def create_vpc(self, cidr_block='10.0.0.0/16'):
if 'Vpc' in self:
return 0
k, d = self.execute(ec2().create_vpc(CidrBlock=cidr_block))
self[k] = d
self.waiter(ec2().describe_vpcs(VpcIds=[d['VpcId']]), k)
self.save()
def delete_vpc(self):
try:
ec2().delete_vpc(VpcId=self['Vpc']['VpcId'])
del (self['Vpc'])
self.save()
except KeyError:
return 0
def delete_ip_allocations(self):
try:
for eipalloc_id in self['eipalloc']:
ec2().release_address(AllocationId=eipalloc_id)
del (self['eipalloc'])
self.save()
except KeyError:
return 0
def create_route_table(self, affinity_group=0):
rt_tags = [{'Key': 'affinity_group', 'Value': str(affinity_group)}]
k, d = self.execute(ec2().create_route_table(VpcId=self.get_vpc_id()))
k = 'RouteTables'
self.append_to_objs(k, d)
self.waiter(
ec2().describe_route_tables(RouteTableIds=[d['RouteTableId']]), k)
self.tag_resources([d['RouteTableId']], rt_tags)
self.save()
def delete_internet_gateway(self):
try:
igw_id = self['igw']
vpc_id = self['vpc']
ec2().detach_internet_gateway(InternetGatewayId=igw_id,
VpcId=vpc_id)
ec2().delete_internet_gateway(InternetGatewayId=igw_id)
del (self['igw'])
self.save()
except KeyError:
return 0
def delete_route_tables(self):
try:
for rt in self['RouteTables']:
for association in rt['Associations']:
ec2().disassociate_route_table(
AssociationId=association['RouteTableAssociationId'])
ec2().delete_route_table(RouteTableId=rt['RouteTableId'])
del (self['RouteTables'])
self.save()
except KeyError:
return 0
def create_subnet(self, affinity_group=0):
subnet_tags = [{'Key': 'affinity_group', 'Value': str(affinity_group)}]
az = self.get_next_az(affinity_group)
cidr = self.get_available_cidr_block()
k, d = self.execute(ec2().create_subnet(AvailabilityZone=az,
CidrBlock=cidr,
VpcId=self.get_vpc_id()))
k = 'Subnets'
self.append_to_objs(k, d)
self.waiter(ec2().describe_subnets(SubnetIds=[d['SubnetId']]), k)
self.tag_resources([d['SubnetId']], subnet_tags)
self.save()
def delete_nat_gateways(self):
try:
for ngw_id in self['nat_gateways']:
ec2().delete_nat_gateway(NatGatewayId=ngw_id)
print("Waiting for NAT Gateways to delete.")
while all(n != 'deleted' for n in [ngw['State'] for ngw in \
ec2().describe_nat_gateways(NatGatewayIds=self['nat_gateways'])\
['NatGateways']]):
pass
del (self['ngw'])
self.save()
except KeyError:
return 0
def get_next_az(self, affinity_group=0):
az_dict = {a['ZoneName']: 0 for a in \
ec2().describe_availability_zones()['AvailabilityZones']}
for az in [
a['AvailabilityZone'] for a in ec2().describe_subnets(
Filters=[{
'Name': 'vpc-id',
'Values': [self.get_vpc_id()]
}])['Subnets']
]:
az_dict[az] = az_dict[az] + 1
min_value = min(az_dict.values())
return next(k for k, v in az_dict.items() if v == min_value)
def revoke_security_group_policies(self):
control_sg_id, worker_sg_id, bastion_sg_id, alb_sg_id = self._get_security_groups(
)
for sg in [(control_sg_id, CONTROL_PLANE_INGRESS),
(worker_sg_id, WORKER_NODE_INGRESS),
(bastion_sg_id, BASTION_HOST_INGRESS),
(alb_sg_id, ALB_INGRESS)]:
with open(sg[1]) as f:
data = f.read()
ec2().revoke_security_group_ingress(
GroupId=sg[0],
IpPermissions=json.loads(
Template(data).render(bastion_sg_id=bastion_sg_id,
worker_sg_id=worker_sg_id,
control_sg_id=control_sg_id,
alb_sg_id=alb_sg_id)))
def delete_subnets(self):
try:
[
ec2().delete_subnet(SubnetId=s['SubnetId'])
for s in self['Subnets']
]
del (self['Subnets'])
self.save()
except KeyError:
return 0
def create_security_groups(self):
vpc_id = self.objs['vpc']
control_sg_id = ec2().create_security_group(
Description="EKSControlPlaneSecurityGroup",
GroupName="EKSControlPlaneSecurityGroup",
VpcId=vpc_id)['GroupId']
worker_sg_id = ec2().create_security_group(
Description="EKSWorkerNodeSecurityGroup",
GroupName="EKSWorkerNodeSecurityGroup",
VpcId=vpc_id)['GroupId']
bastion_sg_id = ec2().create_security_group(
Description='EKSBastionHostSecurityGroup',
GroupName='EKSBastionHostSecurityGroup',
VpcId=vpc_id)['GroupId']
alb_sg_id = ec2().create_security_group(
Description='EKSApplicationLoadBalancer',
GroupName='EKSApplicationLoadBalancerSecurityGroup',
VpcId=vpc_id)['GroupId']
for sg in [control_sg_id, worker_sg_id, bastion_sg_id, alb_sg_id]:
self._append_to_objs('sg', sg)
def create_nat_gateway(self, affinity_group=0):
eipalloc_id = self.create_ip_allocation()
subnet_id = self.get_af_subnets(affinity_group)[0]
ngw_id = ec2().create_nat_gateway(
AllocationId=eipalloc_id,
SubnetId=subnet_id)['NatGateway']['NatGatewayId']
self.save()
print("Waiting for Nat Gateway to become available.")
while ec2().describe_nat_gateways(NatGatewayIds=[ngw_id])\
['NatGateways'][0]['State'] != 'available':
pass
self.save()
self.append_to_objs('ngw', ngw_id)
self.tag_resources([subnet_id], [{
'Key': 'ngw_id',
'Value': ngw_id
}, {
'Key': 'ip_allocation_id',
'Value': eipalloc_id
}])
def _get_security_groups(self):
sgs = ec2().describe_security_groups(
GroupIds=self.objs['sg'])['SecurityGroups']
control_sg_id = next(sg['GroupId'] for sg in sgs \
if sg['GroupName'] == 'EKSControlPlaneSecurityGroup')
worker_sg_id = next(sg['GroupId'] for sg in sgs \
if sg['GroupName'] == 'EKSWorkerNodeSecurityGroup')
bastion_sg_id = next(sg['GroupId'] for sg in sgs \
if sg['GroupName'] == 'EKSBastionHostSecurityGroup')
alb_sg_id = next(sg['GroupId'] for sg in sgs \
if sg['GroupName'] == 'EKSApplicationLoadBalancerSecurityGroup')
return control_sg_id, worker_sg_id, bastion_sg_id, alb_sg_id
def create_internet_gateway(self, affinity_group=0):
igw_tags = [{'Key': 'affinity_group', 'Value': str(affinity_group)}]
k, d = self.execute(ec2().create_internet_gateway())
self[k] = d
waiter(
ec2().describe_internet_gateways(
InternetGatewayIds=[d[k]['InternetGatewayId']]), k)
ec2().attach_internet_gateway(InternetGatewayId=self['igw'],
VpcId=self.get_vpc_id())
rtb_id = self.get_af_rtb(affinity_group)
subnet_ids = [s['SubnetId'] for s in \
ec2().describe_subnets(SubnetIds=self['subnet'],
Filters=[{'Name': 'tag:affinity_group', 'Values': [str(affinity_group)]}])\
['Subnets']]
ec2().create_route(DestinationCidrBlock='0.0.0.0/0',
GatewayId=self['igw'],
RouteTableId=rtb_id)
self.save()
def associate_rt_subnet(self, affinity_group=0):
rtb_id = self.get_af_rtb(affinity_group)
for s in self.get_af_subnets(affinity_group):
ec2().associate_route_table(RouteTableId=rtb_id, SubnetId=s)
def tag_resources(self, resource_ids, tags):
r = ec2().create_tags(Resources=resource_ids, Tags=tags)
print(r)
def create_ip_allocation(self):
eipalloc_id = ec2().allocate_address(Domain='vpc')['AllocationId']
self.append_to_objs('eipalloc', eipalloc_id)
self.save()
return eipalloc_id
def delete_security_groups(self):
for sg in self.objs['sg']:
ec2().delete_security_group(GroupId=sg)
del (self.objs['sg'])