Sono disponibili altri esempi AWS SDK nel repository [AWS Doc SDK](https://github.com/awsdocs/aws-doc-sdk-examples) Examples. GitHub
Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
# Esempi IAM che utilizzano SDK per .NET
I seguenti esempi di codice mostrano come eseguire azioni e implementare scenari comuni utilizzando AWS SDK per .NET with IAM.
*Nozioni di base*: esempi di codice che mostrano come eseguire le operazioni essenziali all’interno di un servizio.
Le *azioni* sono estratti di codice da programmi più grandi e devono essere eseguite nel contesto. Sebbene le azioni mostrino come richiamare le singole funzioni del servizio, è possibile visualizzarle contestualizzate negli scenari correlati.
*Scenari*: esempi di codice che mostrano come eseguire un’attività specifica chiamando più funzioni all’interno dello stesso servizio o combinate con altri Servizi AWS.
Ogni esempio include un link al codice sorgente completo, in cui vengono fornite le istruzioni su come configurare ed eseguire il codice nel contesto.
**Topics**
+ [Nozioni di base](#get_started)
+ [Nozioni di base](#basics)
+ [Azioni](#actions)
+ [Scenari](#scenarios)
## Nozioni di base
### Hello IAM
Il seguente esempio di codice mostra come iniziare a utilizzare IAM.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
namespace IAMActions;
public class HelloIAM
{
static async Task Main(string[] args)
{
// Getting started with AWS Identity and Access Management (IAM). List
// the policies for the account.
var iamClient = new AmazonIdentityManagementServiceClient();
var listPoliciesPaginator = iamClient.Paginators.ListPolicies(new ListPoliciesRequest());
var policies = new List();
await foreach (var response in listPoliciesPaginator.Responses)
{
policies.AddRange(response.Policies);
}
Console.WriteLine("Here are the policies defined for your account:\n");
policies.ForEach(policy =>
{
Console.WriteLine($"Created: {policy.CreateDate}\t{policy.PolicyName}\t{policy.Description}");
});
}
}
```
+ Per i dettagli sull'API, [ListPolicies](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/ListPolicies)consulta *AWS SDK per .NET API Reference*.
## Nozioni di base
### Informazioni di base
L’esempio di codice seguente mostra come creare un utente e assumere un ruolo.
**avvertimento**
Per evitare rischi per la sicurezza, non utilizzare gli utenti IAM per l’autenticazione quando sviluppi software creato ad hoc o lavori con dati reali. Utilizza invece la federazione con un provider di identità come [AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html).
+ Crea un utente che non disponga di autorizzazioni.
+ Crea un ruolo che conceda l’autorizzazione per elencare i bucket Amazon S3 per l’account.
+ Aggiungi una policy per consentire all’utente di assumere il ruolo.
+ Assumi il ruolo ed elenca i bucket S3 utilizzando le credenziali temporanee, quindi ripulisci le risorse.
**SDK per .NET**
C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
global using Amazon.IdentityManagement;
global using Amazon.S3;
global using Amazon.SecurityToken;
global using IAMActions;
global using IamScenariosCommon;
global using Microsoft.Extensions.DependencyInjection;
global using Microsoft.Extensions.Hosting;
global using Microsoft.Extensions.Logging;
global using Microsoft.Extensions.Logging.Console;
global using Microsoft.Extensions.Logging.Debug;
namespace IAMActions;
public class IAMWrapper
{
private readonly IAmazonIdentityManagementService _IAMService;
///
/// Constructor for the IAMWrapper class.
///
/// An IAM client object.
public IAMWrapper(IAmazonIdentityManagementService IAMService)
{
_IAMService = IAMService;
}
///
/// Attach an IAM policy to a role.
///
/// The policy to attach.
/// The role that the policy will be attached to.
/// A Boolean value indicating the success of the action.
public async Task AttachRolePolicyAsync(string policyArn, string roleName)
{
var response = await _IAMService.AttachRolePolicyAsync(new AttachRolePolicyRequest
{
PolicyArn = policyArn,
RoleName = roleName,
});
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
///
/// Create an IAM access key for a user.
///
/// The username for which to create the IAM access
/// key.
/// The AccessKey.
public async Task CreateAccessKeyAsync(string userName)
{
var response = await _IAMService.CreateAccessKeyAsync(new CreateAccessKeyRequest
{
UserName = userName,
});
return response.AccessKey;
}
///
/// Create an IAM policy.
///
/// The name to give the new IAM policy.
/// The policy document for the new policy.
/// The new IAM policy object.
public async Task CreatePolicyAsync(string policyName, string policyDocument)
{
var response = await _IAMService.CreatePolicyAsync(new CreatePolicyRequest
{
PolicyDocument = policyDocument,
PolicyName = policyName,
});
return response.Policy;
}
///
/// Create a new IAM role.
///
/// The name of the IAM role.
/// The name of the IAM policy document
/// for the new role.
/// The Amazon Resource Name (ARN) of the role.
public async Task CreateRoleAsync(string roleName, string rolePolicyDocument)
{
var request = new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = rolePolicyDocument,
};
var response = await _IAMService.CreateRoleAsync(request);
return response.Role.Arn;
}
///
/// Create an IAM service-linked role.
///
/// The name of the AWS Service.
/// A description of the IAM service-linked role.
/// The IAM role that was created.
public async Task CreateServiceLinkedRoleAsync(string serviceName, string description)
{
var request = new CreateServiceLinkedRoleRequest
{
AWSServiceName = serviceName,
Description = description
};
var response = await _IAMService.CreateServiceLinkedRoleAsync(request);
return response.Role;
}
///
/// Create an IAM user.
///
/// The username for the new IAM user.
/// The IAM user that was created.
public async Task CreateUserAsync(string userName)
{
var response = await _IAMService.CreateUserAsync(new CreateUserRequest { UserName = userName });
return response.User;
}
///
/// Delete an IAM user's access key.
///
/// The Id for the IAM access key.
/// The username of the user that owns the IAM
/// access key.
/// A Boolean value indicating the success of the action.
public async Task DeleteAccessKeyAsync(string accessKeyId, string userName)
{
var response = await _IAMService.DeleteAccessKeyAsync(new DeleteAccessKeyRequest
{
AccessKeyId = accessKeyId,
UserName = userName,
});
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
///
/// Delete an IAM policy.
///
/// The Amazon Resource Name (ARN) of the policy to
/// delete.
/// A Boolean value indicating the success of the action.
public async Task DeletePolicyAsync(string policyArn)
{
var response = await _IAMService.DeletePolicyAsync(new DeletePolicyRequest { PolicyArn = policyArn });
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
///
/// Delete an IAM role.
///
/// The name of the IAM role to delete.
/// A Boolean value indicating the success of the action.
public async Task DeleteRoleAsync(string roleName)
{
var response = await _IAMService.DeleteRoleAsync(new DeleteRoleRequest { RoleName = roleName });
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
///
/// Delete an IAM role policy.
///
/// The name of the IAM role.
/// The name of the IAM role policy to delete.
/// A Boolean value indicating the success of the action.
public async Task DeleteRolePolicyAsync(string roleName, string policyName)
{
var response = await _IAMService.DeleteRolePolicyAsync(new DeleteRolePolicyRequest
{
PolicyName = policyName,
RoleName = roleName,
});
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
///
/// Delete an IAM user.
///
/// The username of the IAM user to delete.
/// A Boolean value indicating the success of the action.
public async Task DeleteUserAsync(string userName)
{
var response = await _IAMService.DeleteUserAsync(new DeleteUserRequest { UserName = userName });
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
///
/// Delete an IAM user policy.
///
/// The name of the IAM policy to delete.
/// The username of the IAM user.
/// A Boolean value indicating the success of the action.
public async Task DeleteUserPolicyAsync(string policyName, string userName)
{
var response = await _IAMService.DeleteUserPolicyAsync(new DeleteUserPolicyRequest { PolicyName = policyName, UserName = userName });
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
///
/// Detach an IAM policy from an IAM role.
///
/// The Amazon Resource Name (ARN) of the IAM policy.
/// The name of the IAM role.
/// A Boolean value indicating the success of the action.
public async Task DetachRolePolicyAsync(string policyArn, string roleName)
{
var response = await _IAMService.DetachRolePolicyAsync(new DetachRolePolicyRequest
{
PolicyArn = policyArn,
RoleName = roleName,
});
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
///
/// Gets the IAM password policy for an AWS account.
///
/// The PasswordPolicy for the AWS account.
public async Task GetAccountPasswordPolicyAsync()
{
var response = await _IAMService.GetAccountPasswordPolicyAsync(new GetAccountPasswordPolicyRequest());
return response.PasswordPolicy;
}
///
/// Get information about an IAM policy.
///
/// The IAM policy to retrieve information for.
/// The IAM policy.
public async Task GetPolicyAsync(string policyArn)
{
var response = await _IAMService.GetPolicyAsync(new GetPolicyRequest { PolicyArn = policyArn });
return response.Policy;
}
///
/// Get information about an IAM role.
///
/// The name of the IAM role to retrieve information
/// for.
/// The IAM role that was retrieved.
public async Task GetRoleAsync(string roleName)
{
var response = await _IAMService.GetRoleAsync(new GetRoleRequest
{
RoleName = roleName,
});
return response.Role;
}
///
/// Get information about an IAM user.
///
/// The username of the user.
/// An IAM user object.
public async Task GetUserAsync(string userName)
{
var response = await _IAMService.GetUserAsync(new GetUserRequest { UserName = userName });
return response.User;
}
///
/// List the IAM role policies that are attached to an IAM role.
///
/// The IAM role to list IAM policies for.
/// A list of the IAM policies attached to the IAM role.
public async Task> ListAttachedRolePoliciesAsync(string roleName)
{
var attachedPolicies = new List();
var attachedRolePoliciesPaginator = _IAMService.Paginators.ListAttachedRolePolicies(new ListAttachedRolePoliciesRequest { RoleName = roleName });
await foreach (var response in attachedRolePoliciesPaginator.Responses)
{
attachedPolicies.AddRange(response.AttachedPolicies);
}
return attachedPolicies;
}
///
/// List IAM groups.
///
/// A list of IAM groups.
public async Task> ListGroupsAsync()
{
var groupsPaginator = _IAMService.Paginators.ListGroups(new ListGroupsRequest());
var groups = new List();
await foreach (var response in groupsPaginator.Responses)
{
groups.AddRange(response.Groups);
}
return groups;
}
///
/// List IAM policies.
///
/// A list of the IAM policies.
public async Task> ListPoliciesAsync()
{
var listPoliciesPaginator = _IAMService.Paginators.ListPolicies(new ListPoliciesRequest());
var policies = new List();
await foreach (var response in listPoliciesPaginator.Responses)
{
policies.AddRange(response.Policies);
}
return policies;
}
///
/// List IAM role policies.
///
/// The IAM role for which to list IAM policies.
/// A list of IAM policy names.
public async Task> ListRolePoliciesAsync(string roleName)
{
var listRolePoliciesPaginator = _IAMService.Paginators.ListRolePolicies(new ListRolePoliciesRequest { RoleName = roleName });
var policyNames = new List();
await foreach (var response in listRolePoliciesPaginator.Responses)
{
policyNames.AddRange(response.PolicyNames);
}
return policyNames;
}
///
/// List IAM roles.
///
/// A list of IAM roles.
public async Task> ListRolesAsync()
{
var listRolesPaginator = _IAMService.Paginators.ListRoles(new ListRolesRequest());
var roles = new List();
await foreach (var response in listRolesPaginator.Responses)
{
roles.AddRange(response.Roles);
}
return roles;
}
///
/// List SAML authentication providers.
///
/// A list of SAML providers.
public async Task> ListSAMLProvidersAsync()
{
var response = await _IAMService.ListSAMLProvidersAsync(new ListSAMLProvidersRequest());
return response.SAMLProviderList;
}
///
/// List IAM users.
///
/// A list of IAM users.
public async Task> ListUsersAsync()
{
var listUsersPaginator = _IAMService.Paginators.ListUsers(new ListUsersRequest());
var users = new List();
await foreach (var response in listUsersPaginator.Responses)
{
users.AddRange(response.Users);
}
return users;
}
///
/// Update the inline policy document embedded in a role.
///
/// The name of the policy to embed.
/// The name of the role to update.
/// The policy document that defines the role.
/// A Boolean value indicating the success of the action.
public async Task PutRolePolicyAsync(string policyName, string roleName, string policyDocument)
{
var request = new PutRolePolicyRequest
{
PolicyName = policyName,
RoleName = roleName,
PolicyDocument = policyDocument
};
var response = await _IAMService.PutRolePolicyAsync(request);
return response.HttpStatusCode == HttpStatusCode.OK;
}
///
/// Add or update an inline policy document that is embedded in an IAM user.
///
/// The name of the IAM user.
/// The name of the IAM policy.
/// The policy document defining the IAM policy.
/// A Boolean value indicating the success of the action.
public async Task PutUserPolicyAsync(string userName, string policyName, string policyDocument)
{
var request = new PutUserPolicyRequest
{
UserName = userName,
PolicyName = policyName,
PolicyDocument = policyDocument
};
var response = await _IAMService.PutUserPolicyAsync(request);
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
///
/// Wait for a new access key to be ready to use.
///
/// The Id of the access key.
