创建安全组 - 适用于 .NET 的 AWS 开发工具包
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

创建安全组

此示例向您展示如何使用 适用于 .NET 的 AWS 开发工具包 创建授权组。您可以提供现有VPC的ID,以在VPC中为EC2创建授权组。如果您不提供此类ID,新的授权组将为EC2-Classic,如果您 AWS 帐户支持此。

如果您没有提供VPCID和您的 AWS 帐户不支持EC2-经典,新授权组将属于您的帐户的默认VPC。有关更多信息,请参见VPC与EC2中的EC2参考和父级的EC2经典部分(在中与授权组合作 Amazon EC2)。

以下部分提供了此示例的片段。的 示例的完整代码 之后显示,并且可以按原样构建和运行。

查找现有授权组

以下代码段在给定的VPC中搜索具有给定名称的现有安全组。

示例 在本主题结束时 显示此片段正在使用。

// // Method to determine if a security group with the specified name // already exists in the VPC private static async Task<List<SecurityGroup>> FindSecurityGroups( IAmazonEC2 ec2Client, string groupName, string vpcID) { var request = new DescribeSecurityGroupsRequest(); request.Filters.Add(new Filter{ Name = "group-name", Values = new List<string>() { groupName } }); if(!string.IsNullOrEmpty(vpcID)) request.Filters.Add(new Filter{ Name = "vpc-id", Values = new List<string>() { vpcID } }); var response = await ec2Client.DescribeSecurityGroupsAsync(request); return response.SecurityGroups; }

创建安全组

如果给定VPC中不存在具有该名称的组,则以下代码段会创建新的安全组。如果未提供VPC且存在具有该名称的一个或多个组,则代码段仅返回组列表。

示例 在本主题结束时 显示此片段正在使用。

// // Method to create a new security group (either EC2-Classic or EC2-VPC) // If vpcID is empty, the security group will be for EC2-Classic private static async Task<List<SecurityGroup>> CreateSecurityGroup( IAmazonEC2 ec2Client, string groupName, string vpcID) { // See if one or more security groups with that name // already exist in the given VPC. If so, return the list of them. var securityGroups = await FindSecurityGroups(ec2Client, groupName, vpcID); if (securityGroups.Count > 0) { Console.WriteLine( $"\nOne or more security groups with name {groupName} already exist.\n"); return securityGroups; } // If the security group doesn't already exists, create it. var createRequest = new CreateSecurityGroupRequest{ GroupName = groupName }; if(string.IsNullOrEmpty(vpcID)) { createRequest.Description = "My .NET example security group for EC2-Classic"; } else { createRequest.VpcId = vpcID; createRequest.Description = "My .NET example security group for EC2-VPC"; } CreateSecurityGroupResponse createResponse = await ec2Client.CreateSecurityGroupAsync(createRequest); // Return the new security group DescribeSecurityGroupsResponse describeResponse = await ec2Client.DescribeSecurityGroupsAsync(new DescribeSecurityGroupsRequest{ GroupIds = new List<string>() { createResponse.GroupId } }); return describeResponse.SecurityGroups; }

完整代码

本节显示此示例的相关参考和完整代码。

NuGet 程序包:

编程元素:

using System; using System.Threading.Tasks; using System.Collections.Generic; using Amazon.EC2; using Amazon.EC2.Model; namespace EC2CreateSecGroup { // = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = // Class to create a security group class Program { private const int MaxArgs = 2; static async Task Main(string[] args) { // Parse the command line and show help if necessary var parsedArgs = CommandLine.Parse(args); if(parsedArgs.Count == 0) { PrintHelp(); return; } if(parsedArgs.Count > MaxArgs) CommandLine.ErrorExit("\nThe number of command-line arguments is incorrect." + "\nRun the command with no arguments to see help."); // Get the application parameters from the parsed arguments var groupName = CommandLine.GetParameter(parsedArgs, null, "-g", "--group-name"); var vpcID = CommandLine.GetParameter(parsedArgs, null, "-v", "--vpc-id"); if(string.IsNullOrEmpty(groupName)) CommandLine.ErrorExit("\nYou must supply a name for the new group." + "\nRun the command with no arguments to see help."); if(!string.IsNullOrEmpty(vpcID) && !vpcID.StartsWith("vpc-")) CommandLine.ErrorExit($"\nNot a valid VPC ID: {vpcID}"); // groupName has a value and vpcID either has a value or is null (which is fine) // Create the new security group and display information about it var securityGroups = await CreateSecurityGroup(new AmazonEC2Client(), groupName, vpcID); Console.WriteLine("Information about the security group(s):"); foreach(var group in securityGroups) { Console.WriteLine($"\nGroupName: {group.GroupName}"); Console.WriteLine($"GroupId: {group.GroupId}"); Console.WriteLine($"Description: {group.Description}"); Console.WriteLine($"VpcId (if any): {group.VpcId}"); } } // // Method to create a new security group (either EC2-Classic or EC2-VPC) // If vpcID is empty, the security group will be for EC2-Classic private static async Task<List<SecurityGroup>> CreateSecurityGroup( IAmazonEC2 ec2Client, string groupName, string vpcID) { // See if one or more security groups with that name // already exist in the given VPC. If so, return the list of them. var securityGroups = await FindSecurityGroups(ec2Client, groupName, vpcID); if (securityGroups.Count > 0) { Console.WriteLine( $"\nOne or more security groups with name {groupName} already exist.\n"); return securityGroups; } // If the security group doesn't already exists, create it. var createRequest = new CreateSecurityGroupRequest{ GroupName = groupName }; if(string.IsNullOrEmpty(vpcID)) { createRequest.Description = "My .NET example security group for EC2-Classic"; } else { createRequest.VpcId = vpcID; createRequest.Description = "My .NET example security group for EC2-VPC"; } CreateSecurityGroupResponse createResponse = await ec2Client.CreateSecurityGroupAsync(createRequest); // Return the new security group DescribeSecurityGroupsResponse describeResponse = await ec2Client.DescribeSecurityGroupsAsync(new DescribeSecurityGroupsRequest{ GroupIds = new List<string>() { createResponse.GroupId } }); return describeResponse.SecurityGroups; } // // Method to determine if a security group with the specified name // already exists in the VPC private static async Task<List<SecurityGroup>> FindSecurityGroups( IAmazonEC2 ec2Client, string groupName, string vpcID) { var request = new DescribeSecurityGroupsRequest(); request.Filters.Add(new Filter{ Name = "group-name", Values = new List<string>() { groupName } }); if(!string.IsNullOrEmpty(vpcID)) request.Filters.Add(new Filter{ Name = "vpc-id", Values = new List<string>() { vpcID } }); var response = await ec2Client.DescribeSecurityGroupsAsync(request); return response.SecurityGroups; } // // Command-line help private static void PrintHelp() { Console.WriteLine( "\nUsage: EC2CreateSecGroup -g <group-name> [-v <vpc-id>]" + "\n -g, --group-name: The name you would like the new security group to have." + "\n -v, --vpc-id: The ID of a VPC to which the new security group will belong." + "\n If vpc-id isn't present, the security group will be for EC2-Classic" + "\n instead of EC2-VPC (if your AWS account supports this)."); } } // = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = // Class that represents a command line on the console or terminal. // (This is the same for all examples. When you have seen it once, you can ignore it.) static class CommandLine { // Method to parse a command line of the form: "--param value" or "-p value". // If "param" is found without a matching "value", Dictionary.Value is an empty string. // If "value" is found without a matching "param", Dictionary.Key is "--NoKeyN" // where "N" represents sequential numbers. public static Dictionary<string,string> Parse(string[] args) { var parsedArgs = new Dictionary<string,string>(); int i = 0, n = 0; while(i < args.Length) { // If the first argument in this iteration starts with a dash it's an option. if(args[i].StartsWith("-")) { var key = args[i++]; var value = string.Empty; // Is there a value that goes with this option? if((i < args.Length) && (!args[i].StartsWith("-"))) value = args[i++]; parsedArgs.Add(key, value); } // If the first argument in this iteration doesn't start with a dash, it's a value else { parsedArgs.Add("--NoKey" + n.ToString(), args[i++]); n++; } } return parsedArgs; } // // Method to get a parameter from the parsed command-line arguments public static string GetParameter( Dictionary<string,string> parsedArgs, string def, params string[] keys) { string retval = null; foreach(var key in keys) if(parsedArgs.TryGetValue(key, out retval)) break; return retval ?? def; } // // Exit with an error. public static void ErrorExit(string msg, int code=1) { Console.WriteLine("\nError"); Console.WriteLine(msg); Environment.Exit(code); } } }