AWS Toolkit for Visual Studio

(1)

AWS Toolkit for Visual Studio: User Guide

(2)

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be aﬃliated with, connected to, or sponsored by Amazon.

(3)

AWS CloudFormation ... 2

AWS Identity and Access Management (IAM) ... 2

Related Information ... 2

Setting Up the AWS Toolkit for Visual Studio ... 4

Setting up the AWS Toolkit for Visual Studio ... 4

Prerequisites ... 4

Install the Toolkit for Visual Studio ... 4

Uninstall the Toolkit for Visual Studio ... 5

Older versions of the Toolkit for Visual Studio ... 6

Providing AWS credentials ... 6

Credentials locations ... 7

Options for conﬁguring credentials ... 7

Creating proﬁles for AWS credentials ... 7

Using AWS SSO ... 11

Using MFA ... 12

Using external credentials ... 15

Using the Toolkit for Visual Studio ... 15

Proﬁles and Toolkit for Visual Studio Window Binding ... 15

Working with AWS Services ... 17

Managing Amazon EC2 Instances ... 17

The Amazon Machine Images and Amazon EC2 Instances Views ... 17

Launching an Amazon EC2 Instance ... 19

Connecting to an Amazon EC2 Instance ... 22

Ending an Amazon EC2 Instance ... 25

Managing Amazon ECS Instances ... 27

Modifying service properties ... 27

Stopping a task ... 27

Deleting a service ... 27

Deleting a cluster ... 28

Creating a repository ... 28

Deleting a repository ... 28

Managing Security Groups from AWS Explorer ... 28

Creating a Security Group ... 29

Adding Permissions to Security Groups ... 29

Create an AMI from an Amazon EC2 Instance ... 31

Setting Launch Permissions on an Amazon Machine Image ... 32

Amazon Virtual Private Cloud (VPC) ... 33

Creating a Public-Private VPC for Deployment with AWS Elastic Beanstalk ... 34

Deployment Using the AWS Toolkit ... 37

Publish to AWS (preview feature) ... 38

Deploying to Elastic Beanstalk ... 42

Deploying to Amazon EC2 Container Service ... 81

Using the AWS CloudFormation Template Editor for Visual Studio ... 92

(4)

Creating an AWS CloudFormation Template Project in Visual Studio ... 92

Deploying a AWS CloudFormation Template in Visual Studio ... 94

Estimating the Cost of Your AWS CloudFormation Template Project in Visual Studio ... 96

Formatting a AWS CloudFormation Template in Visual Studio ... 98

Using Amazon S3 from AWS Explorer ... 99

Creating an Amazon S3 Bucket ... 99

Managing Amazon S3 Buckets from AWS Explorer ... 100

Uploading Files and Folders to Amazon S3 ... 101

Amazon S3 File Operations from AWS Toolkit for Visual Studio ... 102

Using DynamoDB from AWS Explorer ... 106

Creating an DynamoDB Table ... 107

Viewing an DynamoDB Table as a Grid ... 108

Editing and Adding Attributes and Values ... 109

Scanning an DynamoDB Table ... 110

Using AWS CodeCommit with Visual Studio Team Explorer ... 112

Credential Types for AWS CodeCommit ... 112

Connecting to AWS CodeCommit ... 112

Creating a Repository ... 113

Setting up Git Credentials ... 114

Cloning a Repository ... 117

Working with Repositories ... 117

Using CodeArtifact in Visual Studio ... 118

Add your CodeArtifact repository as a NuGet package source ... 118

Amazon RDS from AWS Explorer ... 119

Launch an Amazon RDS Database Instance ... 119

Create a Microsoft SQL Server Database in an RDS Instance ... 125

Amazon RDS Security Groups ... 127

Using Amazon SimpleDB from AWS Explorer ... 130

Using Amazon SQS from AWS Explorer ... 131

Creating a Queue ... 132

Deleting a Queue ... 132

Managing Queue Properties ... 132

Sending a Message to a Queue ... 133

Identity and Access Management ... 134

Create and Conﬁgure an IAM User ... 134

Create an IAM Group ... 135

Add an IAM User to an IAM Group ... 136

Generate Credentials for an IAM User ... 137

Create an IAM Role ... 139

Create an IAM Policy ... 140

Using the AWS Lambda Templates in the AWS Toolkit for Visual Studio ... 142

Basic AWS Lambda Project ... 142

Basic AWS Lambda Project Creating Docker Image ... 149

Tutorial: Build and Test a Serverless Application with AWS Lambda ... 154

Tutorial: Creating an Amazon Rekognition Lambda Application ... 164

Tutorial: Using Amazon Logging Frameworks with AWS Lambda to Create Application Logs ... 172

Deploying an AWS Lambda Project with the .NET Core CLI ... 173

Prerequisites ... 174

AWS Toolkit for Visual Studio

This is the user guide for the AWS Toolkit for Visual Studio. If you are looking for the AWS Toolkit for VS Code, see the User Guide for the AWS Toolkit for Visual Studio Code.

What is the Toolkit for Visual Studio

The AWS Toolkit for Visual Studio is a plugin for the Visual Studio IDE that makes it easier for you to develop, debug, and deploy .NET applications that use Amazon Web Services. The Toolkit for Visual Studio is supported for Visual Studio versions 2017 and later. For details about how to download and install the kit, see Install the Toolkit for Visual Studio (p. 4).

Note

The Toolkit for Visual Studio was also released for Visual Studio 2008, 2010, 2012, 2013, and 2015 versions. However, those versions are no longer supported. For more information, see Install the Toolkit for Visual Studio (p. 4).

The Toolkit for Visual Studio contains the following features to enhance your development experience.

AWS Explorer

The AWS Explorer tool window, available from the IDE's View menu, enables you to interact with many of the AWS services from inside the Visual Studio IDE. Supported data services include Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Notiﬁcation Service (Amazon SNS), Amazon Simple Queue Service (Amazon SQS), and Amazon CloudFront. AWS Explorer also provides access to Amazon Elastic Compute Cloud (Amazon EC2) management, AWS Identity and Access Management (IAM) user and policy management, deployment of serverless applications and functions to AWS Lambda and deployment of web applications to AWS Elastic Beanstalk and AWS CloudFormation.

Credential and Region Management

AWS Explorer supports multiple AWS accounts (including IAM user accounts) and regions, and enables you to easily change the displayed view from one account to another or view and manage resources and services in diﬀerent regions.

Amazon EC2

From AWS Explorer, you can view available Amazon Machine Images (AMIs), create Amazon EC2 instances from those AMIs, and then connect to those instances by using Windows Remote Desktop. AWS Explorer also enables supporting functionality, such as the capability to create and manage key pairs and security groups.

AWS Lambda

You can use Lambda to host your serverless .NET Core C# functions and serverless applications. Use blueprints to quickly create new serverless projects and get a head start in developing your serverless application.

(7)

Amazon S3

You can quickly and easily upload content to Amazon S3 buckets by dragging and dropping, or download content from Amazon S3. You can also set permissions, metadata, and tags conveniently on objects in buckets.

Amazon RDS

AWS Explorer can help you create and manage Amazon RDS assets in Visual Studio. Amazon RDS instances that use Microsoft SQL Server can also be added to Visual Studio's Server Explorer.

AWS Elastic Beanstalk

You can use Elastic Beanstalk to deploy your .NET web application projects to AWS. You can deploy your application to a single instance environment or to a fully load balanced, automatically scaled environment from within the IDE. You can also deploy new versions of your application quickly and conveniently without leaving Visual Studio. If your application uses SQL Server in Amazon RDS, the deployment wizard can also set up the connectivity between your application environment in Elastic Beanstalk and the database instance in Amazon RDS. The Toolkit for Visual Studio also includes the standalone command-line deployment tool. Use the deployment tool to make deployment an automatic part of your build process, or to include deployment in other scripting scenarios outside of Visual Studio.

AWS CloudFormation

You can use the Toolkit for Visual Studio to edit AWS CloudFormation JSON-format templates with support for editor IntelliSense and syntax highlighting. With a AWS CloudFormation template you describe the resources you want to instantiate to host your application. From within the IDE you then deploy the template to AWS CloudFormation. The resources described in the template are provisioned for you, freeing you to focus on developing the application's functionality.

AWS Identity and Access Management (IAM)

From AWS Explorer, you can create IAM users, roles, and policies, and attach policies to users.

Related Information

To open an issues or view currently open issues, visit https://github.com/aws/aws-toolkit-visual-studio/

issues.

(8)

To learn more about Visual Studio, visit https://visualstudio.microsoft.com/vs/.

(9)

• Setting up the AWS Toolkit for Visual Studio (p. 4)

• Providing AWS credentials (p. 6)

• Using the Toolkit for Visual Studio (p. 15)

Setting up the AWS Toolkit for Visual Studio

This topic describes how to install and conﬁgure the Toolkit for Visual Studio.

Prerequisites

To install and conﬁgure the Toolkit for Visual Studio, you must:

• Have an AWS account. This account enables you to use AWS services. To get an AWS account, on the AWS home page, choose Create an AWS Account.

• Run a supported operating system: Windows 10, Windows 8, or Windows 7.

We recommend that you install the latest service packs and updates for the Windows version you're using.

• Visual Studio 2017 or later (including Community editions).

We recommend that you install the latest service packs and updates.

NoteThe Toolkit for Visual Studio is still available if you're using Visual Studio versions 2008, 2010, 2012, 2013, and 2015 (including Express editions where available). However, these versions aren't supported. For Express editions, the installation includes only the AWS project templates.

Visual Studio Express editions don't support third-party extensions, such as AWS Explorer. Find links to these older versions of the Toolkit for Visual Studio below in Older Versions of the Toolkit for Visual Studio (p. 6).

Install the Toolkit for Visual Studio

Install for Visual Studio 2022

The Toolkit for Visual Studio for Visual Studio 2022 is distributed in the Visual Studio Marketplace.

You can also install and update the toolkit within Visual Studio by using the main menu to navigate.

(10)

In the upper-right search box, search for AWS and choose Download for the "AWS Toolkit for Visual Studio 2022". Choose Close.

After the toolkit has been installed, open it by choosing AWS Explorer from the View heading in the main menu.

Install for Visual Studio 2017 and Visual Studio 2019

The Toolkit for Visual Studio for Visual Studio 2017 and Visual Studio 2019 is distributed in the Visual Studio Marketplace. You can also install and update the toolkit within Visual Studio by using the main menu to navigate.

• (Visual Studio 2019) Extensions ≫ Manage Extensions

• (Visual Studio 2017) Tools ≫ Extensions and Updates

In the upper-right search box, search for AWS and choose Download for the "AWS Toolkit for Visual Studio 2017 and 2019". Choose Close.

After the toolkit has been installed, open it by choosing AWS Explorer from the View menu.

Install for Visual Studio 2013 and Visual Studio 2015

The Toolkit for Visual Studio for Visual Studio 2013 and Visual Studio 2015 are part of the AWS Tools for Windows. You can install the AWS Tools for Windows for these versions as follows.

1. Navigate to the page AWS Toolkit for Visual Studio.

2. In the Download section, choose Toolkit for Visual Studio 2013-2015 to download the installer.

3. To start the installation, run the downloaded installer and follow the instructions.

NoteBy default, the Toolkit for Visual Studio is installed in the Program Files directory, which requires administrator privileges. To install the Toolkit for Visual Studio as a non- administrator, specify a diﬀerent installation directory.

Uninstall the Toolkit for Visual Studio

Uninstall for Visual Studio 2022

Uninstall Toolkit for Visual Studio from within Visual Studio 2022 by using the main menu and navigating to: Extensions ≫ Manage Extensions.

Uninstall for Visual Studio 2017 and Visual Studio 2019

Uninstall the Toolkit for Visual Studio from within Visual Studio by using Tools ≫ Extensions and Updates (Visual Studio 2017) or Extensions ≫ Manage Extensions (Visual Studio 2019).

Uninstall for Visual Studio 2013 and Visual Studio 2015

To uninstall the Toolkit for Visual Studio, you must uninstall the AWS Tools for Windows.

1. In Control Panel, open Programs and Features.

NoteTo open Programs and Features directly, run appwiz.cpl from a command prompt or the Windows Run dialog.

2. Choose AWS Tools for Windows, and then choose Uninstall.

(11)

3. If prompted, choose Yes.

Uninstalling the AWS Tools for Windows doesn't remove the Samples directory. This directory is preserved in case you have modiﬁed the samples. You have to manually remove this directory.

Older versions of the Toolkit for Visual Studio

Visual Studio 2008—Install the Toolkit for Visual Studio 2008 from https://sdk-for- net.amazonwebservices.com/latest/AWSToolkitForVisualStudio2008.msi.

Visual Studio 2010 and 2012—Install the Toolkit for Visual Studio for Visual Studio 2010 and 2012 from https://sdk-for-net.amazonwebservices.com/latest/AWSToolkitForVisualStudio2010-2012.msi.

Providing AWS credentials

Before you can use the Toolkit for Visual Studio, you must provide one or more sets of valid AWS credentials. These credentials allow you to access your AWS resources through the Toolkit for Visual Studio. They're also used to sign programmatic web services requests so that AWS can verify that the request comes from an authorized source.

Important

AWS credentials consist of an access key ID and secret access key. We recommend that you do NOT use your account's root credentials. Instead, create one or more IAM users, and then use those credentials. For additional information, see Using IAM Users and Best Practices for Managing AWS Access Keys.

(12)

Credentials locations

The Toolkit for Visual Studio supports multiple sets of credentials from any number of AWS accounts.

Each credentials set is referred to as a proﬁle. The Toolkit for Visual Studio works with proﬁles stored in the following locations:

• Shared AWS ﬁles: By default, these ﬁles are located in the .aws directory in your home directory and are named config and credentials. (The location of your home directory varies based on the operating system, but is referred to using the environment variables %UserProfile% in Windows and

$HOME or ~ (tilde) in Unix-based systems.)

Credentials stored in these ﬁles are in plaintext, and are accessible by the AWS CLI and the AWS SDKs.

For more information, see Where Are Conﬁguration Settings Stored? in the AWS Command Line Interface User Guide.

• SDK Store: On Windows systems, the SDK Store is another place to create proﬁles and store encrypted credentials for your AWS for .NET applications. It's located in %USERPROFILE%\AppData\Local

\AWSToolkit\RegisteredAccounts.json. You can use the SDK Store during development as an alternative to the shared AWS credentials ﬁle.

Credentials stored here are encrypted on your machine, and are speciﬁc to your Windows user account.

They can't be decrypted or used elsewhere.

For more information, see Conﬁguring AWS credentials in the AWS SDK for .NET Developer Guide.

Options for conﬁguring credentials

To work with AWS services using the Toolkit for Visual Studio, you need to configure at least one credential profile that's available in either the shared AWS credentials file or the SDK Store.

For options for obtaining the necessary access keys and adding them to a profile that's stored in either a shared AWS credentials file or SDK Store, see Creating profiles for your AWS credentials (p. 7). And you can enhance your access credentials by adding entries to profiles that define how to use AWS Single Sign-On (AWS SSO) (p. 11) and multi-factor authentication (MFA) (p. 12).

Topics

• Creating proﬁles for your AWS credentials (p. 7)

• Using AWS SSO credentials in AWS Toolkit for Visual Studio (p. 11)

• Using multi-factor authentication (MFA) in Toolkit for Visual Studio (p. 12)

• Using external credentials (p. 15)

Creating proﬁles for your AWS credentials

Configuring access credentials for Toolkit for Visual Studio involves obtaining access keys and adding those keys to a set of credentials called a profile. You can store multiple profiles in shared AWS credentials files or in the SDK Store.

You've several options for adding proﬁles to your AWS credentials:

• Using the AWS Explorer interface available in the Toolkit for Visual Studio

• Editing the credentials ﬁle with a text editor

(13)

1. To get your access keys (consisting of an access key ID and secret access key), go to the IAM console at https://console.aws.amazon.com/iam/.

2. Choose Users from the navigation bar and then choose your AWS user name (not the check box).

3. Choose the Security credentials tab, and then choose Create access key.

NoteIf you already have an access key but you can't access your secret key, make the old key inactive and create a new one.

4. In the dialog box that shows your access key ID and secret access key, choose Download .csv ﬁle to store this information in a secure location.

After you've stored your access keys securely, you can then add them to the set of credentials deﬁned by a proﬁle.

Using AWS Explorer to add a proﬁle to the SDK Store or the shared AWS credentials ﬁles

To add a proﬁle to the SDK Credential Store or the shared AWS credentials ﬁle:

1. To open AWS Explorer in Visual Studio, choose View, AWS Explorer.

2. Choose the New Account Proﬁle icon to the right of the Credentials: list.

(14)

3. To create a credential proﬁle, enter the following data into the dialog box and then choose OK.

Note

When you create an account in the AWS Management Console, or when you create an IAM user and set up credentials for the user, you are given the opportunity to download and save the generated credentials as a .csv file. (This is NOT the shared AWS credentials file.) If you have downloaded this file, you can choose Import from csv file... to browse for the file and automatically import the access key ID and secret access key into the dialog box.

Proﬁle Name

(Required) The proﬁle's display name.

Storage Location

(Required) Choose whether to use the SDK Credential Store or the shared AWS credentials ﬁle.

Access Key ID

(Required) The access key ID.

Secret Access Key

(15)

For example, if you have rotated an IAM user's credentials—a recommended practice—you can edit the proﬁle to update the user's credentials in the SDK Store or shared AWS credentials ﬁle. For more information, see IAM Credential Rotation.

Important

You can't edit a profile that supports advanced access features such as AWS SSO (p. 11) or MFA (p. 12) in the Edit Profile dialog box. For these types of profile, use your preferred text editor (p. 10).

Adding a proﬁle by editing the shared AWS credentials ﬁle

Instead of managing profiles with the Toolkit for Visual Studio interface, you can update credentials information by editing the shared AWS credentials file using your preferred text editor. On Windows systems, this file is called C:\Users\USERNAME\.aws\credentials.

This ﬁle should contain lines in the following format:

[default]

aws_access_key_id = YOUR_ACCESS_KEY_ID

aws_secret_access_key = YOUR_SECRET_ACCESS_KEY

You can use a role by creating a profile for the role. The following example shows a role profile named assumed-role that is assumed by the default profile.

[assume-role-test]

role_arn = arn:aws:iam::123456789012:role/assumed-role source_profile = default

In this case, the default profile is an IAM user with credentials and permission to assume a role named assumed-role. To access the role, you create a named profile, in this case assume-role-test. Instead of configuring this profile with credentials, you specify the ARN of the role and the name of the profile that has access to it.

For an EC2 instance, specify an IAM role and then give your EC2 instance access to that role. See IAM Roles for Amazon EC2 in the Amazon EC2 User Guide for Linux Instances for a detailed discussion about how this works.

Using aws configure to create a proﬁle

You can also use the AWS CLI command aws configure to create a proﬁle named default in the credentials ﬁle.

(16)

When you enter aws configure at the command line, you're asked for four pieces of information:

• Access key ID

• Secret access key

• AWS Region

• Output format

The following example shows sample values:

$ aws configure

AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE

AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]: us-west-2

Default output format [None]: json

Toolkit for Visual Studio also supports the following conﬁguration properties:

aws_access_key_id aws_secret_access_key aws_session_token credential_process credential_source external_id mfa_serial role_arn

role_session_name source_profile sso_account_id sso_region sso_role_name sso_start_url

For more information, see Conﬁguring the AWS CLI in the AWS Command Line Interface User Guide.

Using AWS SSO credentials in AWS Toolkit for Visual Studio

AWS Single Sign-On (AWS SSO) is a cloud-based single sign-on (SSO) service that makes it easy to centrally manage SSO access to all of your AWS accounts and cloud applications.

To connect with AWS Single Sign-On (AWS SSO), you must complete the following prerequisite:

• Set up AWS SSO – This includes choosing your identity source and setting up AWS SSO access to your AWS accounts. For more information, see Getting started in the AWS Single Sign-On User Guide.

After AWS SSO is set for your AWS accounts, you can define a named profile in the credentials file or config file that you use to retrieve temporary credentials for your AWS account. This profile definition specifies the AWS SSO user portal as well as the AWS account and IAM role associated with the user requesting access.

To add an AWS SSO proﬁle

The following procedure outlines how to add an AWS SSO proﬁle to your credentials or config ﬁle.

(17)

region = us-west-2

Important

Do not use the word profile when creating an entry in the credentials file. This is because the credentials file uses a different naming format than the config file. Include the prefix word profile_ only when configuring a named profile in the config file.

When you assign values for your proﬁle, keep the following in mind:

• sso_start_url: The URL that points to your organization's AWS SSO user portal.

• sso_region: The AWS Region that contains your AWS SSO portal host. This can be diﬀerent from the AWS Region speciﬁed later in the default region parameter.

• sso_account_id: The AWS account ID that contains the IAM role with the permission that you want to grant to this AWS SSO user.

• sso_role_name: The name of the IAM role that deﬁnes the user's permissions when using this proﬁle to get credentials through AWS SSO.

• region: The default AWS Region that this AWS SSO user signs into.

NoteYou can also add an AWS SSO enabled proﬁle to your AWS CLI by running the aws configure sso command. After running this command, you provide values for the AWS SSO start URL (sso_start_url) and the AWS Region (region) that hosts the AWS SSO directory.

For more information, see Conﬁguring the AWS CLI to use AWS Single Sign-On in the AWS Command Line Interface User Guide.