/// A boolean value indicating the success of the action.
public async Task WaitUntilAccessKeyIsReady(string accessKeyId)
{
var keyReady = false;
do
{
try
{
var response = await _IAMService.GetAccessKeyLastUsedAsync(
new GetAccessKeyLastUsedRequest { AccessKeyId = accessKeyId });
if (response.UserName is not null)
{
keyReady = true;
}
}
catch (NoSuchEntityException)
{
keyReady = false;
}
} while (!keyReady);
return keyReady;
}
}
using Microsoft.Extensions.Configuration;
namespace IAMBasics;
public class IAMBasics
{
private static ILogger logger = null!;
static async Task Main(string[] args)
{
// Set up dependency injection for the AWS service.
using var host = Host.CreateDefaultBuilder(args)
.ConfigureLogging(logging =>
logging.AddFilter("System", LogLevel.Debug)
.AddFilter("Microsoft", LogLevel.Information)
.AddFilter("Microsoft", LogLevel.Trace))
.ConfigureServices((_, services) =>
services.AddAWSService()
.AddTransient()
.AddTransient()
)
.Build();
logger = LoggerFactory.Create(builder => { builder.AddConsole(); })
.CreateLogger();
IConfiguration configuration = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("settings.json") // Load test settings from .json file.
.AddJsonFile("settings.local.json",
true) // Optionally load local settings.
.Build();
// Values needed for user, role, and policies.
string userName = configuration["UserName"]!;
string s3PolicyName = configuration["S3PolicyName"]!;
string roleName = configuration["RoleName"]!;
var iamWrapper = host.Services.GetRequiredService();
var uiWrapper = host.Services.GetRequiredService();
uiWrapper.DisplayBasicsOverview();
uiWrapper.PressEnter();
// First create a user. By default, the new user has
// no permissions.
uiWrapper.DisplayTitle("Create User");
Console.WriteLine($"Creating a new user with user name: {userName}.");
var user = await iamWrapper.CreateUserAsync(userName);
var userArn = user.Arn;
Console.WriteLine($"Successfully created user: {userName} with ARN: {userArn}.");
uiWrapper.WaitABit(15, "Now let's wait for the user to be ready for use.");
// Define a role policy document that allows the new user
// to assume the role.
string assumeRolePolicyDocument = "{" +
"\"Version\": \"2012-10-17\"," +
"\"Statement\": [{" +
"\"Effect\": \"Allow\"," +
"\"Principal\": {" +
$" \"AWS\": \"{userArn}\"" +
"}," +
"\"Action\": \"sts:AssumeRole\"" +
"}]" +
"}";
// Permissions to list all buckets.
string policyDocument = "{" +
"\"Version\": \"2012-10-17\"," +
" \"Statement\" : [{" +
" \"Action\" : [\"s3:ListAllMyBuckets\"]," +
" \"Effect\" : \"Allow\"," +
" \"Resource\" : \"*\"" +
"}]" +
"}";
// Create an AccessKey for the user.
uiWrapper.DisplayTitle("Create access key");
Console.WriteLine("Now let's create an access key for the new user.");
var accessKey = await iamWrapper.CreateAccessKeyAsync(userName);
var accessKeyId = accessKey.AccessKeyId;
var secretAccessKey = accessKey.SecretAccessKey;
Console.WriteLine($"We have created the access key with Access key id: {accessKeyId}.");
Console.WriteLine("Now let's wait until the IAM access key is ready to use.");
var keyReady = await iamWrapper.WaitUntilAccessKeyIsReady(accessKeyId);
// Now try listing the Amazon Simple Storage Service (Amazon S3)
// buckets. This should fail at this point because the user doesn't
// have permissions to perform this task.
uiWrapper.DisplayTitle("Try to display Amazon S3 buckets");
Console.WriteLine("Now let's try to display a list of the user's Amazon S3 buckets.");
var s3Client1 = new AmazonS3Client(accessKeyId, secretAccessKey);
var stsClient1 = new AmazonSecurityTokenServiceClient(accessKeyId, secretAccessKey);
var s3Wrapper = new S3Wrapper(s3Client1, stsClient1);
var buckets = await s3Wrapper.ListMyBucketsAsync();
Console.WriteLine(buckets is null
? "As expected, the call to list the buckets has returned a null list."
: "Something went wrong. This shouldn't have worked.");
uiWrapper.PressEnter();
uiWrapper.DisplayTitle("Create IAM role");
Console.WriteLine($"Creating the role: {roleName}");
// Creating an IAM role to allow listing the S3 buckets. A role name
// is not case sensitive and must be unique to the account for which it
// is created.
var roleArn = await iamWrapper.CreateRoleAsync(roleName, assumeRolePolicyDocument);
uiWrapper.PressEnter();
// Create a policy with permissions to list S3 buckets.
uiWrapper.DisplayTitle("Create IAM policy");
Console.WriteLine($"Creating the policy: {s3PolicyName}");
Console.WriteLine("with permissions to list the Amazon S3 buckets for the account.");
var policy = await iamWrapper.CreatePolicyAsync(s3PolicyName, policyDocument);
// Wait 15 seconds for the IAM policy to be available.
uiWrapper.WaitABit(15, "Waiting for the policy to be available.");
// Attach the policy to the role you created earlier.
uiWrapper.DisplayTitle("Attach new IAM policy");
Console.WriteLine("Now let's attach the policy to the role.");
await iamWrapper.AttachRolePolicyAsync(policy.Arn, roleName);
// Wait 15 seconds for the role to be updated.
Console.WriteLine();
uiWrapper.WaitABit(15, "Waiting for the policy to be attached.");
// Use the AWS Security Token Service (AWS STS) to have the user
// assume the role we created.
var stsClient2 = new AmazonSecurityTokenServiceClient(accessKeyId, secretAccessKey);
// Wait for the new credentials to become valid.
uiWrapper.WaitABit(10, "Waiting for the credentials to be valid.");
var assumedRoleCredentials = await s3Wrapper.AssumeS3RoleAsync("temporary-session", roleArn);
// Try again to list the buckets using the client created with
// the new user's credentials. This time, it should work.
var s3Client2 = new AmazonS3Client(assumedRoleCredentials);
s3Wrapper.UpdateClients(s3Client2, stsClient2);
buckets = await s3Wrapper.ListMyBucketsAsync();
uiWrapper.DisplayTitle("List Amazon S3 buckets");
Console.WriteLine("This time we should have buckets to list.");
if (buckets is not null)
{
buckets.ForEach(bucket =>
{
Console.WriteLine($"{bucket.BucketName} created: {bucket.CreationDate}");
});
}
uiWrapper.PressEnter();
// Now clean up all the resources used in the example.
uiWrapper.DisplayTitle("Clean up resources");
Console.WriteLine("Thank you for watching. The IAM Basics demo is complete.");
Console.WriteLine("Please wait while we clean up the resources we created.");
await iamWrapper.DetachRolePolicyAsync(policy.Arn, roleName);
await iamWrapper.DeletePolicyAsync(policy.Arn);
await iamWrapper.DeleteRoleAsync(roleName);
await iamWrapper.DeleteAccessKeyAsync(accessKeyId, userName);
await iamWrapper.DeleteUserAsync(userName);
uiWrapper.PressEnter();
Console.WriteLine("All done cleaning up our resources. Thank you for your patience.");
}
}
namespace IamScenariosCommon;
using System.Net;
///
/// A class to perform Amazon Simple Storage Service (Amazon S3) actions for
/// the IAM Basics scenario.
///
public class S3Wrapper
{
private IAmazonS3 _s3Service;
private IAmazonSecurityTokenService _stsService;
///
/// Constructor for the S3Wrapper class.
///
/// An Amazon S3 client object.
/// An AWS Security Token Service (AWS STS)
/// client object.
public S3Wrapper(IAmazonS3 s3Service, IAmazonSecurityTokenService stsService)
{
_s3Service = s3Service;
_stsService = stsService;
}
///
/// Assumes an AWS Identity and Access Management (IAM) role that allows
/// Amazon S3 access for the current session.
///
/// A string representing the current session.
/// The name of the IAM role to assume.
/// Credentials for the newly assumed IAM role.
public async Task AssumeS3RoleAsync(string roleSession, string roleToAssume)
{
// Create the request to use with the AssumeRoleAsync call.
var request = new AssumeRoleRequest()
{
RoleSessionName = roleSession,
RoleArn = roleToAssume,
};
var response = await _stsService.AssumeRoleAsync(request);
return response.Credentials;
}
///
/// Delete an S3 bucket.
///
/// Name of the S3 bucket to delete.
/// A Boolean value indicating the success of the action.
public async Task DeleteBucketAsync(string bucketName)
{
var result = await _s3Service.DeleteBucketAsync(new DeleteBucketRequest { BucketName = bucketName });
return result.HttpStatusCode == HttpStatusCode.OK;
}
///
/// List the buckets that are owned by the user's account.
///
/// Async Task.
public async Task?> ListMyBucketsAsync()
{
try
{
// Get the list of buckets accessible by the new user.
var response = await _s3Service.ListBucketsAsync();
return response.Buckets;
}
catch (AmazonS3Exception ex)
{
// Something else went wrong. Display the error message.
Console.WriteLine($"Error: {ex.Message}");
return null;
}
}
///
/// Create a new S3 bucket.
///
/// The name for the new bucket.
/// A Boolean value indicating whether the action completed
/// successfully.
public async Task PutBucketAsync(string bucketName)
{
var response = await _s3Service.PutBucketAsync(new PutBucketRequest { BucketName = bucketName });
return response.HttpStatusCode == HttpStatusCode.OK;
}
///
/// Update the client objects with new client objects. This is available
/// because the scenario uses the methods of this class without and then
/// with the proper permissions to list S3 buckets.
///
/// The Amazon S3 client object.
/// The AWS STS client object.
public void UpdateClients(IAmazonS3 s3Service, IAmazonSecurityTokenService stsService)
{
_s3Service = s3Service;
_stsService = stsService;
}
}
namespace IamScenariosCommon;
public class UIWrapper
{
public readonly string SepBar = new('-', Console.WindowWidth);
///
/// Show information about the IAM Groups scenario.
///
public void DisplayGroupsOverview()
{
Console.Clear();
DisplayTitle("Welcome to the IAM Groups Demo");
Console.WriteLine("This example application does the following:");
Console.WriteLine("\t1. Creates an Amazon Identity and Access Management (IAM) group.");
Console.WriteLine("\t2. Adds an IAM policy to the IAM group giving it full access to Amazon S3.");
Console.WriteLine("\t3. Creates a new IAM user.");
Console.WriteLine("\t4. Creates an IAM access key for the user.");
Console.WriteLine("\t5. Adds the user to the IAM group.");
Console.WriteLine("\t6. Lists the buckets on the account.");
Console.WriteLine("\t7. Proves that the user has full Amazon S3 access by creating a bucket.");
Console.WriteLine("\t8. List the buckets again to show the new bucket.");
Console.WriteLine("\t9. Cleans up all the resources created.");
}
///
/// Show information about the IAM Basics scenario.
///
public void DisplayBasicsOverview()
{
Console.Clear();
DisplayTitle("Welcome to IAM Basics");
Console.WriteLine("This example application does the following:");
Console.WriteLine("\t1. Creates a user with no permissions.");
Console.WriteLine("\t2. Creates a role and policy that grant s3:ListAllMyBuckets permission.");
Console.WriteLine("\t3. Grants the user permission to assume the role.");
Console.WriteLine("\t4. Creates an S3 client object as the user and tries to list buckets (this will fail).");
Console.WriteLine("\t5. Gets temporary credentials by assuming the role.");
Console.WriteLine("\t6. Creates a new S3 client object with the temporary credentials and lists the buckets (this will succeed).");
Console.WriteLine("\t7. Deletes all the resources.");
}
///
/// Display a message and wait until the user presses enter.
///
public void PressEnter()
{
Console.Write("\nPress to continue. ");
_ = Console.ReadLine();
Console.WriteLine();
}
///
/// Pad a string with spaces to center it on the console display.
///
/// The string to be centered.
/// The padded string.
public string CenterString(string strToCenter)
{
var padAmount = (Console.WindowWidth - strToCenter.Length) / 2;
var leftPad = new string(' ', padAmount);
return $"{leftPad}{strToCenter}";
}
///
/// Display a line of hyphens, the centered text of the title, and another
/// line of hyphens.
///
/// The string to be displayed.
public void DisplayTitle(string strTitle)
{
Console.WriteLine(SepBar);
Console.WriteLine(CenterString(strTitle));
Console.WriteLine(SepBar);
}
///
/// Display a countdown and wait for a number of seconds.
///
/// The number of seconds to wait.
public void WaitABit(int numSeconds, string msg)
{
Console.WriteLine(msg);
// Wait for the requested number of seconds.
for (int i = numSeconds; i > 0; i--)
{
System.Threading.Thread.Sleep(1000);
Console.Write($"{i}...");
}
PressEnter();
}
}
```
+ Per informazioni dettagliate sull'API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per .NET *.
+ [AttachRolePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/AttachRolePolicy)
+ [CreateAccessKey](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreateAccessKey)
+ [CreatePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreatePolicy)
+ [CreateRole](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreateRole)
+ [CreateUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreateUser)
+ [DeleteAccessKey](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteAccessKey)
+ [DeletePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeletePolicy)
+ [DeleteRole](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteRole)
+ [DeleteUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteUser)
+ [DeleteUserPolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteUserPolicy)
+ [DetachRolePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DetachRolePolicy)
+ [PutUserPolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/PutUserPolicy)
## Azioni
### `AttachRolePolicy`
Il seguente esempio di codice mostra come usare`AttachRolePolicy`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Attach an IAM policy to a role.
///
/// The policy to attach.
/// The role that the policy will be attached to.
/// A Boolean value indicating the success of the action.
public async Task AttachRolePolicyAsync(string policyArn, string roleName)
{
var response = await _IAMService.AttachRolePolicyAsync(new AttachRolePolicyRequest
{
PolicyArn = policyArn,
RoleName = roleName,
});
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
```
+ Per i dettagli sull'API, [AttachRolePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/AttachRolePolicy)consulta *AWS SDK per .NET API Reference*.
### `CreateAccessKey`
Il seguente esempio di codice mostra come utilizzare`CreateAccessKey`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Create an IAM access key for a user.
///
/// The username for which to create the IAM access
/// key.
/// The AccessKey.
public async Task CreateAccessKeyAsync(string userName)
{
var response = await _IAMService.CreateAccessKeyAsync(new CreateAccessKeyRequest
{
UserName = userName,
});
return response.AccessKey;
}
```
+ Per i dettagli sull'API, [CreateAccessKey](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreateAccessKey)consulta *AWS SDK per .NET API Reference*.
### `CreateInstanceProfile`
Il seguente esempio di codice mostra come utilizzare`CreateInstanceProfile`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/cross-service/ResilientService/AutoScalerActions#code-examples).
```
///
/// Create a policy, role, and profile that is associated with instances with a specified name.
/// An instance's associated profile defines a role that is assumed by the
/// instance.The role has attached policies that specify the AWS permissions granted to
/// clients that run on the instance.
///
/// Name to use for the policy.
/// Name to use for the role.
/// Name to use for the profile.
/// Path to a policy file for SSM.
/// AWS Managed policies to be attached to the role.
/// The Arn of the profile.
public async Task CreateInstanceProfileWithName(
string policyName,
string roleName,
string profileName,
string ssmOnlyPolicyFile,
List? awsManagedPolicies = null)
{
var assumeRoleDoc = "{" +
"\"Version\": \"2012-10-17\"," +
"\"Statement\": [{" +
"\"Effect\": \"Allow\"," +
"\"Principal\": {" +
"\"Service\": [" +
"\"ec2.amazonaws.com\"" +
"]" +
"}," +
"\"Action\": \"sts:AssumeRole\"" +
"}]" +
"}";
var policyDocument = await File.ReadAllTextAsync(ssmOnlyPolicyFile);
var policyArn = "";
try
{
var createPolicyResult = await _amazonIam.CreatePolicyAsync(
new CreatePolicyRequest
{
PolicyName = policyName,
PolicyDocument = policyDocument
});
policyArn = createPolicyResult.Policy.Arn;
}
catch (EntityAlreadyExistsException)
{
// The policy already exists, so we look it up to get the Arn.
var policiesPaginator = _amazonIam.Paginators.ListPolicies(
new ListPoliciesRequest()
{
Scope = PolicyScopeType.Local
});
// Get the entire list using the paginator.
await foreach (var policy in policiesPaginator.Policies)
{
if (policy.PolicyName.Equals(policyName))
{
policyArn = policy.Arn;
}
}
if (policyArn == null)
{
throw new InvalidOperationException("Policy not found");
}
}
try
{
await _amazonIam.CreateRoleAsync(new CreateRoleRequest()
{
RoleName = roleName,
AssumeRolePolicyDocument = assumeRoleDoc,
});
await _amazonIam.AttachRolePolicyAsync(new AttachRolePolicyRequest()
{
RoleName = roleName,
PolicyArn = policyArn
});
if (awsManagedPolicies != null)
{
foreach (var awsPolicy in awsManagedPolicies)
{
await _amazonIam.AttachRolePolicyAsync(new AttachRolePolicyRequest()
{
PolicyArn = $"arn:aws:iam::aws:policy/{awsPolicy}",
RoleName = roleName
});
}
}
}
catch (EntityAlreadyExistsException)
{
Console.WriteLine("Role already exists.");
}
string profileArn = "";
try
{
var profileCreateResponse = await _amazonIam.CreateInstanceProfileAsync(
new CreateInstanceProfileRequest()
{
InstanceProfileName = profileName
});
// Allow time for the profile to be ready.
profileArn = profileCreateResponse.InstanceProfile.Arn;
Thread.Sleep(10000);
await _amazonIam.AddRoleToInstanceProfileAsync(
new AddRoleToInstanceProfileRequest()
{
InstanceProfileName = profileName,
RoleName = roleName
});
}
catch (EntityAlreadyExistsException)
{
Console.WriteLine("Policy already exists.");
var profileGetResponse = await _amazonIam.GetInstanceProfileAsync(
new GetInstanceProfileRequest()
{
InstanceProfileName = profileName
});
profileArn = profileGetResponse.InstanceProfile.Arn;
}
return profileArn;
}
```
+ Per i dettagli sull'API, [CreateInstanceProfile](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreateInstanceProfile)consulta *AWS SDK per .NET API Reference*.
### `CreatePolicy`
Il seguente esempio di codice mostra come utilizzare`CreatePolicy`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Create an IAM policy.
///
/// The name to give the new IAM policy.
/// The policy document for the new policy.
/// The new IAM policy object.
public async Task CreatePolicyAsync(string policyName, string policyDocument)
{
var response = await _IAMService.CreatePolicyAsync(new CreatePolicyRequest
{
PolicyDocument = policyDocument,
PolicyName = policyName,
});
return response.Policy;
}
```
+ Per i dettagli sull'API, [CreatePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreatePolicy)consulta *AWS SDK per .NET API Reference*.
### `CreateRole`
Il seguente esempio di codice mostra come utilizzare`CreateRole`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Create a new IAM role.
///
/// The name of the IAM role.
/// The name of the IAM policy document
/// for the new role.
/// The Amazon Resource Name (ARN) of the role.
public async Task CreateRoleAsync(string roleName, string rolePolicyDocument)
{
var request = new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = rolePolicyDocument,
};
var response = await _IAMService.CreateRoleAsync(request);
return response.Role.Arn;
}
```
+ Per i dettagli sull'API, [CreateRole](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreateRole)consulta *AWS SDK per .NET API Reference*.
### `CreateServiceLinkedRole`
Il seguente esempio di codice mostra come utilizzare`CreateServiceLinkedRole`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Create an IAM service-linked role.
///
/// The name of the AWS Service.
/// A description of the IAM service-linked role.
/// The IAM role that was created.
public async Task CreateServiceLinkedRoleAsync(string serviceName, string description)
{
var request = new CreateServiceLinkedRoleRequest
{
AWSServiceName = serviceName,
Description = description
};
var response = await _IAMService.CreateServiceLinkedRoleAsync(request);
return response.Role;
}
```
+ Per i dettagli sull'API, [CreateServiceLinkedRole](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreateServiceLinkedRole)consulta *AWS SDK per .NET API Reference*.
### `CreateUser`
Il seguente esempio di codice mostra come utilizzare`CreateUser`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Create an IAM user.
///
/// The username for the new IAM user.
/// The IAM user that was created.
public async Task CreateUserAsync(string userName)
{
var response = await _IAMService.CreateUserAsync(new CreateUserRequest { UserName = userName });
return response.User;
}
```
+ Per i dettagli sull'API, [CreateUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreateUser)consulta *AWS SDK per .NET API Reference*.
### `DeleteAccessKey`
Il seguente esempio di codice mostra come utilizzare`DeleteAccessKey`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Delete an IAM user's access key.
///
/// The Id for the IAM access key.
/// The username of the user that owns the IAM
/// access key.
/// A Boolean value indicating the success of the action.
public async Task DeleteAccessKeyAsync(string accessKeyId, string userName)
{
var response = await _IAMService.DeleteAccessKeyAsync(new DeleteAccessKeyRequest
{
AccessKeyId = accessKeyId,
UserName = userName,
});
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
```
+ Per i dettagli sull'API, [DeleteAccessKey](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteAccessKey)consulta *AWS SDK per .NET API Reference*.
### `DeleteInstanceProfile`
Il seguente esempio di codice mostra come utilizzare`DeleteInstanceProfile`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/cross-service/ResilientService/AutoScalerActions#code-examples).
```
///
/// Detaches a role from an instance profile, detaches policies from the role,
/// and deletes all the resources.
///
/// The name of the profile to delete.
/// The name of the role to delete.
/// Async task.
public async Task DeleteInstanceProfile(string profileName, string roleName)
{
try
{
await _amazonIam.RemoveRoleFromInstanceProfileAsync(
new RemoveRoleFromInstanceProfileRequest()
{
InstanceProfileName = profileName,
RoleName = roleName
});
await _amazonIam.DeleteInstanceProfileAsync(
new DeleteInstanceProfileRequest() { InstanceProfileName = profileName });
var attachedPolicies = await _amazonIam.ListAttachedRolePoliciesAsync(
new ListAttachedRolePoliciesRequest() { RoleName = roleName });
foreach (var policy in attachedPolicies.AttachedPolicies)
{
await _amazonIam.DetachRolePolicyAsync(
new DetachRolePolicyRequest()
{
RoleName = roleName,
PolicyArn = policy.PolicyArn
});
// Delete the custom policies only.
if (!policy.PolicyArn.StartsWith("arn:aws:iam::aws"))
{
await _amazonIam.DeletePolicyAsync(
new Amazon.IdentityManagement.Model.DeletePolicyRequest()
{
PolicyArn = policy.PolicyArn
});
}
}
await _amazonIam.DeleteRoleAsync(
new DeleteRoleRequest() { RoleName = roleName });
}
catch (NoSuchEntityException)
{
Console.WriteLine($"Instance profile {profileName} does not exist.");
}
}
```
+ Per i dettagli sull'API, [DeleteInstanceProfile](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteInstanceProfile)consulta *AWS SDK per .NET API Reference*.
### `DeletePolicy`
Il seguente esempio di codice mostra come utilizzare`DeletePolicy`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Delete an IAM policy.
///
/// The Amazon Resource Name (ARN) of the policy to
/// delete.
/// A Boolean value indicating the success of the action.
public async Task DeletePolicyAsync(string policyArn)
{
var response = await _IAMService.DeletePolicyAsync(new DeletePolicyRequest { PolicyArn = policyArn });
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
```
+ Per i dettagli sull'API, [DeletePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeletePolicy)consulta *AWS SDK per .NET API Reference*.
### `DeleteRole`
Il seguente esempio di codice mostra come utilizzare`DeleteRole`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Delete an IAM role.
///
/// The name of the IAM role to delete.
/// A Boolean value indicating the success of the action.
public async Task DeleteRoleAsync(string roleName)
{
var response = await _IAMService.DeleteRoleAsync(new DeleteRoleRequest { RoleName = roleName });
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
```
+ Per i dettagli sull'API, [DeleteRole](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteRole)consulta *AWS SDK per .NET API Reference*.
### `DeleteRolePolicy`
Il seguente esempio di codice mostra come utilizzare`DeleteRolePolicy`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Delete an IAM role policy.
///
/// The name of the IAM role.
/// The name of the IAM role policy to delete.
/// A Boolean value indicating the success of the action.
public async Task DeleteRolePolicyAsync(string roleName, string policyName)
{
var response = await _IAMService.DeleteRolePolicyAsync(new DeleteRolePolicyRequest
{
PolicyName = policyName,
RoleName = roleName,
});
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
```
+ Per i dettagli sull'API, [DeleteRolePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteRolePolicy)consulta *AWS SDK per .NET API Reference*.
### `DeleteUser`
Il seguente esempio di codice mostra come utilizzare`DeleteUser`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Delete an IAM user.
///
/// The username of the IAM user to delete.
/// A Boolean value indicating the success of the action.
public async Task DeleteUserAsync(string userName)
{
var response = await _IAMService.DeleteUserAsync(new DeleteUserRequest { UserName = userName });
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
```
+ Per i dettagli sull'API, [DeleteUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteUser)consulta *AWS SDK per .NET API Reference*.
### `DeleteUserPolicy`
Il seguente esempio di codice mostra come utilizzare`DeleteUserPolicy`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Delete an IAM user policy.
///
/// The name of the IAM policy to delete.
/// The username of the IAM user.
/// A Boolean value indicating the success of the action.
public async Task DeleteUserPolicyAsync(string policyName, string userName)
{
var response = await _IAMService.DeleteUserPolicyAsync(new DeleteUserPolicyRequest { PolicyName = policyName, UserName = userName });
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
```
+ Per i dettagli sull'API, [DeleteUserPolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteUserPolicy)consulta *AWS SDK per .NET API Reference*.
### `DetachRolePolicy`
Il seguente esempio di codice mostra come utilizzare`DetachRolePolicy`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Detach an IAM policy from an IAM role.
///
/// The Amazon Resource Name (ARN) of the IAM policy.
/// The name of the IAM role.
/// A Boolean value indicating the success of the action.
public async Task DetachRolePolicyAsync(string policyArn, string roleName)
{
var response = await _IAMService.DetachRolePolicyAsync(new DetachRolePolicyRequest
{
PolicyArn = policyArn,
RoleName = roleName,
});
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
}
```
+ Per i dettagli sull'API, [DetachRolePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DetachRolePolicy)consulta *AWS SDK per .NET API Reference*.
