需要Visual Studio Team Service的IP范围才能在AWS上创建SG [英] Need IP Range from Visual Studio Team Service to create SG on AWS

问题描述

我们在AWS上拥有基础架构，并且.NET项目开始使用Visual Studio Team Service（VSTS）提供CI / CD，并从那里管理所有构建/发布过程。我们使用的是托管构建服务器，但部署将在AWS IIS服务器（EC2 Windows 8 R2 IIS服务器）上进行。

We have our infrastructure on AWS and our NET Projects are starting to use Visual Studio Team Service (VSTS) to provide CI/CD and manage all the build/release process from there. We are using the Hosted Build Servers but the deploy is going to be on AWS IIS Server (EC2 Windows 8 R2 IIS Server).

我试图找到VSTS的IP范围是什么，以便创建正确的安全组（SG）并将其添加到我们的EC2实例中，但是我不知道范围是多少，它们按区域提供列表，我需要更具体的信息，例如10.73.0.0-10.73.255.255，然后我就可以执行10.73.0.0/16之类的操作。

I was trying to find what is the IP Range for VSTS in order to create the right Security Groups (SG) and added to our EC2 instances but I am unable to know what is the range and they provide the list by region by I need something more specific like 10.73.0.0 - 10.73.255.255 and then I will be able to do something like 10.73.0.0/16.

无论如何，是否有机会知道IP范围是什么，因为现在在我的POC中，您使用的是过于开放的SG，但我需要对此加以限制。

Is there anyway to know what is that IP Range because right now in my POC are you using a too open SG but I need to restrict this.

推荐答案

您可以动态获取当前构建代理的IP地址并动态创建安全组（通过使用适用于.NET的AWS开发工具包）

You can get the IP address of current build agent dynamically and create a security group dynamically (by using AWS SDK for .NET)

1. 打开构建定义>选择选项标签>选中允许脚本访问OAuth令牌


2. 添加PowerShell步骤/任务（参数：-RestAddress https://starain.vsdtl.visualstudio.com/DefaultCollection/_apis/vslabs/ipaddress -Token $（System.AccessToken ））。

1. Open build definition > Select Options tab> Check Allow Scripts to Access OAuth Token
2. Add PowerShell step/task (Arguments: -RestAddress https://starain.vsdtl.visualstudio.com/DefaultCollection/_apis/vslabs/ipaddress -Token $(System.AccessToken)).

PS：

Param (
    [string]$RestAddress,
    [string]$Token
    )
$basicAuth = ("{0}:{1}" -f 'test',$Token)
$basicAuth = [System.Text.Encoding]::UTF8.GetBytes($basicAuth)
$basicAuth = [System.Convert]::ToBase64String($basicAuth)
$headers = @{Authorization=("Basic {0}" -f $basicAuth)}
$result = Invoke-RestMethod -Uri $RestAddress -headers $headers -Method Get
Write-Host $result.value
Write-Host "##vso[task.setvariable variable=CIP;]$($result.value)"

1. 在目标计算机上添加PowerShell步骤/任务以调用AWS控制台应用程序。 （您可以通过指定脚本参数来传递CIP（第2步）变量，例如-currentIP $（CIP））

关于创建安全组：在Amazon EC2中创建安全组

这篇关于需要Visual Studio Team Service的IP范围才能在AWS上创建SG的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！