Signing in with AWS SSO

When signing in with an AWS SSO proﬁle, the default browser is launched to the speciﬁed portal. You must verify your AWS SSO login before you can access your AWS resources in AWS Toolkit for Visual Studio. If your credentials expire, you'll have to repeat the connection process to obtain new temporary credentials.

Using multi-factor authentication (MFA) in Toolkit for Visual Studio

Multi-factor authentication (MFA) oﬀers increased security because it requires users to provide unique authentication from an AWS supported MFA mechanism in addition to their regular sign-in credentials when they access AWS websites or services.

(18)

AWS supports a range of both virtual and hardware devices for MFA authentication. The example that's documented here is a virtual MFA device that's enabled by a smartphone application. For more information on MFA device options, see Using multi-factor authentication (MFA) in AWS in the IAM User Guide.

Step 1: Creating an IAM role to delegate access to IAM users

This task uses role delegation to allow an IAM to delegate permissions to an IAM user. First, you deﬁne an IAM role that requires signing in with MFA. You also attach policies to that role that grant permissions to access speciﬁc AWS services. Next, you create an IAM user that has no permissions to start with. But you then attach to that user a policy that includes the AssumeRole operation, which delegates all the role's permissions to the user.

1. Go to the IAM console at https://console.aws.amazon.com/iam.

2. Choose Roles in the navigation bar, and then choose Create Role.

3. In the Create role page, choose Another AWS account.

4. Enter your required Account ID and mark the Require MFA check box.

NoteTo ﬁnd your 12-digit account number (ID), go to the navigation bar in the console, and then choose Support, Support Center.

5. Choose Next: Permissions.

6. Attach existing policies to your role or create a new policy for it. The policies that you choose on this page determine which AWS services the IAM user can access with the Toolkit.

7. After attaching policies, choose Next: Tags for the option of adding IAM tags to your role. Then choose Next: Review to continue.

8. In the Review page, enter a required Role name (toolkit-role, for example). You can also add an optional Role description.

9. Choose Create role.

10. When the conﬁrmation message displays ("The role toolkit-role has been created", for example), choose the name of the role in the message.

11. In the Summary page, choose the copy icon to copy the Role ARN and paste it into a ﬁle. (You need this ARN when conﬁguring the IAM user to assume the role.).

Step 2: Creating an IAM user that assumes the role's permissions

In this step, you ﬁrst create the IAM user without permissions. Then you create an in-line policy that allows the user to assume the role (and that role's permissions) that you created in the previous step.

To create the IAM user

1. Go to the IAM console at https://console.aws.amazon.com/iam.

2. Choose Users in the navigation bar and then choose Add user.

3. In the Add user page, enter a required User name (toolkit-user, for example) and mark the Programmatic access check box.

4. Choose Next: Permissions, Next: Tags, and Next: Review to move through the next pages. You're not adding permissions at this stage because the user is going to assume the role's permissions.

5. In the Review page, you're informed that This user has no permissions. Choose Create user.

6. In the Success page, choose Download .csv to download the file containing the access key ID and secret access key. (You need both when defining the user's profile in the credentials file.)

7. Choose Close.

(19)

displayed in Account and Role name with path.

7. Choose Add.

8. Back in the Create policy page, choose Specify request conditions (optional), mark the MFA required check box, and then choose close to conﬁrm..

9. Choose Review policy

10. In Review policy page, enter a Name for the policy, and then choose Create policy.

The Permissions tab displays the new inline policy attached directly to IAM user.

Step 3: Managing a virtual MFA device for the IAM user

1. Download and install a virtual MFA application to your smartphone.

For a list of supported applications, see the Multi-factor Authentication resource page.

2. In the IAM console, choose Users from the navigation bar and then choose the user that's assuming a role (toolkit-user, in this case).

3. In the Summary page, choose the Security credentials tab, and for Assigned MFA device choose Manage.

4. In the Manage MFA device pane, choose Virtual MFA device, and then choose Continue.

5. In the Set up virtual MFA device pane, choose Show QR code and then scan the code using the virtual MFA application that you installed on your smartphone.

6. After you scan the QR code, the virtual MFA application generates one-time MFA codes. Enter two consecutive MFA codes in MFA code 1 and MFA code 2.

7. Choose Assign MFA.

8. Back in the Security credentials tab for the user, copy the ARN of the new Assigned MFA device.

The ARN includes your 12-digit account ID and the format is similar to the following:

arn:aws:iam::123456789012:mfa/toolkit-user. You need this ARN when deﬁning the MFA proﬁle in the next step.

Step 4: Creating proﬁles to allow MFA

In this step, you create the proﬁles that allow users of the Toolkit for Visual Studio to use MFA when accessing AWS services.

The proﬁles that you create include three pieces of information that you've copied and stored during the previous steps:

• Access keys (access key ID and secret access key) for the IAM user

(20)

• ARN of the role that's delegating permissions to the IAM user

• ARN of the virtual MFA device that's assigned to the IAM user

In the AWS shared credential ﬁle or SDK Store that contain your AWS credentials, add the following entries:

[toolkit-user]

aws_access_key_id = AKIAIOSFODNN7EXAMPLE

aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY [mfa]

source_profile = toolkit-user

role_arn = arn:aws:iam::111111111111:role/toolkit-role mfa_serial = arn:aws:iam::111111111111:mfa/toolkit-user

There are two proﬁles deﬁned in the example provided:

• [toolkit-user] proﬁle includes the access key and secret access key that were generated and saved when you created the IAM user in Step 2.

• [mfa] proﬁle deﬁnes how multi-factor authentication is supported. There are three entries:

◦ source_profile: Specifies the profile whose credentials are used to assume the role specified by this role_arn setting in this profile. In this case, it's the toolkit-user profile.

◦ role_arn: Speciﬁes the Amazon Resource Name (ARN) of the IAM role that you want to use to perform operations requested using this proﬁle. In this case, it's the ARN for the role you created in Step 1.

◦ mfa_serial: Speciﬁes the identiﬁcation or serial number of the MFA device that the user must use when assuming a role. In this case, it's the ARN of the virtual device you set up in Step 3.

Using external credentials

If you have a method to generate or look up credentials that isn't directly supported by AWS, you can add to the shared credentials file a profile that contains the credential_process setting. This setting specifies an external command that's run to generate or retrieve authentication credentials to use. For example, you might include an entry similar to the following in the config file:

[profile developer]

credential_process = /opt/bin/awscreds-custom --username helen

For more information on using external credentials and the associated security risks, see Sourcing credentials with an external process in the AWS Command Line Interface User Guide.

Using the Toolkit for Visual Studio

Proﬁles and Toolkit for Visual Studio Window Binding

The AWS Explorer window is bound to a single proﬁle and region at a time.

• Windows opened from the AWS Explorer use the current bound proﬁle and region. Once the window is

(21)

(22)

Working with AWS Services

AWS Explorer gives you a view of, and allows you to manipulate, multiple Amazon Web Services

simultaneously. This section provides information about how to access and use the AWS Explorer view in Visual Studio.

It assumes that you've already installed the Toolkit for Visual Studio on your system.

