By using AWS re:Post, you agree to the Terms of Use
/Creating EC2 Ingress rule in C#/

Creating EC2 Ingress rule in C#


I'm trying to create an ingress rule in C# and I'm getting an error at runtime. Here's the relevant code: `

        ///////////BEGIN Set Vars//////////////////////
        Amazon.EC2.AmazonEC2Client ec2Client = new Amazon.EC2.AmazonEC2Client();
        Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest secRequest = new 
        Amazon.EC2.Model.IpPermission ipPerm = new Amazon.EC2.Model.IpPermission();
        Amazon.EC2.Model.IpRange ipRange = new Amazon.EC2.Model.IpRange();
        List<Amazon.EC2.Model.IpPermission> ipRangeList = new List<Amazon.EC2.Model.IpPermission>();

        ///////////END Set Vars////////////////////////

        ///////////BEGIN IP Range//////////////////////

        ipRange.CidrIp = "";
        ipRange.Description = "My new IP rule";
        ///////////END IP Range////////////////////////

        ///////////BEGIN IP Perms//////////////////////
        ipPerm.IpProtocol = "tcp";
        ipPerm.ToPort = 3389;
        ipPerm.FromPort = 3389;
        ///////////END IP Perms////////////////////////

If I just try to add ipRange as a range to ipPerm, the precompiler complains that it needs to be type of List<Amazon.EC2.Model.IpPermission>.

When I use the code above and cast it to List<Amazon.EC2.Model.IpPermission>, the precompiler gets happy, but I get a runtime error:

** Message=Unable to cast object of type 'System.Collections.Generic.List1[Amazon.EC2.Model.IpPermission]' to type 'System.Collections.Generic.IEnumerable1[Amazon.EC2.Model.IpRange]'. Source=System.Private.CoreLib StackTrace: at System.Runtime.CompilerServices.CastHelpers.ChkCastAny(Void* toTypeHnd, Object obj) at AWSFirewall.Program.Main(String[] args) in C:\Users\SeanMcCown\source\repos\AWSFirewall\Program.cs:line 44**

asked 11 days ago29 views
1 Answers

You are trying to cast incompatible types, so the .NET runtime generates an exception. You want to add a list of IpPermission objects into a list of IpRange objects, which is not possible.

Please refer to the AWS SDK documentation about Updating security groups.

There, you can find a code snippet that shows you how to add an ingress rule to a security group:

async Task AddIngressRuleAsync(IAmazonEC2 eC2Client, string groupID, string ipAddress, int port)
  // Create an object to hold the request information for the rule.
  // It uses an IpPermission object to hold the IP information for the rule.
  var ingressRequest = new AuthorizeSecurityGroupIngressRequest { GroupId = groupID };
  ingressRequest.IpPermissions.Add(new IpPermission
    IpProtocol = "tcp",
    FromPort = port,
    ToPort = port,
    Ipv4Ranges = new List<IpRange> { new IpRange { CidrIp = ipAddress } }

  // Create the inbound rule for the security group
  var responseIngress = await eC2Client.AuthorizeSecurityGroupIngressAsync(ingressRequest);
  Console.WriteLine($"\nNew RDP rule was written in {groupID} for {ipAddress}.");
  Console.WriteLine($"Result: {responseIngress.HttpStatusCode}");

You can then use this method to update the security group with your desired permissions:

var ec2Client = new Amazon.EC2.AmazonEC2Client();
var sgId = "your-security-group-id";
var cidr = "";
var port = 3389;
await AddIngressRuleAsync(ec2Client, sgId, cidr, port);
answered 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions