创建安全组 - Amazon SDK for .NET
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

创建安全组

此示例说明如何使用 Amazon SDK for .NET 创建安全组。您可以提供现有 VPC 的 ID,以便在 VPC 中为 EC2 创建安全组。如果您不提供这样的 ID,则新的安全组将适用于 EC2-Classic(前提是您的 Amazon 账户对此支持)。

如果您未提供 VPC ID 且您的 Amazon 账户不支持 EC2-Classic,则新的安全组将属于您账户的默认 VPC。有关更多信息,请参阅父部分(使用 Amazon EC2 中的安全组)中有关 VPC 中的 EC2 与 EC2-Classic 的参考资料。

以下各节提供了此示例的片段。此后显示了该示例的完整代码,并且可以按原样构建和运行。

查找现有安全组

以下代码片段搜索给定 VPC 中具有给定名称的现有安全组。

本主题末尾的示例显示了此片段的使用情况。

// // Method to determine if a security group with the specified name // already exists in the VPC private static async Task<List<SecurityGroup>> FindSecurityGroups( IAmazonEC2 ec2Client, string groupName, string vpcID) { var request = new DescribeSecurityGroupsRequest(); request.Filters.Add(new Filter{ Name = "group-name", Values = new List<string>() { groupName } }); if(!string.IsNullOrEmpty(vpcID)) request.Filters.Add(new Filter{ Name = "vpc-id", Values = new List<string>() { vpcID } }); var response = await ec2Client.DescribeSecurityGroupsAsync(request); return response.SecurityGroups; }

创建安全组

如果给定的 VPC 中不存在具有该名称的组,则以下片段将创建一个新的安全组。如果未给出 VPC,并且存在一个或多个具有该名称的组,则该片段仅返回组列表。

本主题末尾的示例显示了此片段的使用情况。

// // Method to create a new security group (either EC2-Classic or EC2-VPC) // If vpcID is empty, the security group will be for EC2-Classic private static async Task<List<SecurityGroup>> CreateSecurityGroup( IAmazonEC2 ec2Client, string groupName, string vpcID) { // See if one or more security groups with that name // already exist in the given VPC. If so, return the list of them. var securityGroups = await FindSecurityGroups(ec2Client, groupName, vpcID); if (securityGroups.Count > 0) { Console.WriteLine( $"\nOne or more security groups with name {groupName} already exist.\n"); return securityGroups; } // If the security group doesn't already exists, create it. var createRequest = new CreateSecurityGroupRequest{ GroupName = groupName }; if(string.IsNullOrEmpty(vpcID)) { createRequest.Description = "My .NET example security group for EC2-Classic"; } else { createRequest.VpcId = vpcID; createRequest.Description = "My .NET example security group for EC2-VPC"; } CreateSecurityGroupResponse createResponse = await ec2Client.CreateSecurityGroupAsync(createRequest); // Return the new security group DescribeSecurityGroupsResponse describeResponse = await ec2Client.DescribeSecurityGroupsAsync(new DescribeSecurityGroupsRequest{ GroupIds = new List<string>() { createResponse.GroupId } }); return describeResponse.SecurityGroups; }

完整代码

本部分显示了本示例的相关参考和完整代码。

using System; using System.Threading.Tasks; using System.Collections.Generic; using Amazon.EC2; using Amazon.EC2.Model; namespace EC2CreateSecGroup { // = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = // Class to create a security group class Program { private const int MaxArgs = 2; static async Task Main(string[] args) { // Parse the command line and show help if necessary var parsedArgs = CommandLine.Parse(args); if(parsedArgs.Count == 0) { PrintHelp(); return; } if(parsedArgs.Count > MaxArgs) CommandLine.ErrorExit("\nThe number of command-line arguments is incorrect." + "\nRun the command with no arguments to see help."); // Get the application arguments from the parsed list var groupName = CommandLine.GetArgument(parsedArgs, null, "-g", "--group-name"); var vpcID = CommandLine.GetArgument(parsedArgs, null, "-v", "--vpc-id"); if(string.IsNullOrEmpty(groupName)) CommandLine.ErrorExit("\nYou must supply a name for the new group." + "\nRun the command with no arguments to see help."); if(!string.IsNullOrEmpty(vpcID) && !vpcID.StartsWith("vpc-")) CommandLine.ErrorExit($"\nNot a valid VPC ID: {vpcID}"); // groupName has a value and vpcID either has a value or is null (which is fine) // Create the new security group and display information about it var securityGroups = await CreateSecurityGroup(new AmazonEC2Client(), groupName, vpcID); Console.WriteLine("Information about the security group(s):"); foreach(var group in securityGroups) { Console.WriteLine($"\nGroupName: {group.GroupName}"); Console.WriteLine($"GroupId: {group.GroupId}"); Console.WriteLine($"Description: {group.Description}"); Console.WriteLine($"VpcId (if any): {group.VpcId}"); } } // // Method to create a new security group (either EC2-Classic or EC2-VPC) // If vpcID is empty, the security group will be for EC2-Classic private static async Task<List<SecurityGroup>> CreateSecurityGroup( IAmazonEC2 ec2Client, string groupName, string vpcID) { // See if one or more security groups with that name // already exist in the given VPC. If so, return the list of them. var securityGroups = await FindSecurityGroups(ec2Client, groupName, vpcID); if (securityGroups.Count > 0) { Console.WriteLine( $"\nOne or more security groups with name {groupName} already exist.\n"); return securityGroups; } // If the security group doesn't already exists, create it. var createRequest = new CreateSecurityGroupRequest{ GroupName = groupName }; if(string.IsNullOrEmpty(vpcID)) { createRequest.Description = "Security group for .NET code example (no VPC specified)"; } else { createRequest.VpcId = vpcID; createRequest.Description = "Security group for .NET code example (VPC: " + vpcID + ")"; } CreateSecurityGroupResponse createResponse = await ec2Client.CreateSecurityGroupAsync(createRequest); // Return the new security group DescribeSecurityGroupsResponse describeResponse = await ec2Client.DescribeSecurityGroupsAsync(new DescribeSecurityGroupsRequest{ GroupIds = new List<string>() { createResponse.GroupId } }); return describeResponse.SecurityGroups; } // // Method to determine if a security group with the specified name // already exists in the VPC private static async Task<List<SecurityGroup>> FindSecurityGroups( IAmazonEC2 ec2Client, string groupName, string vpcID) { var request = new DescribeSecurityGroupsRequest(); request.Filters.Add(new Filter{ Name = "group-name", Values = new List<string>() { groupName } }); if(!string.IsNullOrEmpty(vpcID)) request.Filters.Add(new Filter{ Name = "vpc-id", Values = new List<string>() { vpcID } }); var response = await ec2Client.DescribeSecurityGroupsAsync(request); return response.SecurityGroups; } // // Command-line help private static void PrintHelp() { Console.WriteLine( "\nUsage: EC2CreateSecGroup -g <group-name> [-v <vpc-id>]" + "\n -g, --group-name: The name you would like the new security group to have." + "\n -v, --vpc-id: The ID of a VPC to which the new security group will belong." + "\n If vpc-id isn't present, the security group will be" + "\n for EC2-Classic (if your AWS account supports this)" + "\n or will use the default VCP for EC2-VPC."); } } // = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = // Class that represents a command line on the console or terminal. // (This is the same for all examples. When you have seen it once, you can ignore it.) static class CommandLine { // // Method to parse a command line of the form: "--key value" or "-k value". // // Parameters: // - args: The command-line arguments passed into the application by the system. // // Returns: // A Dictionary with string Keys and Values. // // If a key is found without a matching value, Dictionary.Value is set to the key // (including the dashes). // If a value is found without a matching key, Dictionary.Key is set to "--NoKeyN", // where "N" represents sequential numbers. public static Dictionary<string,string> Parse(string[] args) { var parsedArgs = new Dictionary<string,string>(); int i = 0, n = 0; while(i < args.Length) { // If the first argument in this iteration starts with a dash it's an option. if(args[i].StartsWith("-")) { var key = args[i++]; var value = key; // Check to see if there's a value that goes with this option? if((i < args.Length) && (!args[i].StartsWith("-"))) value = args[i++]; parsedArgs.Add(key, value); } // If the first argument in this iteration doesn't start with a dash, it's a value else { parsedArgs.Add("--NoKey" + n.ToString(), args[i++]); n++; } } return parsedArgs; } // // Method to get an argument from the parsed command-line arguments // // Parameters: // - parsedArgs: The Dictionary object returned from the Parse() method (shown above). // - defaultValue: The default string to return if the specified key isn't in parsedArgs. // - keys: An array of keys to look for in parsedArgs. public static string GetArgument( Dictionary<string,string> parsedArgs, string defaultReturn, params string[] keys) { string retval = null; foreach(var key in keys) if(parsedArgs.TryGetValue(key, out retval)) break; return retval ?? defaultReturn; } // // Method to exit the application with an error. public static void ErrorExit(string msg, int code=1) { Console.WriteLine("\nError"); Console.WriteLine(msg); Environment.Exit(code); } } }