role = iamCreateResponse.Role.Arn }; var uploadResponse = lambdaClient.UploadFunction(uploadRequest); uploaded = true; Assert.IsTrue(uploadResponse.CodeSize > 0); Assert.IsNotNull(uploadResponse.ConfigurationId); // List all the functions and make sure the newly uploaded function is in the collection var listResponse = lambdaClient.ListFunctions(); var function = listResponse.Functions.FirstOrDefault(x => x.FunctionName == functionName); Assert.IsNotNull(function); Assert.AreEqual("helloworld.handler", function.Handler); Assert.AreEqual(iamCreateResponse.Role.Arn, function.Role); // Get the function with a presigned URL to the uploaded code var getFunctionResponse = lambdaClient.GetFunction(functionName); Assert.AreEqual("helloworld.handler", getFunctionResponse.Configuration.Handler); Assert.IsNotNull(getFunctionResponse.Code.Location); // Get the function's configuration only var getFunctionConfiguration = lambdaClient.GetFunctionConfiguration(functionName); Assert.AreEqual("helloworld.handler", getFunctionConfiguration.Handler); // Call the function var invokeResponse = lambdaClient.InvokeAsync(functionName); Assert.AreEqual(invokeResponse.Status, 202); // Status Code Accepted } finally { if(uploaded) lambdaClient.DeleteFunction(functionName); if (iamRoleCreated) iamClient.DeleteRole(new DeleteRoleRequest { RoleName = iamRoleName }); } }
public string SetSqsPolicyForSnsPublish(Uri queueUrl, string queueArn, string mytopicArn) { Validate.That(queueUrl).IsNotNull(); Validate.That(queueArn).IsNotNullOrEmpty(); Validate.That(mytopicArn).IsNotNullOrEmpty(); var sqsPolicy = new Policy().WithStatements( new Statement(Statement.StatementEffect.Allow) .WithResources(new Resource(queueArn)) .WithPrincipals(Principal.AllUsers) .WithActionIdentifiers(SQSActionIdentifiers.SendMessage) .WithConditions(ConditionFactory.NewCondition(ConditionFactory.ArnComparisonType.ArnEquals, conditionSourceArn, mytopicArn))); var setQueueAttributesRequest = new SetQueueAttributesRequest().WithQueueUrl(queueUrl.AbsoluteUri).WithPolicy(sqsPolicy.ToJson()); using (var sqs = amazonSqsFactory()) { var response = sqs.SetQueueAttributes(setQueueAttributesRequest); return response.ResponseMetadata.RequestId; } }
public void LambdaFunctionTest() { const string HELLO_SCRIPT = @"console.log('Loading http') exports.handler = function (request, response) { response.write(""Hello, world!""); response.end(); console.log(""Request completed""); }"; MemoryStream stream = new MemoryStream(); using (ZipArchive archive = new ZipArchive(stream, ZipArchiveMode.Create, true)) { var entry = archive.CreateEntry("helloworld.js"); using (var entryStream = entry.Open()) using (var writer = new StreamWriter(entryStream)) { writer.Write(HELLO_SCRIPT); } } stream.Position = 0; var functionName = "HelloWorld"; bool uploaded = false; var iamRoleName = "Lambda-" + DateTime.Now.Ticks; bool iamRoleCreated = false; try { var iamCreateResponse = iamClient.CreateRole(new CreateRoleRequest { RoleName = iamRoleName, AssumeRolePolicyDocument = LAMBDA_ASSUME_ROLE_POLICY }); var statement = new Statement(Statement.StatementEffect.Allow); statement.Actions.Add(S3ActionIdentifiers.PutObject); statement.Actions.Add(S3ActionIdentifiers.GetObject); statement.Resources.Add(new Resource("*")); var policy = new Amazon.Auth.AccessControlPolicy.Policy(); policy.Statements.Add(statement); iamClient.PutRolePolicy(new PutRolePolicyRequest { RoleName = iamRoleName, PolicyName = "admin", PolicyDocument = policy.ToJson() }); // Wait for the role and policy to propagate Thread.Sleep(5000); var uploadRequest = new UploadFunctionRequest { FunctionName = functionName, FunctionZip = stream, Handler = "helloworld.handler", Mode = Mode.Event, Runtime = Runtime.Nodejs, Role = iamCreateResponse.Role.Arn }; var uploadResponse = lambdaClient.UploadFunction(uploadRequest); uploaded = true; Assert.IsTrue(uploadResponse.CodeSize > 0); Assert.IsNotNull(uploadResponse.ConfigurationId); // List all the functions and make sure the newly uploaded function is in the collection var listResponse = lambdaClient.ListFunctions(); var function = listResponse.Functions.FirstOrDefault(x => x.FunctionName == functionName); Assert.IsNotNull(function); Assert.AreEqual("helloworld.handler", function.Handler); Assert.AreEqual(iamCreateResponse.Role.Arn, function.Role); // Get the function with a presigned URL to the uploaded code var getFunctionResponse = lambdaClient.GetFunction(functionName); Assert.AreEqual("helloworld.handler", getFunctionResponse.Configuration.Handler); Assert.IsNotNull(getFunctionResponse.Code.Location); // Get the function's configuration only var getFunctionConfiguration = lambdaClient.GetFunctionConfiguration(functionName); Assert.AreEqual("helloworld.handler", getFunctionConfiguration.Handler); // Call the function var invokeResponse = lambdaClient.InvokeAsync(functionName); Assert.AreEqual(invokeResponse.Status, 202); // Status Code Accepted } finally { if (uploaded) { lambdaClient.DeleteFunction(functionName); } if (iamRoleCreated) { iamClient.DeleteRole(new DeleteRoleRequest { RoleName = iamRoleName }); } } }
public string SetSqsPolicyForSnsPublish(Uri queueUrl, string queueArn, string mytopicArn) { queueUrl.Requires("queueUrl").IsNotNull(); queueArn.Requires("queueArn").IsNotNullOrWhiteSpace(); mytopicArn.Requires("mytopicArn").IsNotNullOrWhiteSpace(); var sqsPolicy = new Policy().WithStatements( new Statement(Statement.StatementEffect.Allow) .WithResources(new Resource(queueArn)) .WithPrincipals(Principal.AllUsers) .WithActionIdentifiers(SQSActionIdentifiers.SendMessage) .WithConditions(ConditionFactory.NewCondition(ConditionFactory.ArnComparisonType.ArnEquals, ConditionSourceArn, mytopicArn))); var attributes = new Dictionary<string, string> { {QueueAttributeName.Policy, sqsPolicy.ToJson()} }; var setQueueAttributesRequest = new SetQueueAttributesRequest(queueUrl.AbsoluteUri, attributes); using (var sqs = amazonSqsFactory()) { var response = sqs.SetQueueAttributes(setQueueAttributesRequest); return response.ResponseMetadata.RequestId; } }