### `GetAccountPasswordPolicy`
Il seguente esempio di codice mostra come utilizzare`GetAccountPasswordPolicy`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Gets the IAM password policy for an AWS account.
///
/// The PasswordPolicy for the AWS account.
public async Task GetAccountPasswordPolicyAsync()
{
var response = await _IAMService.GetAccountPasswordPolicyAsync(new GetAccountPasswordPolicyRequest());
return response.PasswordPolicy;
}
```
+ Per i dettagli sull'API, [GetAccountPasswordPolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/GetAccountPasswordPolicy)consulta *AWS SDK per .NET API Reference*.
### `GetPolicy`
Il seguente esempio di codice mostra come utilizzare`GetPolicy`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Get information about an IAM policy.
///
/// The IAM policy to retrieve information for.
/// The IAM policy.
public async Task GetPolicyAsync(string policyArn)
{
var response = await _IAMService.GetPolicyAsync(new GetPolicyRequest { PolicyArn = policyArn });
return response.Policy;
}
```
+ Per i dettagli sull'API, [GetPolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/GetPolicy)consulta *AWS SDK per .NET API Reference*.
### `GetRole`
Il seguente esempio di codice mostra come utilizzare`GetRole`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Get information about an IAM role.
///
/// The name of the IAM role to retrieve information
/// for.
/// The IAM role that was retrieved.
public async Task GetRoleAsync(string roleName)
{
var response = await _IAMService.GetRoleAsync(new GetRoleRequest
{
RoleName = roleName,
});
return response.Role;
}
```
+ Per i dettagli sull'API, [GetRole](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/GetRole)consulta *AWS SDK per .NET API Reference*.
### `GetUser`
Il seguente esempio di codice mostra come utilizzare`GetUser`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Get information about an IAM user.
///
/// The username of the user.
/// An IAM user object.
public async Task GetUserAsync(string userName)
{
var response = await _IAMService.GetUserAsync(new GetUserRequest { UserName = userName });
return response.User;
}
```
+ Per i dettagli sull'API, [GetUser](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/GetUser)consulta *AWS SDK per .NET API Reference*.
### `ListAttachedRolePolicies`
Il seguente esempio di codice mostra come utilizzare`ListAttachedRolePolicies`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// List the IAM role policies that are attached to an IAM role.
///
/// The IAM role to list IAM policies for.
/// A list of the IAM policies attached to the IAM role.
public async Task> ListAttachedRolePoliciesAsync(string roleName)
{
var attachedPolicies = new List();
var attachedRolePoliciesPaginator = _IAMService.Paginators.ListAttachedRolePolicies(new ListAttachedRolePoliciesRequest { RoleName = roleName });
await foreach (var response in attachedRolePoliciesPaginator.Responses)
{
attachedPolicies.AddRange(response.AttachedPolicies);
}
return attachedPolicies;
}
```
+ Per i dettagli sull'API, [ListAttachedRolePolicies](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/ListAttachedRolePolicies)consulta *AWS SDK per .NET API Reference*.
### `ListGroups`
Il seguente esempio di codice mostra come utilizzare`ListGroups`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// List IAM groups.
///
/// A list of IAM groups.
public async Task> ListGroupsAsync()
{
var groupsPaginator = _IAMService.Paginators.ListGroups(new ListGroupsRequest());
var groups = new List();
await foreach (var response in groupsPaginator.Responses)
{
groups.AddRange(response.Groups);
}
return groups;
}
```
+ Per i dettagli sull'API, [ListGroups](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/ListGroups)consulta *AWS SDK per .NET API Reference*.
### `ListPolicies`
Il seguente esempio di codice mostra come utilizzare`ListPolicies`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// List IAM policies.
///
/// A list of the IAM policies.
public async Task> ListPoliciesAsync()
{
var listPoliciesPaginator = _IAMService.Paginators.ListPolicies(new ListPoliciesRequest());
var policies = new List();
await foreach (var response in listPoliciesPaginator.Responses)
{
policies.AddRange(response.Policies);
}
return policies;
}
```
+ Per i dettagli sull'API, [ListPolicies](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/ListPolicies)consulta *AWS SDK per .NET API Reference*.
### `ListRolePolicies`
Il seguente esempio di codice mostra come utilizzare`ListRolePolicies`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// List IAM role policies.
///
/// The IAM role for which to list IAM policies.
/// A list of IAM policy names.
public async Task> ListRolePoliciesAsync(string roleName)
{
var listRolePoliciesPaginator = _IAMService.Paginators.ListRolePolicies(new ListRolePoliciesRequest { RoleName = roleName });
var policyNames = new List();
await foreach (var response in listRolePoliciesPaginator.Responses)
{
policyNames.AddRange(response.PolicyNames);
}
return policyNames;
}
```
+ Per i dettagli sull'API, [ListRolePolicies](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/ListRolePolicies)consulta *AWS SDK per .NET API Reference*.
### `ListRoles`
Il seguente esempio di codice mostra come utilizzare`ListRoles`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// List IAM roles.
///
/// A list of IAM roles.
public async Task> ListRolesAsync()
{
var listRolesPaginator = _IAMService.Paginators.ListRoles(new ListRolesRequest());
var roles = new List();
await foreach (var response in listRolesPaginator.Responses)
{
roles.AddRange(response.Roles);
}
return roles;
}
```
+ Per i dettagli sull'API, [ListRoles](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/ListRoles)consulta *AWS SDK per .NET API Reference*.
### `ListSAMLProviders`
Il seguente esempio di codice mostra come utilizzare`ListSAMLProviders`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// List SAML authentication providers.
///
/// A list of SAML providers.
public async Task> ListSAMLProvidersAsync()
{
var response = await _IAMService.ListSAMLProvidersAsync(new ListSAMLProvidersRequest());
return response.SAMLProviderList;
}
```
+ Per i dettagli sull'API, consulta [List SAMLProviders](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/ListSAMLProviders) in *AWS SDK per .NET API Reference*.
### `ListUsers`
Il seguente esempio di codice mostra come utilizzare`ListUsers`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// List IAM users.
///
/// A list of IAM users.
public async Task> ListUsersAsync()
{
var listUsersPaginator = _IAMService.Paginators.ListUsers(new ListUsersRequest());
var users = new List();
await foreach (var response in listUsersPaginator.Responses)
{
users.AddRange(response.Users);
}
return users;
}
```
+ Per i dettagli sull'API, [ListUsers](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/ListUsers)consulta *AWS SDK per .NET API Reference*.
### `PutRolePolicy`
Il seguente esempio di codice mostra come utilizzare`PutRolePolicy`.
**SDK per .NET**
C'è altro da fare GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/IAM#code-examples).
```
///
/// Update the inline policy document embedded in a role.
///
/// The name of the policy to embed.
/// The name of the role to update.
/// The policy document that defines the role.
/// A Boolean value indicating the success of the action.
public async Task PutRolePolicyAsync(string policyName, string roleName, string policyDocument)
{
var request = new PutRolePolicyRequest
{
PolicyName = policyName,
RoleName = roleName,
PolicyDocument = policyDocument
};
var response = await _IAMService.PutRolePolicyAsync(request);
return response.HttpStatusCode == HttpStatusCode.OK;
}
```
+ Per i dettagli sull'API, [PutRolePolicy](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/PutRolePolicy)consulta *AWS SDK per .NET API Reference*.
## Scenari
### Creazione e gestione di un servizio resiliente
L’esempio di codice seguente mostra come creare un servizio Web con bilanciamento del carico che restituisca consigli su libri, film e canzoni. L’esempio mostra come il servizio risponde ai guasti e spiega come ristrutturarlo per una maggiore resilienza in caso di guasti.
+ Utilizza un gruppo Amazon EC2 Auto Scaling per creare istanze Amazon Elastic Compute Cloud (Amazon EC2) basate su un modello di avvio e per mantenere il numero di istanze entro un intervallo specificato.
+ Gestisci e distribuisci le richieste HTTP con Elastic Load Balancing.
+ Monitora lo stato delle istanze in un gruppo Auto Scaling e inoltra le richieste soltanto alle istanze integre.
+ Esegui un server Web Python su ogni istanza EC2 per gestire le richieste HTTP. Il server Web risponde con consigli e controlli dell’integrità.
+ Simula un servizio di raccomandazione con una tabella Amazon DynamoDB.
+ Controlla la risposta del server web alle richieste e ai controlli di integrità aggiornando AWS Systems Manager i parametri.
**SDK per .NET**
C'è altro su GitHub. Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/dotnetv3/cross-service/ResilientService#code-examples).
Esegui lo scenario interattivo al prompt dei comandi.
```
static async Task Main(string[] args)
{
_configuration = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("settings.json") // Load settings from .json file.
.AddJsonFile("settings.local.json",
true) // Optionally, load local settings.
.Build();
// Set up dependency injection for the AWS services.
using var host = Host.CreateDefaultBuilder(args)
.ConfigureLogging(logging =>
logging.AddFilter("System", LogLevel.Debug)
.AddFilter("Microsoft", LogLevel.Information)
.AddFilter("Microsoft", LogLevel.Trace))
.ConfigureServices((_, services) =>
services.AddAWSService()
.AddAWSService()
.AddAWSService()
.AddAWSService()
.AddAWSService()
.AddAWSService()
.AddTransient()
.AddTransient()
.AddTransient()
.AddTransient()
.AddSingleton(_configuration)
)
.Build();
ServicesSetup(host);
ResourcesSetup();
try
{
Console.WriteLine(new string('-', 80));
Console.WriteLine("Welcome to the Resilient Architecture Example Scenario.");
Console.WriteLine(new string('-', 80));
await Deploy(true);
Console.WriteLine("Now let's begin the scenario.");
Console.WriteLine(new string('-', 80));
await Demo(true);
Console.WriteLine(new string('-', 80));
Console.WriteLine("Finally, let's clean up our resources.");
Console.WriteLine(new string('-', 80));
await DestroyResources(true);
Console.WriteLine(new string('-', 80));
Console.WriteLine("Resilient Architecture Example Scenario is complete.");
Console.WriteLine(new string('-', 80));
}
catch (Exception ex)
{
Console.WriteLine(new string('-', 80));
Console.WriteLine($"There was a problem running the scenario: {ex.Message}");
await DestroyResources(true);
Console.WriteLine(new string('-', 80));
}
}
///
/// Setup any common resources, also used for integration testing.
///
public static void ResourcesSetup()
{
_httpClient = new HttpClient();
}
///
/// Populate the services for use within the console application.
///
/// The services host.
private static void ServicesSetup(IHost host)
{
_elasticLoadBalancerWrapper = host.Services.GetRequiredService();
_iamClient = host.Services.GetRequiredService();
_recommendations = host.Services.GetRequiredService();
_autoScalerWrapper = host.Services.GetRequiredService();
_smParameterWrapper = host.Services.GetRequiredService();
}
///
/// Deploy necessary resources for the scenario.
///
/// True to run as interactive.
/// True if successful.
public static async Task Deploy(bool interactive)
{
var protocol = "HTTP";
var port = 80;
var sshPort = 22;
Console.WriteLine(
"\nFor this demo, we'll use the AWS SDK for .NET to create several AWS resources\n" +
"to set up a load-balanced web service endpoint and explore some ways to make it resilient\n" +
"against various kinds of failures.\n\n" +
"Some of the resources create by this demo are:\n");
Console.WriteLine(
"\t* A DynamoDB table that the web service depends on to provide book, movie, and song recommendations.");
Console.WriteLine(
"\t* An EC2 launch template that defines EC2 instances that each contain a Python web server.");
Console.WriteLine(
"\t* An EC2 Auto Scaling group that manages EC2 instances across several Availability Zones.");
Console.WriteLine(
"\t* An Elastic Load Balancing (ELB) load balancer that targets the Auto Scaling group to distribute requests.");
Console.WriteLine(new string('-', 80));
Console.WriteLine("Press Enter when you're ready to start deploying resources.");
if (interactive)
Console.ReadLine();
// Create and populate the DynamoDB table.
var databaseTableName = _configuration["databaseName"];
var recommendationsPath = Path.Join(_configuration["resourcePath"],
"recommendations_objects.json");
Console.WriteLine($"Creating and populating a DynamoDB table named {databaseTableName}.");
await _recommendations.CreateDatabaseWithName(databaseTableName);
await _recommendations.PopulateDatabase(databaseTableName, recommendationsPath);
Console.WriteLine(new string('-', 80));
// Create the EC2 Launch Template.