Topics

• Managing Amazon EC2 Instances (p. 17)

• Managing Amazon ECS Instances (p. 27)

• Managing Security Groups from AWS Explorer (p. 28)

• Create an AMI from an Amazon EC2 Instance (p. 31)

• Setting Launch Permissions on an Amazon Machine Image (p. 32)

• Amazon Virtual Private Cloud (VPC) (p. 33)

• Deployment Using the AWS Toolkit (p. 37)

• Using the AWS CloudFormation Template Editor for Visual Studio (p. 92)

• Using Amazon S3 from AWS Explorer (p. 99)

• Using DynamoDB from AWS Explorer (p. 106)

• Using AWS CodeCommit with Visual Studio Team Explorer (p. 112)

• Using CodeArtifact in Visual Studio (p. 118)

• Amazon RDS from AWS Explorer (p. 119)

• Using Amazon SimpleDB from AWS Explorer (p. 130)

• Using Amazon SQS from AWS Explorer (p. 131)

• Identity and Access Management (p. 134)

• Using the AWS Lambda Templates in the AWS Toolkit for Visual Studio (p. 142)

• Deploying an AWS Lambda Project with the .NET Core CLI (p. 173)

Managing Amazon EC2 Instances

AWS Explorer provides detailed views of Amazon Machine Images (AMI) and Amazon Elastic Compute Cloud (Amazon EC2) instances. From these views, you can launch an Amazon EC2 instance from an AMI, connect to that instance, and either stop or terminate the instance, all from inside the Visual Studio development environment. You can use the instances view to create AMIs from your instances. For more information, see Create an AMI from an Amazon EC2 Instance (p. 31).

The Amazon Machine Images and Amazon EC2 Instances Views

From AWS Explorer, you can display views of Amazon Machine Images (AMIs) and Amazon EC2 instances.

In AWS Explorer, expand the Amazon EC2 node.

To display the AMIs view, on the ﬁrst subnode, AMIs, open the context (right-click) menu and then choose View.

(23)

Show/Hide Columns

You can also choose the Show/Hide drop-down at the top of the view to conﬁgure which columns are displayed. Your choice of columns will persist if you close the view and reopen it.

Show/Hide Columns UI for AMI and Instances views Tagging AMIs, Instances, and Volumes

You can also use the Show/Hide drop-down list to add tags for AMIs, Amazon EC2 instances, or volumes you own. Tags are name-value pairs that enable you to attach metadata to your AMIs, instances, and volumes. Tag names are scoped both to your account and also separately to your AMIs and instances. For example, there would be no conﬂict if you used the same tag name for your AMIs and your instances. Tag names are not case-sensitive.

For more information about tags, go to Using Tags in the Amazon EC2 User Guide for Linux Instances.

To add a tag

1. In the Add box, type a name for the tag. Choose the green button with the plus sign (+), and then choose Apply.

(24)

Add a tag to an AMI or Amazon EC2 instance

The new tag is displayed in italic, which indicates no values have yet been associated with that tag.

In the list view, the tag name appears as a new column. When at least one value has been associated with the tag, the tag will be visible in the AWS Management Console.

2. To add a value for the tag, double-click a cell in the column for that tag, and type a value. To delete the tag value, double-click the cell and delete the text.

If you clear the tag in the Show/Hide drop-down list, the corresponding column disappears from the view. The tag is preserved, along with any tag values associated with AMIs, instances, or volumes.

NoteIf you clear a tag in the Show/Hide drop-down list that has no associated values, the AWS Toolkit will delete the tag entirely. It will no longer appear in the list view or in the Show/

Hide drop-down list. To use that tag again, use the Show/Hide dialog box to re-create it.

Launching an Amazon EC2 Instance

AWS Explorer provides all of the functionality required to launch an Amazon EC2 instance. In this section, we'll select an Amazon Machine Image (AMI), conﬁgure it, and then start it as an Amazon EC2 instance.

To launch a Windows Server Amazon EC2 instance

1. At the top of the AMIs view, in the drop-down list on the left, choose Amazon Images. In the drop- down list on the right, choose Windows. In the ﬁlter box, type ebs for Elastic Block Storage. It may take a few moments for the view to be refreshed.

2. Choose an AMI in the list, open the context (right-click) menu, and then choose Launch Instance. .

(25)

AMI list

3. In the Launch New Amazon EC2 Instance dialog box, conﬁgure the AMI for your application.

Instance Type

Choose the type of the EC2 instance to launch. You can ﬁnd a list of instance types and pricing information on the EC2 Pricing page.

Name

Type a name for your instance. This name cannot be more than 256 characters.

Key Pair

A key pair is used to obtain the Windows password that you use to log in to the EC2 instance using Remote Desktop Protocol (RDP). Choose a key pair for which you have access to the private key, or choose the option to create a key pair. If you create the key pair in the Toolkit, the Toolkit can store the private key for you.

Key pairs stored in the Toolkit are encrypted. you can ﬁnd them at %LOCALAPPDATA%

\AWSToolkit\keypairs (typically: C:\Users\<user>\AppData\Local\AWSToolkit

\keypairs). You can export the encrypted key pair into a .pem ﬁle.

a. In Visual Studio, select View and click AWS Explorer.

b. Click on Amazon EC2 and select Key Pairs.

c. The key pairs will be listed, and those created/managed by the Toolkit marked as Stored in AWSToolkit.

d. Right click on the key pair you created and select Export Private Key. The private key will be unencrypted and stored in the location you specify.

Security Group

The security group controls the type of network traﬃc the EC2 instance will accept. Choose a security group that will allow incoming traﬃc on port 3389, the port used by RDP, so that you can connect to the EC2 instance. For information about how to use the Toolkit to create security groups, see Managing Security Groups from AWS Explorer (p. 28).

Instance Proﬁle

The instance profile is a logical container for an IAM role. When you choose an instance profile, you associate the corresponding IAM role with the EC2 instance. IAM roles are configured with

(26)

permissions speciﬁed by the IAM role. This enables the application software to run without having to specify any AWS credentials of its own, which makes the software more secure. For more information about IAM roles, go to the IAM User Guide.

EC2 Launch AMI dialog box 4. Choose Launch.

In AWS Explorer, on the Instances subnode of Amazon EC2, open the context (right-click) menu and then choose View. The AWS Toolkit displays the list of Amazon EC2 instances associated with the active account. You may need to choose Refresh to see your new instance. When the instance ﬁrst appears, it may be in a pending state, but after a few moments, it transitions to a running state.

(27)

Connecting to an Amazon EC2 Instance

You can use Windows Remote Desktop to connect to a Windows Server instance. For authentication, the AWS Toolkit enables you to retrieve the administrator password for the instance, or you can simply use the stored key pair associated with the instance. In the following procedure, we'll use the stored key pair.

To connect to a Windows Server instance using Windows Remote Desktop

1. In the EC2 instance list, right-click the Windows Server instance to which you want to connect. From the context menu, choose Open Remote Desktop.

If you want to authenticate using the administrator password, you would choose Get Windows Passwords.

(28)

EC2 Instance context menu

2. In the Open Remote Desktop dialog box, choose Use EC2 keypair to log on, and then choose OK.

If you did not store a key pair with the AWS Toolkit, specify the PEM ﬁle that contains the private key.

Open Remote Desktop dialog box

3. The Remote Desktop window will open. You do not need to sign in because authentication occurred

(29)

Password not yet available

The following screenshot shows a user connected as administrator through Remote Desktop.

Remote Desktop

(30)

Ending an Amazon EC2 Instance

Using the AWS Toolkit, you can stop or terminate a running Amazon EC2 instance from Visual Studio.

