By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Creating EC2 Ingress rule in C#

0

I'm trying to create an ingress rule in C# and I'm getting an error at runtime. Here's the relevant code: `

        ///////////BEGIN Set Vars//////////////////////
        ///////////////////////////////////////////////
        Amazon.EC2.AmazonEC2Client ec2Client = new Amazon.EC2.AmazonEC2Client();
        Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest secRequest = new 
       **Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest();
        Amazon.EC2.Model.IpPermission ipPerm = new Amazon.EC2.Model.IpPermission();
        Amazon.EC2.Model.IpRange ipRange = new Amazon.EC2.Model.IpRange();
        List<Amazon.EC2.Model.IpPermission> ipRangeList = new List<Amazon.EC2.Model.IpPermission>();

        ///////////////////////////////////////////////
        ///////////END Set Vars////////////////////////
        ///////////////////////////////////////////////


        ///////////////////////////////////////////////
        ///////////BEGIN IP Range//////////////////////
        ///////////////////////////////////////////////

        ipRange.CidrIp = "5.5.5.10/32";
        ipRange.Description = "My new IP rule";
        ipRangeList.Add(ipPerm);
        ///////////////////////////////////////////////
        ///////////END IP Range////////////////////////
        ///////////////////////////////////////////////


        ///////////////////////////////////////////////
        ///////////BEGIN IP Perms//////////////////////
        ///////////////////////////////////////////////
        ipPerm.IpProtocol = "tcp";
        ipPerm.ToPort = 3389;
        ipPerm.FromPort = 3389;
        ipPerm.Ipv4Ranges.AddRange((IEnumerable<Amazon.EC2.Model.IpRange>)ipRangeList);
        ///////////////////////////////////////////////
        ///////////END IP Perms////////////////////////
        ///////////////////////////////////////////////`

If I just try to add ipRange as a range to ipPerm, the precompiler complains that it needs to be type of List<Amazon.EC2.Model.IpPermission>.

When I use the code above and cast it to List<Amazon.EC2.Model.IpPermission>, the precompiler gets happy, but I get a runtime error:

** Message=Unable to cast object of type 'System.Collections.Generic.List1[Amazon.EC2.Model.IpPermission]' to type 'System.Collections.Generic.IEnumerable1[Amazon.EC2.Model.IpRange]'. Source=System.Private.CoreLib StackTrace: at System.Runtime.CompilerServices.CastHelpers.ChkCastAny(Void* toTypeHnd, Object obj) at AWSFirewall.Program.Main(String[] args) in C:\Users\SeanMcCown\source\repos\AWSFirewall\Program.cs:line 44**

Topics
Compute.NET on AWS
Tags
Amazon EC2.NET on AWS
Language
English
Sean McCown
asked 2 years ago235 views
1 Answer
1

You are trying to cast incompatible types, so the .NET runtime generates an exception. You want to add a list of IpPermission objects into a list of IpRange objects, which is not possible.

Please refer to the AWS SDK documentation about Updating security groups.

There, you can find a code snippet that shows you how to add an ingress rule to a security group:

async Task AddIngressRuleAsync(IAmazonEC2 eC2Client, string groupID, string ipAddress, int port)
{
  // Create an object to hold the request information for the rule.
  // It uses an IpPermission object to hold the IP information for the rule.
  var ingressRequest = new AuthorizeSecurityGroupIngressRequest { GroupId = groupID };
  ingressRequest.IpPermissions.Add(new IpPermission
  {
    IpProtocol = "tcp",
    FromPort = port,
    ToPort = port,
    Ipv4Ranges = new List<IpRange> { new IpRange { CidrIp = ipAddress } }
  });

  // Create the inbound rule for the security group
  var responseIngress = await eC2Client.AuthorizeSecurityGroupIngressAsync(ingressRequest);
  Console.WriteLine($"\nNew RDP rule was written in {groupID} for {ipAddress}.");
  Console.WriteLine($"Result: {responseIngress.HttpStatusCode}");
}

You can then use this method to update the security group with your desired permissions:

var ec2Client = new Amazon.EC2.AmazonEC2Client();
var sgId = "your-security-group-id";
var cidr = "5.5.5.10/32";
var port = 3389;
await AddIngressRuleAsync(ec2Client, sgId, cidr, port);
profile pictureAWS
Dmitry Balabanov
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content