Console.WriteLine(
$"Creating an EC2 launch template that runs 'server_startup_script.sh' when an instance starts.\n"
+ "\nThis script starts a Python web server defined in the `server.py` script. The web server\n"
+ "listens to HTTP requests on port 80 and responds to requests to '/' and to '/healthcheck'.\n"
+ "For demo purposes, this server is run as the root user. In production, the best practice is to\n"
+ "run a web server, such as Apache, with least-privileged credentials.");
Console.WriteLine(
"\nThe template also defines an IAM policy that each instance uses to assume a role that grants\n"
+ "permissions to access the DynamoDB recommendation table and Systems Manager parameters\n"
+ "that control the flow of the demo.");
var startupScriptPath = Path.Join(_configuration["resourcePath"],
"server_startup_script.sh");
var instancePolicyPath = Path.Join(_configuration["resourcePath"],
"instance_policy.json");
await _autoScalerWrapper.CreateTemplate(startupScriptPath, instancePolicyPath);
Console.WriteLine(new string('-', 80));
Console.WriteLine(
"Creating an EC2 Auto Scaling group that maintains three EC2 instances, each in a different\n"
+ "Availability Zone.\n");
var zones = await _autoScalerWrapper.DescribeAvailabilityZones();
await _autoScalerWrapper.CreateGroupOfSize(3, _autoScalerWrapper.GroupName, zones);
Console.WriteLine(new string('-', 80));
Console.WriteLine(
"At this point, you have EC2 instances created. Once each instance starts, it listens for\n"
+ "HTTP requests. You can see these instances in the console or continue with the demo.\n");
Console.WriteLine(new string('-', 80));
Console.WriteLine("Press Enter when you're ready to continue.");
if (interactive)
Console.ReadLine();
Console.WriteLine("Creating variables that control the flow of the demo.");
await _smParameterWrapper.Reset();
Console.WriteLine(
"\nCreating an Elastic Load Balancing target group and load balancer. The target group\n"
+ "defines how the load balancer connects to instances. The load balancer provides a\n"
+ "single endpoint where clients connect and dispatches requests to instances in the group.");
var defaultVpc = await _autoScalerWrapper.GetDefaultVpc();
var subnets = await _autoScalerWrapper.GetAllVpcSubnetsForZones(defaultVpc.VpcId, zones);
var subnetIds = subnets.Select(s => s.SubnetId).ToList();
var targetGroup = await _elasticLoadBalancerWrapper.CreateTargetGroupOnVpc(_elasticLoadBalancerWrapper.TargetGroupName, protocol, port, defaultVpc.VpcId);
await _elasticLoadBalancerWrapper.CreateLoadBalancerAndListener(_elasticLoadBalancerWrapper.LoadBalancerName, subnetIds, targetGroup);
await _autoScalerWrapper.AttachLoadBalancerToGroup(_autoScalerWrapper.GroupName, targetGroup.TargetGroupArn);
Console.WriteLine("\nVerifying access to the load balancer endpoint...");
var endPoint = await _elasticLoadBalancerWrapper.GetEndpointForLoadBalancerByName(_elasticLoadBalancerWrapper.LoadBalancerName);
var loadBalancerAccess = await _elasticLoadBalancerWrapper.VerifyLoadBalancerEndpoint(endPoint);
if (!loadBalancerAccess)
{
Console.WriteLine("\nCouldn't connect to the load balancer, verifying that the port is open...");
var ipString = await _httpClient.GetStringAsync("https://checkip.amazonaws.com");
ipString = ipString.Trim();
var defaultSecurityGroup = await _autoScalerWrapper.GetDefaultSecurityGroupForVpc(defaultVpc);
var portIsOpen = _autoScalerWrapper.VerifyInboundPortForGroup(defaultSecurityGroup, port, ipString);
var sshPortIsOpen = _autoScalerWrapper.VerifyInboundPortForGroup(defaultSecurityGroup, sshPort, ipString);
if (!portIsOpen)
{
Console.WriteLine(
"\nFor this example to work, the default security group for your default VPC must\n"
+ "allows access from this computer. You can either add it automatically from this\n"
+ "example or add it yourself using the AWS Management Console.\n");
if (!interactive || GetYesNoResponse(
"Do you want to add a rule to the security group to allow inbound traffic from your computer's IP address?"))
{
await _autoScalerWrapper.OpenInboundPort(defaultSecurityGroup.GroupId, port, ipString);
}
}
if (!sshPortIsOpen)
{
if (!interactive || GetYesNoResponse(
"Do you want to add a rule to the security group to allow inbound SSH traffic for debugging from your computer's IP address?"))
{
await _autoScalerWrapper.OpenInboundPort(defaultSecurityGroup.GroupId, sshPort, ipString);
}
}
loadBalancerAccess = await _elasticLoadBalancerWrapper.VerifyLoadBalancerEndpoint(endPoint);
}
if (loadBalancerAccess)
{
Console.WriteLine("Your load balancer is ready. You can access it by browsing to:");
Console.WriteLine($"\thttp://{endPoint}\n");
}
else
{
Console.WriteLine(
"\nCouldn't get a successful response from the load balancer endpoint. Troubleshoot by\n"
+ "manually verifying that your VPC and security group are configured correctly and that\n"
+ "you can successfully make a GET request to the load balancer endpoint:\n");
Console.WriteLine($"\thttp://{endPoint}\n");
}
Console.WriteLine(new string('-', 80));
Console.WriteLine("Press Enter when you're ready to continue with the demo.");
if (interactive)
Console.ReadLine();
return true;
}
///
/// Demonstrate the steps of the scenario.
///
/// True to run as an interactive scenario.
/// Async task.
public static async Task Demo(bool interactive)
{
var ssmOnlyPolicy = Path.Join(_configuration["resourcePath"],
"ssm_only_policy.json");
Console.WriteLine(new string('-', 80));
Console.WriteLine("Resetting parameters to starting values for demo.");
await _smParameterWrapper.Reset();
Console.WriteLine("\nThis part of the demonstration shows how to toggle different parts of the system\n" +
"to create situations where the web service fails, and shows how using a resilient\n" +
"architecture can keep the web service running in spite of these failures.");
Console.WriteLine(new string('-', 88));
Console.WriteLine("At the start, the load balancer endpoint returns recommendations and reports that all targets are healthy.");
if (interactive)
await DemoActionChoices();
Console.WriteLine($"The web service running on the EC2 instances gets recommendations by querying a DynamoDB table.\n" +
$"The table name is contained in a Systems Manager parameter named '{_smParameterWrapper.TableParameter}'.\n" +
$"To simulate a failure of the recommendation service, let's set this parameter to name a non-existent table.\n");
await _smParameterWrapper.PutParameterByName(_smParameterWrapper.TableParameter, "this-is-not-a-table");
Console.WriteLine("\nNow, sending a GET request to the load balancer endpoint returns a failure code. But, the service reports as\n" +
"healthy to the load balancer because shallow health checks don't check for failure of the recommendation service.");
if (interactive)
await DemoActionChoices();
Console.WriteLine("Instead of failing when the recommendation service fails, the web service can return a static response.");
Console.WriteLine("While this is not a perfect solution, it presents the customer with a somewhat better experience than failure.");
await _smParameterWrapper.PutParameterByName(_smParameterWrapper.FailureResponseParameter, "static");
Console.WriteLine("\nNow, sending a GET request to the load balancer endpoint returns a static response.");
Console.WriteLine("The service still reports as healthy because health checks are still shallow.");
if (interactive)
await DemoActionChoices();
Console.WriteLine("Let's reinstate the recommendation service.\n");
await _smParameterWrapper.PutParameterByName(_smParameterWrapper.TableParameter, _smParameterWrapper.TableName);
Console.WriteLine(
"\nLet's also substitute bad credentials for one of the instances in the target group so that it can't\n" +
"access the DynamoDB recommendation table.\n"
);
await _autoScalerWrapper.CreateInstanceProfileWithName(
_autoScalerWrapper.BadCredsPolicyName,
_autoScalerWrapper.BadCredsRoleName,
_autoScalerWrapper.BadCredsProfileName,
ssmOnlyPolicy,
new List { "AmazonSSMManagedInstanceCore" }
);
var instances = await _autoScalerWrapper.GetInstancesByGroupName(_autoScalerWrapper.GroupName);
var badInstanceId = instances.First();
var instanceProfile = await _autoScalerWrapper.GetInstanceProfile(badInstanceId);
Console.WriteLine(
$"Replacing the profile for instance {badInstanceId} with a profile that contains\n" +
"bad credentials...\n"
);
await _autoScalerWrapper.ReplaceInstanceProfile(
badInstanceId,
_autoScalerWrapper.BadCredsProfileName,
instanceProfile.AssociationId
);
Console.WriteLine(
"Now, sending a GET request to the load balancer endpoint returns either a recommendation or a static response,\n" +
"depending on which instance is selected by the load balancer.\n"
);
if (interactive)
await DemoActionChoices();
Console.WriteLine("\nLet's implement a deep health check. For this demo, a deep health check tests whether");
Console.WriteLine("the web service can access the DynamoDB table that it depends on for recommendations. Note that");
Console.WriteLine("the deep health check is only for ELB routing and not for Auto Scaling instance health.");
Console.WriteLine("This kind of deep health check is not recommended for Auto Scaling instance health, because it");
Console.WriteLine("risks accidental termination of all instances in the Auto Scaling group when a dependent service fails.");
Console.WriteLine("\nBy implementing deep health checks, the load balancer can detect when one of the instances is failing");
Console.WriteLine("and take that instance out of rotation.");
await _smParameterWrapper.PutParameterByName(_smParameterWrapper.HealthCheckParameter, "deep");
Console.WriteLine($"\nNow, checking target health indicates that the instance with bad credentials ({badInstanceId})");
Console.WriteLine("is unhealthy. Note that it might take a minute or two for the load balancer to detect the unhealthy");
Console.WriteLine("instance. Sending a GET request to the load balancer endpoint always returns a recommendation, because");
Console.WriteLine("the load balancer takes unhealthy instances out of its rotation.");
if (interactive)
await DemoActionChoices();
Console.WriteLine("\nBecause the instances in this demo are controlled by an auto scaler, the simplest way to fix an unhealthy");
Console.WriteLine("instance is to terminate it and let the auto scaler start a new instance to replace it.");
await _autoScalerWrapper.TryTerminateInstanceById(badInstanceId);
Console.WriteLine($"\nEven while the instance is terminating and the new instance is starting, sending a GET");
Console.WriteLine("request to the web service continues to get a successful recommendation response because");
Console.WriteLine("starts and reports as healthy, it is included in the load balancing rotation.");
Console.WriteLine("Note that terminating and replacing an instance typically takes several minutes, during which time you");
Console.WriteLine("can see the changing health check status until the new instance is running and healthy.");
if (interactive)
await DemoActionChoices();
Console.WriteLine("\nIf the recommendation service fails now, deep health checks mean all instances report as unhealthy.");
await _smParameterWrapper.PutParameterByName(_smParameterWrapper.TableParameter, "this-is-not-a-table");
Console.WriteLine($"\nWhen all instances are unhealthy, the load balancer continues to route requests even to");
Console.WriteLine("unhealthy instances, allowing them to fail open and return a static response rather than fail");
Console.WriteLine("closed and report failure to the customer.");
if (interactive)
await DemoActionChoices();
await _smParameterWrapper.Reset();
Console.WriteLine(new string('-', 80));
return true;
}
///
/// Clean up the resources from the scenario.
///
/// True to ask the user for cleanup.
/// Async task.
public static async Task DestroyResources(bool interactive)
{
Console.WriteLine(new string('-', 80));
Console.WriteLine(
"To keep things tidy and to avoid unwanted charges on your account, we can clean up all AWS resources\n" +
"that were created for this demo."
);
if (!interactive || GetYesNoResponse("Do you want to clean up all demo resources? (y/n) "))
{
await _elasticLoadBalancerWrapper.DeleteLoadBalancerByName(_elasticLoadBalancerWrapper.LoadBalancerName);
await _elasticLoadBalancerWrapper.DeleteTargetGroupByName(_elasticLoadBalancerWrapper.TargetGroupName);
await _autoScalerWrapper.TerminateAndDeleteAutoScalingGroupWithName(_autoScalerWrapper.GroupName);
await _autoScalerWrapper.DeleteKeyPairByName(_autoScalerWrapper.KeyPairName);
await _autoScalerWrapper.DeleteTemplateByName(_autoScalerWrapper.LaunchTemplateName);
await _autoScalerWrapper.DeleteInstanceProfile(
_autoScalerWrapper.BadCredsProfileName,
_autoScalerWrapper.BadCredsRoleName
);
await _recommendations.DestroyDatabaseByName(_recommendations.TableName);
}
else
{
Console.WriteLine(
"Ok, we'll leave the resources intact.\n" +
"Don't forget to delete them when you're done with them or you might incur unexpected charges."
);
}
Console.WriteLine(new string('-', 80));
return true;
}
```
Crea una classe che racchiuda le operazioni di dimensionamento automatico e Amazon EC2.
```
///
/// Encapsulates Amazon EC2 Auto Scaling and EC2 management methods.
///
public class AutoScalerWrapper
{
private readonly IAmazonAutoScaling _amazonAutoScaling;
private readonly IAmazonEC2 _amazonEc2;
private readonly IAmazonSimpleSystemsManagement _amazonSsm;
private readonly IAmazonIdentityManagementService _amazonIam;
private readonly ILogger _logger;
private readonly string _instanceType = "";
private readonly string _amiParam = "";
private readonly string _launchTemplateName = "";
private readonly string _groupName = "";
private readonly string _instancePolicyName = "";
private readonly string _instanceRoleName = "";
private readonly string _instanceProfileName = "";
private readonly string _badCredsProfileName = "";
private readonly string _badCredsRoleName = "";
private readonly string _badCredsPolicyName = "";
private readonly string _keyPairName = "";
public string GroupName => _groupName;
public string KeyPairName => _keyPairName;
public string LaunchTemplateName => _launchTemplateName;
public string InstancePolicyName => _instancePolicyName;
public string BadCredsProfileName => _badCredsProfileName;
public string BadCredsRoleName => _badCredsRoleName;
public string BadCredsPolicyName => _badCredsPolicyName;
///
/// Constructor for the AutoScalerWrapper.