To stop the instance, the EC2 instance must be using an Amazon EBS volume. If the EC2 instance is not using an Amazon EBS volume, then your only option is to terminate the instance.

If you stop the instance, data stored on the EBS volume is retained. If you terminate the instance, all data stored on the local storage device of the instance will be lost. In either case, stop or terminate, you will not continue to be charged for the EC2 instance. However, if you stop an instance, you will continue to be charged for the EBS storage that persists after the instance is stopped.

Another possible way to end an instance is to use Remote Desktop to connect to the instance, and then from the Windows Start menu, use Shutdown. You can conﬁgure the instance to either stop or terminate in this scenario.

To stop an Amazon EC2 instance

1. In AWS Explorer, expand the Amazon EC2 node, open the context (right-click) menu for Instances, and then choose View. In the Instances list, right-click the instance you want to stop and choose Stop from the context menu. Choose Yes to conﬁrm you want to stop the instance.

2. At the top of the Instances list, choose Refresh to see the change in the status of the Amazon EC2 instance. Because we stopped rather than terminated the instance, the EBS volume associated with the instance is still active.

(31)

To specify the behavior of an EC2 instance at shutdown

The AWS Toolkit enables you to specify whether an Amazon EC2 instance will stop or terminate if Shutdown is selected from the Start menu.

1. In the Instances list, right-click an Amazon EC2 instance, and then choose Change shutdown behavior.

Change Shutdown Behavior menu item

(32)

2. In the Change Shutdown Behavior dialog box, from the Shutdown Behavior drop-down list, choose Stop or Terminate.

Managing Amazon ECS Instances

AWS Explorer provides detailed views of Amazon Elastic Container Service (Amazon ECS) clusters and container repositories. You can create, delete and manage cluster and container details from within the Visual Studio development environment.

Modifying service properties

You can view service details, service events and service properties from the cluster view.

1. In AWS Explorer, open the context (right-click) menu for the cluster to manage, and then choose View.

2. In the ECS Cluster view, click Services on the left, and then click the Details tab in the details view.

You can click Events to see event messages and Deployments to deployment status.

3. Click Edit. You can change the desired task count and the minimum and maximum healthy percent.

4. Click Save to accept changes or Cancel to revert to existing values.

Stopping a task

You can see the current status of tasks and stop one or more tasks in the cluster view.

To stop a task

1. In AWS Explorer, open the context (right-click) menu for the cluster with tasks you wish to stop, and then choose View.

2. In the ECS Cluster view, click Tasks on the left.

3. Make sure Desired Task Status is set to Running. Choose the individual tasks to stop and then click Stop or click Stop All to select and stop all running tasks.

4. In the Stop Tasks dialog box, choose Yes.

Deleting a service

You can delete services from a cluster from the cluster view.

To delete a cluster service

(33)

To delete a cluster

1. In AWS Explorer, open the context (right-click) menu for the cluster you want to delete under the Clusters node of Amazon ECS, and then choose Delete.

2. In the Delete Cluster dialog box, choose OK. When the cluster is deleted, it will be removed from the AWS Explorer.

Creating a repository

You can create an Amazon Elastic Container Registry repository from AWS Explorer.

To create a repository

1. In AWS Explorer, open the context (right-click) menu of the Repositories node under Amazon ECS, and then choose Create Repository.

2. In the Create Repository dialog box, provide a repository name and then choose OK.

Deleting a repository

You can delete an Amazon Elastic Container Registry repository from AWS Explorer.

To delete a repository

1. In AWS Explorer, open the context (right-click) menu of the Repositories node under Amazon ECS, and then choose Delete Repository.

2. In the Delete Repository dialog box, you can choose to delete the repository even if it contains images. Otherwise, it will only be deleted if it is empty. Click Yes.

Managing Security Groups from AWS Explorer

The Toolkit for Visual Studio enables you to create and conﬁgure security groups to use with Amazon Elastic Compute Cloud (Amazon EC2) instances and AWS CloudFormation. When you launch Amazon EC2 instances or deploy an application to AWS CloudFormation, you specify a security group to associate with the Amazon EC2 instances. (Deployment to AWS CloudFormation creates Amazon EC2 instances.)

A security group acts like a firewall on incoming network traffic. The security group specifies which types of network traffic are allowed on an Amazon EC2 instance. It can also specify that incoming traffic will be accepted from certain IP addresses only or from specified users or other security groups only.

(34)

Creating a Security Group

In this section, we'll create a security group. After it has been created, the security group will not have any permissions conﬁgured. Conﬁguring permissions is handled through an additional operation.

To create a security group

1. In AWS Explorer, under the Amazon EC2 node, open the context (right-click) menu on the Security Groups node, and then choose View.

2. On the EC2 Security Groups tab, choose Create Security Group.

3. In the Create Security Group dialog box, type a name and description for the security group, and then choose OK.

Adding Permissions to Security Groups

In this section, we'll add permissions to the security group to allow web traﬃc through the HTTP and HTTPS protocols. We'll also allow other computers to connect by using Windows Remote Desktop Protocol (RDP).

To add permissions to a security group

1. On the EC2 Security Groups tab, choose a security group and then choose the Add Permission button.

2. In the Add IP Permission dialog box, choose the Protocol, Port and Network radio button, and then from the Protocol drop-down list, choose HTTP. The port range automatically adjusts to port 80, the default port for HTTP. The Source CIDR field defaults to 0.0.0.0/0, which specifies that HTTP network traffic will be accepted from any external IP address. Choose OK.

(35)

Open port 80 (HTTP) for this security group

3. Repeat this process for HTTPS and RDP. Your security groups permissions should now look like the following.

You can also set permissions in the security group by specifying a user ID and security group name.

In this case, Amazon EC2 instances in this security group will accept all incoming network traﬃc from Amazon EC2 instances in the speciﬁed security group. You must also specify the user ID as a way to disambiguate the security group name; security group names are not required to be unique across all of AWS. For more information about security groups, go to the EC2 documentation.

(36)

Create an AMI from an Amazon EC2 Instance

From the Amazon EC2 Instances view, you can create Amazon Machine Images (AMIs) from either running or stopped instances.

To create an AMI from an instance

1. Right-click the instance you want to use as the basis for your AMI, and choose Create Image from the context menu.

Create Image context menu

2. In the Create Image dialog box, type a unique name and description, and then choose Create Image.

By default, Amazon EC2 shuts down the instance, takes snapshots of any attached volumes, creates and registers the AMI, and then reboots the instance. Choose No rebootif you don't want your instance to be shut down.

Warning

If you choose No reboot, we can't guarantee the ﬁle system integrity of the created image.

(37)

Create Image dialog box

It may take a few minutes for the AMI to be created. After it is created, it will appear in the AMIs view in AWS Explorer. To display this view, double-click the Amazon EC2 | AMIs node in AWS Explorer. To see your AMIs, from the Viewing drop-down list, choose Owned By Me. You may need to choose Refresh to see your AMI. When the AMI ﬁrst appears, it may be in a pending state, but after a few moments, it transitions to an available state.

List of created AMIs

Setting Launch Permissions on an Amazon Machine Image

You can set launch permissions on your Amazon Machine Images (AMIs) from the AMIs view in AWS Explorer. You can use the Set AMI Permissions dialog box to copy permissions from AMIs.

