需要Visual Studio Team Service的IP范围才能在AWS上创建SG [英] Need IP Range from Visual Studio Team Service to create SG on AWS
问题描述
我们在AWS上拥有基础架构,并且.NET项目开始使用Visual Studio Team Service(VSTS)提供CI / CD,并从那里管理所有构建/发布过程。我们使用的是托管构建服务器,但部署将在AWS IIS服务器(EC2 Windows 8 R2 IIS服务器)上进行。
We have our infrastructure on AWS and our NET Projects are starting to use Visual Studio Team Service (VSTS) to provide CI/CD and manage all the build/release process from there. We are using the Hosted Build Servers but the deploy is going to be on AWS IIS Server (EC2 Windows 8 R2 IIS Server).
我试图找到VSTS的IP范围是什么,以便创建正确的安全组(SG)并将其添加到我们的EC2实例中,但是我不知道范围是多少,它们按区域提供列表,我需要更具体的信息,例如10.73.0.0-10.73.255.255,然后我就可以执行10.73.0.0/16之类的操作。
I was trying to find what is the IP Range for VSTS in order to create the right Security Groups (SG) and added to our EC2 instances but I am unable to know what is the range and they provide the list by region by I need something more specific like 10.73.0.0 - 10.73.255.255 and then I will be able to do something like 10.73.0.0/16.
无论如何,是否有机会知道IP范围是什么,因为现在在我的POC中,您使用的是过于开放的SG,但我需要对此加以限制。
Is there anyway to know what is that IP Range because right now in my POC are you using a too open SG but I need to restrict this.
推荐答案
您可以动态获取当前构建代理的IP地址并动态创建安全组(通过使用适用于.NET的AWS开发工具包)
You can get the IP address of current build agent dynamically and create a security group dynamically (by using AWS SDK for .NET)
- 打开构建定义>选择选项标签>选中允许脚本访问OAuth令牌
- 添加PowerShell步骤/任务(
参数:-RestAddress https://starain.vsdtl.visualstudio.com/DefaultCollection/_apis/vslabs/ipaddress -Token $(System.AccessToken )
)。
- Open build definition > Select Options tab> Check Allow Scripts to Access OAuth Token
- Add PowerShell step/task (
Arguments: -RestAddress https://starain.vsdtl.visualstudio.com/DefaultCollection/_apis/vslabs/ipaddress -Token $(System.AccessToken)
).
PS:
Param (
[string]$RestAddress,
[string]$Token
)
$basicAuth = ("{0}:{1}" -f 'test',$Token)
$basicAuth = [System.Text.Encoding]::UTF8.GetBytes($basicAuth)
$basicAuth = [System.Convert]::ToBase64String($basicAuth)
$headers = @{Authorization=("Basic {0}" -f $basicAuth)}
$result = Invoke-RestMethod -Uri $RestAddress -headers $headers -Method Get
Write-Host $result.value
Write-Host "##vso[task.setvariable variable=CIP;]$($result.value)"
- 在目标计算机上添加PowerShell步骤/任务以调用AWS控制台应用程序。 (您可以通过指定脚本参数来传递CIP(第2步)变量,例如-currentIP $(CIP))
关于创建安全组:在Amazon EC2中创建安全组
这篇关于需要Visual Studio Team Service的IP范围才能在AWS上创建SG的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!