///
/// The injected AutoScaling client.
/// The injected EC2 client.
/// The injected IAM client.
/// The injected SSM client.
public AutoScalerWrapper(
IAmazonAutoScaling amazonAutoScaling,
IAmazonEC2 amazonEc2,
IAmazonSimpleSystemsManagement amazonSsm,
IAmazonIdentityManagementService amazonIam,
IConfiguration configuration,
ILogger logger)
{
_amazonAutoScaling = amazonAutoScaling;
_amazonEc2 = amazonEc2;
_amazonSsm = amazonSsm;
_amazonIam = amazonIam;
_logger = logger;
var prefix = configuration["resourcePrefix"];
_instanceType = configuration["instanceType"];
_amiParam = configuration["amiParam"];
_launchTemplateName = prefix + "-template";
_groupName = prefix + "-group";
_instancePolicyName = prefix + "-pol";
_instanceRoleName = prefix + "-role";
_instanceProfileName = prefix + "-prof";
_badCredsPolicyName = prefix + "-bc-pol";
_badCredsRoleName = prefix + "-bc-role";
_badCredsProfileName = prefix + "-bc-prof";
_keyPairName = prefix + "-key-pair";
}
///
/// Create a policy, role, and profile that is associated with instances with a specified name.
/// An instance's associated profile defines a role that is assumed by the
/// instance.The role has attached policies that specify the AWS permissions granted to
/// clients that run on the instance.
///
/// Name to use for the policy.
/// Name to use for the role.
/// Name to use for the profile.
/// Path to a policy file for SSM.
/// AWS Managed policies to be attached to the role.
/// The Arn of the profile.
public async Task CreateInstanceProfileWithName(
string policyName,
string roleName,
string profileName,
string ssmOnlyPolicyFile,
List? awsManagedPolicies = null)
{
var assumeRoleDoc = "{" +
"\"Version\": \"2012-10-17\"," +
"\"Statement\": [{" +
"\"Effect\": \"Allow\"," +
"\"Principal\": {" +
"\"Service\": [" +
"\"ec2.amazonaws.com\"" +
"]" +
"}," +
"\"Action\": \"sts:AssumeRole\"" +
"}]" +
"}";
var policyDocument = await File.ReadAllTextAsync(ssmOnlyPolicyFile);
var policyArn = "";
try
{
var createPolicyResult = await _amazonIam.CreatePolicyAsync(
new CreatePolicyRequest
{
PolicyName = policyName,
PolicyDocument = policyDocument
});
policyArn = createPolicyResult.Policy.Arn;
}
catch (EntityAlreadyExistsException)
{
// The policy already exists, so we look it up to get the Arn.
var policiesPaginator = _amazonIam.Paginators.ListPolicies(
new ListPoliciesRequest()
{
Scope = PolicyScopeType.Local
});
// Get the entire list using the paginator.
await foreach (var policy in policiesPaginator.Policies)
{
if (policy.PolicyName.Equals(policyName))
{
policyArn = policy.Arn;
}
}
if (policyArn == null)
{
throw new InvalidOperationException("Policy not found");
}
}
try
{
await _amazonIam.CreateRoleAsync(new CreateRoleRequest()
{
RoleName = roleName,
AssumeRolePolicyDocument = assumeRoleDoc,
});
await _amazonIam.AttachRolePolicyAsync(new AttachRolePolicyRequest()
{
RoleName = roleName,
PolicyArn = policyArn
});
if (awsManagedPolicies != null)
{
foreach (var awsPolicy in awsManagedPolicies)
{
await _amazonIam.AttachRolePolicyAsync(new AttachRolePolicyRequest()
{
PolicyArn = $"arn:aws:iam::aws:policy/{awsPolicy}",
RoleName = roleName
});
}
}
}
catch (EntityAlreadyExistsException)
{
Console.WriteLine("Role already exists.");
}
string profileArn = "";
try
{
var profileCreateResponse = await _amazonIam.CreateInstanceProfileAsync(
new CreateInstanceProfileRequest()
{
InstanceProfileName = profileName
});
// Allow time for the profile to be ready.
profileArn = profileCreateResponse.InstanceProfile.Arn;
Thread.Sleep(10000);
await _amazonIam.AddRoleToInstanceProfileAsync(
new AddRoleToInstanceProfileRequest()
{
InstanceProfileName = profileName,
RoleName = roleName
});
}
catch (EntityAlreadyExistsException)
{
Console.WriteLine("Policy already exists.");
var profileGetResponse = await _amazonIam.GetInstanceProfileAsync(
new GetInstanceProfileRequest()
{
InstanceProfileName = profileName
});
profileArn = profileGetResponse.InstanceProfile.Arn;
}
return profileArn;
}
///
/// Create a new key pair and save the file.
///
/// The name of the new key pair.
/// Async task.
public async Task CreateKeyPair(string newKeyPairName)
{
try
{
var keyResponse = await _amazonEc2.CreateKeyPairAsync(
new CreateKeyPairRequest() { KeyName = newKeyPairName });
await File.WriteAllTextAsync($"{newKeyPairName}.pem",
keyResponse.KeyPair.KeyMaterial);
Console.WriteLine($"Created key pair {newKeyPairName}.");
}
catch (AlreadyExistsException)
{
Console.WriteLine("Key pair already exists.");
}
}
///
/// Delete the key pair and file by name.
///
/// The key pair to delete.
/// Async task.
public async Task DeleteKeyPairByName(string deleteKeyPairName)
{
try
{
await _amazonEc2.DeleteKeyPairAsync(
new DeleteKeyPairRequest() { KeyName = deleteKeyPairName });
File.Delete($"{deleteKeyPairName}.pem");
}
catch (FileNotFoundException)
{
Console.WriteLine($"Key pair {deleteKeyPairName} not found.");
}
}
///
/// Creates an Amazon EC2 launch template to use with Amazon EC2 Auto Scaling.
/// The launch template specifies a Bash script in its user data field that runs after
/// the instance is started. This script installs the Python packages and starts a Python
/// web server on the instance.
///
/// The path to a Bash script file that is run.
/// The path to a permissions policy to create and attach to the profile.
/// The template object.
public async Task CreateTemplate(string startupScriptPath, string instancePolicyPath)
{
try
{
await CreateKeyPair(_keyPairName);
await CreateInstanceProfileWithName(_instancePolicyName, _instanceRoleName,
_instanceProfileName, instancePolicyPath);
var startServerText = await File.ReadAllTextAsync(startupScriptPath);
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(startServerText);
var amiLatest = await _amazonSsm.GetParameterAsync(
new GetParameterRequest() { Name = _amiParam });
var amiId = amiLatest.Parameter.Value;
var launchTemplateResponse = await _amazonEc2.CreateLaunchTemplateAsync(
new CreateLaunchTemplateRequest()
{
LaunchTemplateName = _launchTemplateName,
LaunchTemplateData = new RequestLaunchTemplateData()
{
InstanceType = _instanceType,
ImageId = amiId,
IamInstanceProfile =
new
LaunchTemplateIamInstanceProfileSpecificationRequest()
{
Name = _instanceProfileName
},
KeyName = _keyPairName,
UserData = System.Convert.ToBase64String(plainTextBytes)
}
});
return launchTemplateResponse.LaunchTemplate;
}
catch (AmazonEC2Exception ec2Exception)
{
if (ec2Exception.ErrorCode == "InvalidLaunchTemplateName.AlreadyExistsException")
{
_logger.LogError($"Could not create the template, the name {_launchTemplateName} already exists. " +
$"Please try again with a unique name.");
}
throw;
}
catch (Exception ex)
{
_logger.LogError($"An error occurred while creating the template.: {ex.Message}");
throw;
}
}
///
/// Get a list of Availability Zones in the AWS Region of the Amazon EC2 Client.
///
/// A list of availability zones.
public async Task> DescribeAvailabilityZones()
{
try
{
var zoneResponse = await _amazonEc2.DescribeAvailabilityZonesAsync(
new DescribeAvailabilityZonesRequest());
return zoneResponse.AvailabilityZones.Select(z => z.ZoneName).ToList();
}
catch (AmazonEC2Exception ec2Exception)
{
_logger.LogError($"An Amazon EC2 error occurred while listing availability zones.: {ec2Exception.Message}");
throw;
}
catch (Exception ex)
{
_logger.LogError($"An error occurred while listing availability zones.: {ex.Message}");
throw;
}
}
///
/// Create an EC2 Auto Scaling group of a specified size and name.
///
/// The size for the group.
/// The name for the group.
/// The availability zones for the group.
/// Async task.
public async Task CreateGroupOfSize(int groupSize, string groupName, List availabilityZones)
{
try
{
await _amazonAutoScaling.CreateAutoScalingGroupAsync(
new CreateAutoScalingGroupRequest()
{
AutoScalingGroupName = groupName,
AvailabilityZones = availabilityZones,
LaunchTemplate =
new Amazon.AutoScaling.Model.LaunchTemplateSpecification()
{
LaunchTemplateName = _launchTemplateName,
Version = "$Default"
},
MaxSize = groupSize,
MinSize = groupSize
});
Console.WriteLine($"Created EC2 Auto Scaling group {groupName} with size {groupSize}.");
}
catch (EntityAlreadyExistsException)
{
Console.WriteLine($"EC2 Auto Scaling group {groupName} already exists.");
}
}
///
/// Get the default VPC for the account.
///
/// The default VPC object.
public async Task GetDefaultVpc()
{
try
{
var vpcResponse = await _amazonEc2.DescribeVpcsAsync(
new DescribeVpcsRequest()
{
Filters = new List()
{
new("is-default", new List() { "true" })
}
});
return vpcResponse.Vpcs[0];
}
catch (AmazonEC2Exception ec2Exception)
{
if (ec2Exception.ErrorCode == "UnauthorizedOperation")
{
_logger.LogError(ec2Exception, $"You do not have the necessary permissions to describe VPCs.");
}
throw;
}
catch (Exception ex)
{
_logger.LogError(ex, $"An error occurred while describing the vpcs.: {ex.Message}");
throw;
}
}
///
/// Get all the subnets for a Vpc in a set of availability zones.
///
/// The Id of the Vpc.
/// The list of availability zones.
/// The collection of subnet objects.
public async Task> GetAllVpcSubnetsForZones(string vpcId, List availabilityZones)
{
try
{
var subnets = new List();
var subnetPaginator = _amazonEc2.Paginators.DescribeSubnets(
new DescribeSubnetsRequest()
{
Filters = new List()
{
new("vpc-id", new List() { vpcId }),
new("availability-zone", availabilityZones),
new("default-for-az", new List() { "true" })
}
});
// Get the entire list using the paginator.
await foreach (var subnet in subnetPaginator.Subnets)
{
subnets.Add(subnet);
}
return subnets;
}
catch (AmazonEC2Exception ec2Exception)
{
if (ec2Exception.ErrorCode == "InvalidVpcID.NotFound")
{
_logger.LogError(ec2Exception, $"The specified VPC ID {vpcId} does not exist.");
}
throw;
}
catch (Exception ex)
{
_logger.LogError(ex, $"An error occurred while describing the subnets.: {ex.Message}");
throw;
}
}
///
/// Delete a launch template by name.
///
/// The name of the template to delete.
/// Async task.
public async Task DeleteTemplateByName(string templateName)
{
try
{
await _amazonEc2.DeleteLaunchTemplateAsync(
new DeleteLaunchTemplateRequest()
{
LaunchTemplateName = templateName
});
}
catch (AmazonEC2Exception ec2Exception)
{
if (ec2Exception.ErrorCode == "InvalidLaunchTemplateName.NotFoundException")
{
_logger.LogError(
$"Could not delete the template, the name {_launchTemplateName} was not found.");
}
throw;
}
catch (Exception ex)
{
_logger.LogError($"An error occurred while deleting the template.: {ex.Message}");
throw;
}
}
///
/// Detaches a role from an instance profile, detaches policies from the role,
/// and deletes all the resources.
///
/// The name of the profile to delete.
/// The name of the role to delete.
/// Async task.
public async Task DeleteInstanceProfile(string profileName, string roleName)
{
try
{
await _amazonIam.RemoveRoleFromInstanceProfileAsync(
new RemoveRoleFromInstanceProfileRequest()
{
InstanceProfileName = profileName,
RoleName = roleName
});
await _amazonIam.DeleteInstanceProfileAsync(
new DeleteInstanceProfileRequest() { InstanceProfileName = profileName });
var attachedPolicies = await _amazonIam.ListAttachedRolePoliciesAsync(
new ListAttachedRolePoliciesRequest() { RoleName = roleName });
foreach (var policy in attachedPolicies.AttachedPolicies)
{
await _amazonIam.DetachRolePolicyAsync(
new DetachRolePolicyRequest()
{
RoleName = roleName,
PolicyArn = policy.PolicyArn
});
// Delete the custom policies only.
if (!policy.PolicyArn.StartsWith("arn:aws:iam::aws"))
{
await _amazonIam.DeletePolicyAsync(
new Amazon.IdentityManagement.Model.DeletePolicyRequest()
{
PolicyArn = policy.PolicyArn
});
}
}
await _amazonIam.DeleteRoleAsync(
new DeleteRoleRequest() { RoleName = roleName });
}
catch (NoSuchEntityException)
{
Console.WriteLine($"Instance profile {profileName} does not exist.");
}
}
///
/// Gets data about the instances in an EC2 Auto Scaling group by its group name.