To set permissions on an AMI

1. In the AMIs view in AWS Explorer, open the context (right-click) menu on an AMI, and then choose Edit Permission.

(38)

2. There are three options available in the Set AMI Permissions dialog box:

• To give launch permission, choose Add, and type the account number for the AWS user to whom you are giving launch permission.

• To remove launch permission, choose the account number for the AWS user from whom you are removing launch permission, and choose Remove.

• To copy permissions from one AMI to another, choose an AMI from the list, and choose Copy from.

The users who have launch permissions on the AMI you chose will be given launch permissions on the current AMI. You can repeat this process with other AMIs in the Copy-from list to copy permissions from multiple AMIs into the target AMI.

The Copy-from list contains only those AMIs owned by the account that was active when the AMIs view was displayed from AWS Explorer. As a result, the Copy-from list might not display any AMIs if no other AMIs are owned by the active account.

Copy AMI permissions dialog box

Amazon Virtual Private Cloud (VPC)

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services resources into a virtual network you've deﬁned. This virtual network resembles a traditional network that you'd operate in your own data center, with the beneﬁts of using the scalable infrastructure of AWS. For more information, go to the Amazon VPC User Guide.

The Toolkit for Visual Studio enables a developer to access VPC functionality similar to that exposed by the AWS Management Console but from the Visual Studio development environment. The Amazon VPC node of AWS Explorer includes subnodes for the following areas.

• VPCs

• Subnets

(39)

enable instances in the private subnet to communicate with the public internet. The two subnets must reside in the same Availability Zone (AZ).

This is the minimal VPC conﬁguration required to deploy an AWS Elastic Beanstalk environment in a VPC.

In this scenario, the Amazon EC2 instances that host your application reside in the private subnet; the Elastic Load Balancing load balancer that routes incoming traﬃc to your application resides in the public subnet.

For more information about network address translation (NAT), go to NAT Instances in the Amazon Virtual Private Cloud User Guide. For an example of how to conﬁgure your deployment to use a VPC, see Deploying to Elastic Beanstalk (p. 42).

To create a public-private subnet VPC

1. In the Amazon VPC node in AWS Explorer, open the VPCs subnode, then choose Create VPC.

2. Conﬁgure the VPC as follows:

• Type a name for your VPC.

• Select the With Public Subnet and the With Private Subnet check boxes.

• From the Availability Zone drop-down list box for each subnet, choose an Availability Zone. Be sure to use the same AZ for both subnets.

• For the private subnet, in NAT Key Pair Name, provide a key pair. This key pair is used for the Amazon EC2 instance that performs network address translation from the private subnet to the public Internet.

• Select the Conﬁgure default security group to allow traﬃc to NAT check box.

Type a name for your VPC. Select the With Public Subnet and the With Private Subnet check boxes.

From the Availability Zone drop-down list box for each subnet, choose an Availability Zone. Be sure

(40)

to use the same AZ for both subnets. For the private subnet, in NAT Key Pair Name, provide a key pair.

This key pair is used for the Amazon EC2 instance that performs network address translation from the private subnet to the public Internet. Select the Conﬁgure default security group to allow traﬃc to NAT check box.

Choose OK.

You can view the new VPC in the VPCs tab in AWS Explorer.

The NAT instance might take a few minutes to launch. When it is available, you can view it by expanding the Amazon EC2 node in AWS Explorer and then opening the Instances subnode.

(41)

The Toolkit populates the dialog box with information only from VPCs that were created in the Toolkit, not from VPCs created using the AWS Management Console. This is because when the Toolkit creates a VPC, it tags the components of the VPC so that it can access their information.

The following screenshot from the Deployment Wizard shows an example of a dialog box populated with values from a VPC created in the Toolkit.

To delete a VPC

To delete the VPC, you must ﬁrst terminate any Amazon EC2 instances in the VPC.

(42)

1. If you have deployed an application to an AWS Elastic Beanstalk environment in the VPC, delete the environment. This will terminate any Amazon EC2 instances hosting your application along with the Elastic Load Balancing load balancer.

If you attempt to directly terminate the instances hosting your application without deleting the environment, the Auto Scaling service will automatically create new instances to replace the deleted ones. For more information, go to the Auto Scaling Developer Guide.

2. Delete the NAT instance for the VPC.

You do not need to delete the Amazon EBS volume associated with the NAT instance in order to delete the VPC. However, if you do not delete the volume, you will continue to be charged for it even if you delete the NAT instance and the VPC.

3. On the VPC tab, choose the Delete link to delete the VPC.

4. In the Delete VPC dialog box, choose OK.

Deployment Using the AWS Toolkit

The Toolkit for Visual Studio supports application deployment to AWS Elastic Beanstalk containers or AWS CloudFormation stacks.

(43)

containers.

For Elastic Beanstalk deployments, you must ﬁrst create a web deployment package. For more information, see How to: Create a Web Deployment Package in Visual Studio. For Amazon ECS deployment, you must have a Docker image. For more information, see Visual Studio Tools for Docker.

Topics

• Publish to AWS (preview feature) (p. 38)

• Deploying to Elastic Beanstalk (p. 42)

• Deploying to Amazon EC2 Container Service (p. 81)

Publish to AWS (preview feature)

Important

The Publish to AWS feature is currently available as a preview feature. If you encounter any issues, you can share your feedback using the AWS Publishing panel that's displayed when this preview feature is enabled.

The Publish to AWS feature is a new component of the Toolkit for Visual Studio that's designed to simplify your experience when publishing .NET applications to AWS. The interface assumes a minimal experience-level with AWS services and oﬀers convenient features, including one-click deployments.

Publish to AWS can also assist developers with the following:

• Recommending the best target for your application type

• Generating a Dockerﬁle, as required by the selected target

• Building and packaging your application, as required by the selected target

• Generating an IAM role and deployment infrastructure, as required by the selected target

You can also access the Publish to AWS feature from the .NET CLI. For more information, see AWS .NET deployment tool for the .NET CLI in the AWS SDK for .NET Developer Guide.

NoteThe Publish to AWS preview currently supports ASP.NET Core, NET console, and Blazor WebAssembly applications built with .NET Core 3.1 and above. Supported deployment targets currently include:

• Amazon Elastic Container Service (&ECS;) using AWS Fargate target engine

• AWS App Runner

(44)

• AWS Elastic Beanstalk

Prerequisites

Important

Accessing the preview version of the new publishing experience requires version 1.23.0.0 or later of the AWS Toolkit for Visual Studio Code. Also be aware that, even if your AWS Toolkit for Visual Studio Code is set for manual updates, you may need to manually download and install the latest update from the Manage Extensionsmenu.

To successfully publish .NET applications to an AWS service, also install the following to your local device:

• .NET Core 3.1 or .NET 5 (Both are available from the Microsoft download site)

• Node.js 12.x or later: Node.js is required to run AWS Cloud Development Kit (CDK), which deploys the application and all of its deployment infrastructure as a single project. (Node.js download site)

• (Optional) Docker is used when deploying to a container-based service such as Amazon ECS (Docker download site)

Enabling the Publish to AWS feature

If the Publish to AWS option is not available on the Solutions Explorer menu for your application, choose either Publish to AWS Elastic Beanstalk or Publish Container to AWS from the menu. This gives you the option of switching to the new publishing experience.

During the preview period, you can still access all of the existing deployment options after they have been re-enabled from the AWS Publishing panel.

To re-enable the previous AWS Toolkit for Visual Studio Code publishing features:

1. Navigate to the AWS Publishing panel.

2. In the top right-hand corner of the AWS Publishing panel, choose the option Re-enable previous publish experience.

3. Choose the Re-enable previous publishing experience option.

Deploy to a new target

The following procedure describes how to choose, conﬁgure, and publish to a deployment target for your .NET application.

1. Create or open one of the following project types in Visual Studio:

(45)

The Publish to AWS wizard displays the AWS services that are available for application deployment.

4. In the Publish to AWS wizard, choose New target to create a new deployment.

5. Next, choose an AWS service (Elastic Beanstalk or App Runner, for example) to manage the deployment of your application.

(46)

6. Choose Publish to start the deployment process.

NoteYou can modify the default deployment conﬁguration by choosing Edit publish settings.

The Publish to AWS wizard displays information about how the deployment is progressing.

Deployment times vary and can take several minutes.

After your application has been successfully deployed to its publication target, the Publish to AWS wizard displays a check mark. In the resources panel, you can click a link to access information about the AWS CloudFormation stack that was created. You can connect to any running instances associated with the stack or even delete the stack.

The resources panel also displays the application endpoint, which you can copy by choosing the clipboard icon next to Created resources.

Redeploy to an existing target

If you make changes to your codebase, you can easily republish the modiﬁed .NET application to an existing deployment target.

1. In AWS Explorer, choose the AWS Region you want to deploy your application to.

2. In the Solutions Explorer pane for the project, right-click the project's name and choose Publish to AWS.

The Publish to AWS wizard displays the AWS services that are available for application deployment.

3. Choose Existing target to display the applications that you've previously published to the AWS Cloud.

(47)

4. Select a previous deployment, and then choose Publish to update it with your newest application.

Deploying to Elastic Beanstalk

Important

The new Publish to AWS feature is designed to simplify how you publish .NET applications to AWS. You may be asked if you want to switch to this publishing experience after you choose Publish to AWS Elastic Beanstalk. For more information, see Publish to AWS (preview feature) (p. 38).

AWS Elastic Beanstalk is a service that simpliﬁes the process of provisioning AWS resources for your application. Elastic Beanstalk provides all of the AWS infrastructure required to deploy your application.

This infrastructure includes:

• Amazon EC2 instances that host the executables and content for your application.

• An Auto Scaling group to maintain the appropriate number of Amazon EC2 instances to support your application.

• An Elastic Load Balancing load balancer that routes incoming traﬃc to the Amazon EC2 instance with the most bandwidth.

The Toolkit for Visual Studio provides a wizard that simpliﬁes publishing applications through Elastic Beanstalk. This wizard is described in the following sections.

For more information about Elastic Beanstalk, go to the Elastic Beanstalk documentation.

Topics

• Deploy a Traditional ASP.NET Application to Elastic Beanstalk (p. 43)

• Deploying an ASP.NET Core Application to Elastic Beanstalk (p. 51)

• How to Specify the AWS Security Credentials for Your Application (p. 53)

• How to Republish Your Application to an Elastic Beanstalk Environment (p. 53)

• Custom Elastic Beanstalk Application Deployments (p. 55)

• Custom ASP.NET Core Elastic Beanstalk Deployments (p. 56)

• Multiple Application Support for .NET and Elastic Beanstalk (p. 59)

• Deploying to Elastic Beanstalk (Legacy) (p. 61)

• Deploying to AWS CloudFormation (Legacy) (p. 72)

(48)

Deploy a Traditional ASP.NET Application to Elastic Beanstalk

This section describes how to use the Publish to Elastic Beanstalk wizard, provided as part of the Toolkit for Visual Studio, to deploy an application through Elastic Beanstalk. To practice, you can use an instance of a web application starter project that is built in to Visual Studio or you can use your own project.

NoteThis topic describes using the wizard to deploy traditional ASP.NET applications. The wizard also supports deploying ASP.NET Core applications. For information about ASP.NET Core, see Deploying an ASP.NET Core Application to Elastic Beanstalk (p. 51).

NoteBefore you can use the Publish to Elastic Beanstalk wizard, you must download and install Web Deploy. The wizard relies on Web Deploy to deploy web applications and websites to Internet Information Services (IIS) web servers.

To create a sample web application starter project

1. In Visual Studio, from the File menu, choose New, and then choose Project.

2. In the navigation pane of the New Project dialog box, expand Installed, expand Templates, expand Visual C#, and then choose Web.

3. In the list of web project templates, choose any template containing the words Web and Application in its description. For this example, choose ASP.NET Web Forms Application.

4. In the Name box, type AEBWebAppDemo.

5. In the Location box, type the path to a solution folder on your development machine or choose Browse, and then browse to and choose a solution folder, and choose Select Folder.

6. Conﬁrm the Create directory for solution box is selected. In the Solution drop-down list, conﬁrm Create new solution is selected, and then choose OK. Visual Studio will create a solution and project based on the ASP.NET Web Forms Application project template. Visual Studio will then display Solution Explorer where the new solution and project appear.

(49)

To deploy an application by using the Publish to Elastic Beanstalk wizard

1. In Solution Explorer, open the context (right-click) menu for the AEBWebAppDemo project folder for the project you created in the previous section, or open the context menu for the project folder for your own application, and choose Publish to AWS Elastic Beanstalk.

The Publish to Elastic Beanstalk wizard appears.

(50)

2. In Profile, from the Account profile to use for deployment drop-down list, choose the AWS account profile you want to use for the deployment.

Optionally, if you have an AWS account you want to use, but you haven't yet created an AWS account proﬁle for it, you can choose the button with the plus symbol (+) to add an AWS account proﬁle.

3. From the Region drop-down list, choose the region to which you want Elastic Beanstalk to deploy the application.

4. In Deployment Target, you can choose either Create a new application environment to perform an initial deployment of an application or Redeploy to an existing environment to redeploy a previously deployed application. (The previous deployments may have been performed with either the wizard or the deprecated Standalone Deployment Tool.) If you choose Redeploy to an existing environment, there may be a delay while the wizard retrieves information from previous deployments that are currently running.

Note

If you choose Redeploy to an existing environment, choose an environment in the list, and then choose Next, the wizard will take you directly to the Application Options page. If you go this route, skip ahead to the instructions later in this section that describe how to use the Application Options page.

5. Choose Next.

(51)

6. On the Application Environment page, in the Application area, the Name drop-down list proposes a default name for the application. You can change the default name by choosing a diﬀerent name from the drop-down list.

7. In the Environment area, in the Name drop-down list, type a name for your Elastic Beanstalk environment. In this context, the term environment refers to the infrastructure Elastic Beanstalk provisions for your application. A default name may already be proposed in this drop-down list. If a default name is not already proposed, you can type one or choose one from the drop-down list, if any additional names are available. The environment name cannot be longer than 23 characters.

8. In the URL area, the box proposes a default subdomain of .elasticbeanstalk.com that will be the URL for your web application. You can change the default subdomain by typing a new subdomain name.

9. Choose Check availability to make sure the URL for your web application is not already in use.

10.If the URL for your web application is okay to use, choose Next.