///
/// The name of the auto scaling group.
/// A collection of instance Ids.
public async Task> GetInstancesByGroupName(string group)
{
var instanceResponse = await _amazonAutoScaling.DescribeAutoScalingGroupsAsync(
new DescribeAutoScalingGroupsRequest()
{
AutoScalingGroupNames = new List() { group }
});
var instanceIds = instanceResponse.AutoScalingGroups.SelectMany(
g => g.Instances.Select(i => i.InstanceId));
return instanceIds;
}
///
/// Get the instance profile association data for an instance.
///
/// The Id of the instance.
/// Instance profile associations data.
public async Task GetInstanceProfile(string instanceId)
{
try
{
var response = await _amazonEc2.DescribeIamInstanceProfileAssociationsAsync(
new DescribeIamInstanceProfileAssociationsRequest()
{
Filters = new List()
{
new("instance-id", new List() { instanceId })
},
});
return response.IamInstanceProfileAssociations[0];
}
catch (AmazonEC2Exception ec2Exception)
{
if (ec2Exception.ErrorCode == "InvalidInstanceID.NotFound")
{
_logger.LogError(ec2Exception, $"Instance {instanceId} not found");
}
throw;
}
catch (Exception ex)
{
_logger.LogError(ex, $"An error occurred while creating the template.: {ex.Message}");
throw;
}
}
///
/// Replace the profile associated with a running instance. After the profile is replaced, the instance
/// is rebooted to ensure that it uses the new profile. When the instance is ready, Systems Manager is
/// used to restart the Python web server.
///
/// The Id of the instance to update.
/// The name of the new profile to associate with the specified instance.
/// The Id of the existing profile association for the instance.
/// Async task.
public async Task ReplaceInstanceProfile(string instanceId, string credsProfileName, string associationId)
{
try
{
await _amazonEc2.ReplaceIamInstanceProfileAssociationAsync(
new ReplaceIamInstanceProfileAssociationRequest()
{
AssociationId = associationId,
IamInstanceProfile = new IamInstanceProfileSpecification()
{
Name = credsProfileName
}
});
// Allow time before resetting.
Thread.Sleep(25000);
await _amazonEc2.RebootInstancesAsync(
new RebootInstancesRequest(new List() { instanceId }));
Thread.Sleep(25000);
var instanceReady = false;
var retries = 5;
while (retries-- > 0 && !instanceReady)
{
var instancesPaginator =
_amazonSsm.Paginators.DescribeInstanceInformation(
new DescribeInstanceInformationRequest());
// Get the entire list using the paginator.
await foreach (var instance in instancesPaginator.InstanceInformationList)
{
instanceReady = instance.InstanceId == instanceId;
if (instanceReady)
{
break;
}
}
}
Console.WriteLine("Waiting for instance to be running.");
await WaitForInstanceState(instanceId, InstanceStateName.Running);
Console.WriteLine("Instance ready.");
Console.WriteLine($"Sending restart command to instance {instanceId}");
await _amazonSsm.SendCommandAsync(
new SendCommandRequest()
{
InstanceIds = new List() { instanceId },
DocumentName = "AWS-RunShellScript",
Parameters = new Dictionary>()
{
{
"commands",
new List() { "cd / && sudo python3 server.py 80" }
}
}
});
Console.WriteLine($"Restarted the web server on instance {instanceId}");
}
catch (AmazonEC2Exception ec2Exception)
{
if (ec2Exception.ErrorCode == "InvalidInstanceID.NotFound")
{
_logger.LogError(ec2Exception, $"Instance {instanceId} not found");
}
throw;
}
catch (Exception ex)
{
_logger.LogError(ex, $"An error occurred while replacing the template.: {ex.Message}");
throw;
}
}
///
/// Try to terminate an instance by its Id.
///
/// The Id of the instance to terminate.
/// Async task.
public async Task TryTerminateInstanceById(string instanceId)
{
var stopping = false;
Console.WriteLine($"Stopping {instanceId}...");
while (!stopping)
{
try
{
await _amazonAutoScaling.TerminateInstanceInAutoScalingGroupAsync(
new TerminateInstanceInAutoScalingGroupRequest()
{
InstanceId = instanceId,
ShouldDecrementDesiredCapacity = false
});
stopping = true;
}
catch (ScalingActivityInProgressException)
{
Console.WriteLine($"Scaling activity in progress for {instanceId}. Waiting...");
Thread.Sleep(10000);
}
}
}
///
/// Tries to delete the EC2 Auto Scaling group. If the group is in use or in progress,
/// waits and retries until the group is successfully deleted.
///
/// The name of the group to try to delete.
/// Async task.
public async Task TryDeleteGroupByName(string groupName)
{
var stopped = false;
while (!stopped)
{
try
{
await _amazonAutoScaling.DeleteAutoScalingGroupAsync(
new DeleteAutoScalingGroupRequest()
{
AutoScalingGroupName = groupName
});
stopped = true;
}
catch (Exception e)
when ((e is ScalingActivityInProgressException)
|| (e is Amazon.AutoScaling.Model.ResourceInUseException))
{
Console.WriteLine($"Some instances are still running. Waiting...");
Thread.Sleep(10000);
}
}
}
///
/// Terminate instances and delete the Auto Scaling group by name.
///
/// The name of the group to delete.
/// Async task.
public async Task TerminateAndDeleteAutoScalingGroupWithName(string groupName)
{
var describeGroupsResponse = await _amazonAutoScaling.DescribeAutoScalingGroupsAsync(
new DescribeAutoScalingGroupsRequest()
{
AutoScalingGroupNames = new List() { groupName }
});
if (describeGroupsResponse.AutoScalingGroups.Any())
{
// Update the size to 0.
await _amazonAutoScaling.UpdateAutoScalingGroupAsync(
new UpdateAutoScalingGroupRequest()
{
AutoScalingGroupName = groupName,
MinSize = 0
});
var group = describeGroupsResponse.AutoScalingGroups[0];
foreach (var instance in group.Instances)
{
await TryTerminateInstanceById(instance.InstanceId);
}
await TryDeleteGroupByName(groupName);
}
else
{
Console.WriteLine($"No groups found with name {groupName}.");
}
}
///
/// Get the default security group for a specified Vpc.
///
/// The Vpc to search.
/// The default security group.
public async Task GetDefaultSecurityGroupForVpc(Vpc vpc)
{
var groupResponse = await _amazonEc2.DescribeSecurityGroupsAsync(
new DescribeSecurityGroupsRequest()
{
Filters = new List()
{
new ("group-name", new List() { "default" }),
new ("vpc-id", new List() { vpc.VpcId })
}
});
return groupResponse.SecurityGroups[0];
}
///
/// Verify the default security group of a Vpc allows ingress from the calling computer.
/// This can be done by allowing ingress from this computer's IP address.
/// In some situations, such as connecting from a corporate network, you must instead specify
/// a prefix list Id. You can also temporarily open the port to any IP address while running this example.
/// If you do, be sure to remove public access when you're done.
///
/// The group to check.
/// The port to verify.
/// This computer's IP address.
/// True if the ip address is allowed on the group.
public bool VerifyInboundPortForGroup(SecurityGroup group, int port, string ipAddress)
{
var portIsOpen = false;
foreach (var ipPermission in group.IpPermissions)
{
if (ipPermission.FromPort == port)
{
foreach (var ipRange in ipPermission.Ipv4Ranges)
{
var cidr = ipRange.CidrIp;
if (cidr.StartsWith(ipAddress) || cidr == "0.0.0.0/0")
{
portIsOpen = true;
}
}
if (ipPermission.PrefixListIds.Any())
{
portIsOpen = true;
}
if (!portIsOpen)
{
Console.WriteLine("The inbound rule does not appear to be open to either this computer's IP\n" +
"address, to all IP addresses (0.0.0.0/0), or to a prefix list ID.");
}
else
{
break;
}
}
}
return portIsOpen;
}
///
/// Add an ingress rule to the specified security group that allows access on the
/// specified port from the specified IP address.
///
/// The Id of the security group to modify.
/// The port to open.
/// The IP address to allow access.
/// Async task.
public async Task OpenInboundPort(string groupId, int port, string ipAddress)
{
await _amazonEc2.AuthorizeSecurityGroupIngressAsync(
new AuthorizeSecurityGroupIngressRequest()
{
GroupId = groupId,
IpPermissions = new List()
{
new IpPermission()
{
FromPort = port,
ToPort = port,
IpProtocol = "tcp",
Ipv4Ranges = new List()
{
new IpRange() { CidrIp = $"{ipAddress}/32" }
}
}
}
});
}
///
/// Attaches an Elastic Load Balancing (ELB) target group to this EC2 Auto Scaling group.
/// The
///
/// The name of the Auto Scaling group.
/// The Arn for the target group.
/// Async task.
public async Task AttachLoadBalancerToGroup(string autoScalingGroupName, string targetGroupArn)
{
await _amazonAutoScaling.AttachLoadBalancerTargetGroupsAsync(
new AttachLoadBalancerTargetGroupsRequest()
{
AutoScalingGroupName = autoScalingGroupName,
TargetGroupARNs = new List() { targetGroupArn }
});
}
///
/// Wait until an EC2 instance is in a specified state.
///
/// The instance Id.
/// The state to wait for.
/// A Boolean value indicating the success of the action.
public async Task WaitForInstanceState(string instanceId, InstanceStateName stateName)
{
var request = new DescribeInstancesRequest
{
InstanceIds = new List { instanceId }
};
// Wait until the instance is in the specified state.
var hasState = false;
do
{
// Wait 5 seconds.
Thread.Sleep(5000);
// Check for the desired state.
var response = await _amazonEc2.DescribeInstancesAsync(request);
var instance = response.Reservations[0].Instances[0];
hasState = instance.State.Name == stateName;
Console.Write(". ");
} while (!hasState);
return hasState;
}
}
```
Crea una classe che racchiuda le operazioni di Elastic Load Balancing.
```
///
/// Encapsulates Elastic Load Balancer actions.
///
public class ElasticLoadBalancerWrapper
{
private readonly IAmazonElasticLoadBalancingV2 _amazonElasticLoadBalancingV2;
private string? _endpoint = null;
private readonly string _targetGroupName = "";
private readonly string _loadBalancerName = "";
HttpClient _httpClient = new();
public string TargetGroupName => _targetGroupName;
public string LoadBalancerName => _loadBalancerName;
///
/// Constructor for the Elastic Load Balancer wrapper.
///
/// The injected load balancing v2 client.
/// The injected configuration.
public ElasticLoadBalancerWrapper(
IAmazonElasticLoadBalancingV2 amazonElasticLoadBalancingV2,
IConfiguration configuration)
{
_amazonElasticLoadBalancingV2 = amazonElasticLoadBalancingV2;
var prefix = configuration["resourcePrefix"];
_targetGroupName = prefix + "-tg";
_loadBalancerName = prefix + "-lb";
}
///
/// Get the HTTP Endpoint of a load balancer by its name.
///
/// The name of the load balancer.
/// The HTTP endpoint.
public async Task GetEndpointForLoadBalancerByName(string loadBalancerName)
{
if (_endpoint == null)
{
var endpointResponse =
await _amazonElasticLoadBalancingV2.DescribeLoadBalancersAsync(
new DescribeLoadBalancersRequest()
{
Names = new List() { loadBalancerName }
});
_endpoint = endpointResponse.LoadBalancers[0].DNSName;
}
return _endpoint;
}
///
/// Return the GET response for an endpoint as text.
///
/// The endpoint for the request.
/// The request response.
public async Task GetEndPointResponse(string endpoint)
{
var endpointResponse = await _httpClient.GetAsync($"http://{endpoint}");
var textResponse = await endpointResponse.Content.ReadAsStringAsync();
return textResponse!;
}
///
/// Get the target health for a group by name.
///
/// The name of the group.
/// The collection of health descriptions.
public async Task> CheckTargetHealthForGroup(string groupName)
{
List result = null!;
try
{
var groupResponse =
await _amazonElasticLoadBalancingV2.DescribeTargetGroupsAsync(
new DescribeTargetGroupsRequest()
{
Names = new List() { groupName }
});
var healthResponse =
await _amazonElasticLoadBalancingV2.DescribeTargetHealthAsync(
new DescribeTargetHealthRequest()
{
TargetGroupArn = groupResponse.TargetGroups[0].TargetGroupArn
});
;
result = healthResponse.TargetHealthDescriptions;
}
catch (TargetGroupNotFoundException)
{
Console.WriteLine($"Target group {groupName} not found.");
}
return result;
}
///
/// Create an Elastic Load Balancing target group. The target group specifies how the load balancer forwards
/// requests to instances in the group and how instance health is checked.
///
/// To speed up this demo, the health check is configured with shortened times and lower thresholds. In production,
/// you might want to decrease the sensitivity of your health checks to avoid unwanted failures.
///
/// The name for the group.
/// The protocol, such as HTTP.
/// The port to use to forward requests, such as 80.
/// The Id of the Vpc in which the load balancer exists.
/// The new TargetGroup object.
public async Task CreateTargetGroupOnVpc(string groupName, ProtocolEnum protocol, int port, string vpcId)
{
var createResponse = await _amazonElasticLoadBalancingV2.CreateTargetGroupAsync(
new CreateTargetGroupRequest()
{
Name = groupName,
Protocol = protocol,
Port = port,
HealthCheckPath = "/healthcheck",
HealthCheckIntervalSeconds = 10,
HealthCheckTimeoutSeconds = 5,
HealthyThresholdCount = 2,
UnhealthyThresholdCount = 2,
VpcId = vpcId
});
var targetGroup = createResponse.TargetGroups[0];
return targetGroup;
}
///
/// Create an Elastic Load Balancing load balancer that uses the specified subnets
/// and forwards requests to the specified target group.
///
/// The name for the new load balancer.
/// Subnets for the load balancer.
/// Target group for forwarded requests.
/// The new LoadBalancer object.
public async Task CreateLoadBalancerAndListener(string name, List subnetIds, TargetGroup targetGroup)
{
var createLbResponse = await _amazonElasticLoadBalancingV2.CreateLoadBalancerAsync(
new CreateLoadBalancerRequest()
{
Name = name,
Subnets = subnetIds
});
var loadBalancerArn = createLbResponse.LoadBalancers[0].LoadBalancerArn;
// Wait for load balancer to be available.
var loadBalancerReady = false;
while (!loadBalancerReady)
{
try
{
var describeResponse =
await _amazonElasticLoadBalancingV2.DescribeLoadBalancersAsync(
new DescribeLoadBalancersRequest()
{
Names = new List() { name }
});
var loadBalancerState = describeResponse.LoadBalancers[0].State.Code;
loadBalancerReady = loadBalancerState == LoadBalancerStateEnum.Active;
}
catch (LoadBalancerNotFoundException)
{
loadBalancerReady = false;
}
Thread.Sleep(10000);
}
// Create the listener.
await _amazonElasticLoadBalancingV2.CreateListenerAsync(
new CreateListenerRequest()
{
LoadBalancerArn = loadBalancerArn,
Protocol = targetGroup.Protocol,
Port = targetGroup.Port,
DefaultActions = new List()
{
new Action()
{
Type = ActionTypeEnum.Forward,
TargetGroupArn = targetGroup.TargetGroupArn
}
}
});
return createLbResponse.LoadBalancers[0];
}
///
/// Verify this computer can successfully send a GET request to the
/// load balancer endpoint.
///
/// The endpoint to check.
/// True if successful.
public async Task VerifyLoadBalancerEndpoint(string endpoint)
{
var success = false;
var retries = 3;
while (!success && retries > 0)
{
try
{
var endpointResponse = await _httpClient.GetAsync($"http://{endpoint}");
Console.WriteLine($"Response: {endpointResponse.StatusCode}.");
if (endpointResponse.IsSuccessStatusCode)
{
success = true;
}
else
{
retries = 0;
}
}
catch (HttpRequestException)
{
Console.WriteLine("Connection error, retrying...");
retries--;
Thread.Sleep(10000);
}
}
return success;
}
///
/// Delete a load balancer by its specified name.
///
/// The name of the load balancer to delete.
/// Async task.
public async Task DeleteLoadBalancerByName(string name)
{
try
{
var describeLoadBalancerResponse =
await _amazonElasticLoadBalancingV2.DescribeLoadBalancersAsync(
new DescribeLoadBalancersRequest()
{
Names = new List() { name }
});
var lbArn = describeLoadBalancerResponse.LoadBalancers[0].LoadBalancerArn;
await _amazonElasticLoadBalancingV2.DeleteLoadBalancerAsync(
new DeleteLoadBalancerRequest()
{
LoadBalancerArn = lbArn
}
);
}
catch (LoadBalancerNotFoundException)
{
Console.WriteLine($"Load balancer {name} not found.");
}
}
///
/// Delete a TargetGroup by its specified name.
///
/// Name of the group to delete.
/// Async task.
public async Task DeleteTargetGroupByName(string groupName)
{
var done = false;
while (!done)
{
try
{
var groupResponse =
await _amazonElasticLoadBalancingV2.DescribeTargetGroupsAsync(
new DescribeTargetGroupsRequest()
{
Names = new List() { groupName }
});
var targetArn = groupResponse.TargetGroups[0].TargetGroupArn;
await _amazonElasticLoadBalancingV2.DeleteTargetGroupAsync(
new DeleteTargetGroupRequest() { TargetGroupArn = targetArn });
Console.WriteLine($"Deleted load balancing target group {groupName}.");
done = true;
}
catch (TargetGroupNotFoundException)
{
Console.WriteLine(
$"Target group {groupName} not found, could not delete.");
done = true;
}
catch (ResourceInUseException)
{
Console.WriteLine("Target group not yet released, waiting...");
Thread.Sleep(10000);
}
}
}
}
```
Crea una classe che utilizzi DynamoDB per simulare un servizio di raccomandazione.
```
///
/// Encapsulates a DynamoDB table to use as a service that recommends books, movies, and songs.
///
public class Recommendations
{
private readonly IAmazonDynamoDB _amazonDynamoDb;
private readonly DynamoDBContext _context;
private readonly string _tableName;
public string TableName => _tableName;
///
/// Constructor for the Recommendations service.
///
/// The injected DynamoDb client.
/// The injected configuration.
public Recommendations(IAmazonDynamoDB amazonDynamoDb, IConfiguration configuration)
{
_amazonDynamoDb = amazonDynamoDb;
_context = new DynamoDBContext(_amazonDynamoDb);
_tableName = configuration["databaseName"]!;
}
///
/// Create the DynamoDb table with a specified name.
///
/// The name for the table.
/// True when ready.
public async Task CreateDatabaseWithName(string tableName)
{
try
{
Console.Write($"Creating table {tableName}...");
var createRequest = new CreateTableRequest()
{
TableName = tableName,
AttributeDefinitions = new List()
{
new AttributeDefinition()
{
AttributeName = "MediaType",
AttributeType = ScalarAttributeType.S
},
new AttributeDefinition()
{
AttributeName = "ItemId",
AttributeType = ScalarAttributeType.N
}
},
KeySchema = new List()
{
new KeySchemaElement()
{
AttributeName = "MediaType",
KeyType = KeyType.HASH
},
new KeySchemaElement()
{
AttributeName = "ItemId",
KeyType = KeyType.RANGE
}
},
ProvisionedThroughput = new ProvisionedThroughput()
{
ReadCapacityUnits = 5,
WriteCapacityUnits = 5
}
};
await _amazonDynamoDb.CreateTableAsync(createRequest);
// Wait until the table is ACTIVE and then report success.
Console.Write("\nWaiting for table to become active...");
var request = new DescribeTableRequest
{
TableName = tableName
};
TableStatus status;
do
{
Thread.Sleep(2000);
var describeTableResponse = await _amazonDynamoDb.DescribeTableAsync(request);
status = describeTableResponse.Table.TableStatus;
Console.Write(".");
}
while (status != "ACTIVE");
return status == TableStatus.ACTIVE;
}
catch (ResourceInUseException)
{
Console.WriteLine($"Table {tableName} already exists.");
return false;
}
}
///
/// Populate the database table with data from a specified path.
///
/// The name of the table.
/// The path of the recommendations data.
/// Async task.
public async Task PopulateDatabase(string databaseTableName, string recommendationsPath)
{
var recommendationsText = await File.ReadAllTextAsync(recommendationsPath);
var records =
JsonSerializer.Deserialize(recommendationsText);
var batchWrite = _context.CreateBatchWrite();
foreach (var record in records!)
{
batchWrite.AddPutItem(record);
}
await batchWrite.ExecuteAsync();
}
///
/// Delete the recommendation table by name.
///
/// The name of the recommendation table.
/// Async task.
public async Task DestroyDatabaseByName(string tableName)
{
try
{
await _amazonDynamoDb.DeleteTableAsync(
new DeleteTableRequest() { TableName = tableName });
Console.WriteLine($"Table {tableName} was deleted.");
}
catch (ResourceNotFoundException)
{
Console.WriteLine($"Table {tableName} not found");
}
}
}
```
Crea una classe che racchiuda le operazioni di Systems Manager.
```
///
/// Encapsulates Systems Manager parameter operations. This example uses these parameters
/// to drive the demonstration of resilient architecture, such as failure of a dependency or
/// how the service responds to a health check.
///
public class SmParameterWrapper
{
private readonly IAmazonSimpleSystemsManagement _amazonSimpleSystemsManagement;
private readonly string _tableParameter = "doc-example-resilient-architecture-table";
private readonly string _failureResponseParameter = "doc-example-resilient-architecture-failure-response";
private readonly string _healthCheckParameter = "doc-example-resilient-architecture-health-check";
private readonly string _tableName = "";
public string TableParameter => _tableParameter;
public string TableName => _tableName;
public string HealthCheckParameter => _healthCheckParameter;
public string FailureResponseParameter => _failureResponseParameter;
///
/// Constructor for the SmParameterWrapper.
///
/// The injected Simple Systems Management client.
/// The injected configuration.
public SmParameterWrapper(IAmazonSimpleSystemsManagement amazonSimpleSystemsManagement, IConfiguration configuration)
{
_amazonSimpleSystemsManagement = amazonSimpleSystemsManagement;
_tableName = configuration["databaseName"]!;
}
///
/// Reset the Systems Manager parameters to starting values for the demo.
///
/// Async task.
public async Task Reset()
{
await this.PutParameterByName(_tableParameter, _tableName);
await this.PutParameterByName(_failureResponseParameter, "none");
await this.PutParameterByName(_healthCheckParameter, "shallow");
}
///
/// Set the value of a named Systems Manager parameter.
///
/// The name of the parameter.
/// The value to set.
/// Async task.
public async Task PutParameterByName(string name, string value)
{
await _amazonSimpleSystemsManagement.PutParameterAsync(
new PutParameterRequest() { Name = name, Value = value, Overwrite = true });
}
}
```
+ Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per .NET *.
+ [AttachLoadBalancerTargetGroups](https://docs.aws.amazon.com/goto/DotNetSDKV3/autoscaling-2011-01-01/AttachLoadBalancerTargetGroups)
+ [CreateAutoScalingGroup](https://docs.aws.amazon.com/goto/DotNetSDKV3/autoscaling-2011-01-01/CreateAutoScalingGroup)
+ [CreateInstanceProfile](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/CreateInstanceProfile)
+ [CreateLaunchTemplate](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/CreateLaunchTemplate)
+ [CreateListener](https://docs.aws.amazon.com/goto/DotNetSDKV3/elasticloadbalancingv2-2015-12-01/CreateListener)
+ [CreateLoadBalancer](https://docs.aws.amazon.com/goto/DotNetSDKV3/elasticloadbalancingv2-2015-12-01/CreateLoadBalancer)
+ [CreateTargetGroup](https://docs.aws.amazon.com/goto/DotNetSDKV3/elasticloadbalancingv2-2015-12-01/CreateTargetGroup)
+ [DeleteAutoScalingGroup](https://docs.aws.amazon.com/goto/DotNetSDKV3/autoscaling-2011-01-01/DeleteAutoScalingGroup)
+ [DeleteInstanceProfile](https://docs.aws.amazon.com/goto/DotNetSDKV3/iam-2010-05-08/DeleteInstanceProfile)
+ [DeleteLaunchTemplate](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/DeleteLaunchTemplate)
+ [DeleteLoadBalancer](https://docs.aws.amazon.com/goto/DotNetSDKV3/elasticloadbalancingv2-2015-12-01/DeleteLoadBalancer)
+ [DeleteTargetGroup](https://docs.aws.amazon.com/goto/DotNetSDKV3/elasticloadbalancingv2-2015-12-01/DeleteTargetGroup)
+ [DescribeAutoScalingGroups](https://docs.aws.amazon.com/goto/DotNetSDKV3/autoscaling-2011-01-01/DescribeAutoScalingGroups)
+ [DescribeAvailabilityZones](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/DescribeAvailabilityZones)
+ [DescribeIamInstanceProfileAssociations](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/DescribeIamInstanceProfileAssociations)
+ [DescribeInstances](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/DescribeInstances)
+ [DescribeLoadBalancers](https://docs.aws.amazon.com/goto/DotNetSDKV3/elasticloadbalancingv2-2015-12-01/DescribeLoadBalancers)
+ [DescribeSubnets](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/DescribeSubnets)
+ [DescribeTargetGroups](https://docs.aws.amazon.com/goto/DotNetSDKV3/elasticloadbalancingv2-2015-12-01/DescribeTargetGroups)
+ [DescribeTargetHealth](https://docs.aws.amazon.com/goto/DotNetSDKV3/elasticloadbalancingv2-2015-12-01/DescribeTargetHealth)
+ [DescribeVpcs](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/DescribeVpcs)
+ [RebootInstances](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/RebootInstances)
+ [ReplaceIamInstanceProfileAssociation](https://docs.aws.amazon.com/goto/DotNetSDKV3/ec2-2016-11-15/ReplaceIamInstanceProfileAssociation)
+ [TerminateInstanceInAutoScalingGroup](https://docs.aws.amazon.com/goto/DotNetSDKV3/autoscaling-2011-01-01/TerminateInstanceInAutoScalingGroup)
+ [UpdateAutoScalingGroup](https://docs.aws.amazon.com/goto/DotNetSDKV3/autoscaling-2011-01-01/UpdateAutoScalingGroup)