def get_aws_tags(self) -> List[dict]:
"""
return only the tags that are defined as part of a model config, and have been explicitly set, in AWS tag format
"""
return AWSTag.to_tags(
{i: self.tags[i]
for i in self.tags if i in self.TAGS})
def _create_filter(self) -> str:
# create filter and return the filter id
filter_response = self.ec2_client.create_traffic_mirror_filter(
Description=self._filter_description,
TagSpecifications=[{
"ResourceType":
"traffic-mirror-filter",
"Tags":
AWSTag.to_tags({AWSTag.NAME_KEY: self._filter_name}),
}],
)
filter_id = filter_response["TrafficMirrorFilter"][
"TrafficMirrorFilterId"]
# tap dns
self.ec2_client.modify_traffic_mirror_filter_network_services(
TrafficMirrorFilterId=filter_id,
AddNetworkServices=['amazon-dns'],
)
# create filter rules
for direction in ["ingress", "egress"]:
for rule, cidr in zip([100, 200], ["0.0.0.0/0", "::/0"]):
self.ec2_client.create_traffic_mirror_filter_rule(
TrafficMirrorFilterId=filter_id,
TrafficDirection=direction,
RuleNumber=rule,
RuleAction="accept",
DestinationCidrBlock=cidr,
SourceCidrBlock=cidr,
Description=VENDOR + " " + direction + " rule",
)
return filter_id
def list_subnets(self) -> Iterable[Subnet_Props]:
subnets = self.ec2_client.describe_subnets(
Filters=[{
"Name": "vpc-id",
"Values": self.vpc_ids
}])
for subnet in subnets["Subnets"]:
tags = AWSTag.to_dict(subnet.get(AWSTag.TAGS_KEY))
yield Subnet_Props(subnet["SubnetId"], tags.get(AWSTag.NAME_KEY),
subnet["SubnetArn"],
subnet["AvailabilityZoneId"])
def create(self, nlb_or_eni_arn: str) -> str:
# create the target (of the mirroring)
kwargs = {
"Description":
VENDOR + "TrafficMirror",
"TagSpecifications": [{
'ResourceType':
'traffic-mirror-target',
'Tags':
AWSTag.to_tags({AWSTag.NAME_KEY: VENDOR + 'NLBTarget'})
}],
}
if "elasticloadbalancing" in nlb_or_eni_arn:
kwargs["NetworkLoadBalancerArn"] = nlb_or_eni_arn
else:
kwargs["NetworkInterfaceId"] = nlb_or_eni_arn
response = self.ec2_client.create_traffic_mirror_target(**kwargs)
return response["TrafficMirrorTarget"]["TrafficMirrorTargetId"]
def discover(self) -> Generator[Spile, None, None]:
""" find all the nitro instances and return a Spile if so"""
paginator = self.ec2_client.get_paginator("describe_instances")
filters = [{"Name": "instance-type", "Values": self.FOREST_SPECIES}]
if self.vpc_ids:
filters.append({"Name": "vpc-id", "Values": self.vpc_ids})
page_iterator = paginator.paginate(Filters=filters)
for page in page_iterator:
for garbo in page["Reservations"]:
for instance in garbo["Instances"]:
instance_id = instance["InstanceId"]
tags = AWSTag.to_dict(instance.get(AWSTag.TAGS_KEY))
for interface in instance["NetworkInterfaces"]:
yield Spile(
ec2_client=self.ec2_client,
eni_tag=ENI_Tag(instance_id,
interface["NetworkInterfaceId"],
tags, instance["State"]["Name"]),
)
def list_mirror_targets(cls, region: str) -> Iterable[Mirror_Target_Props]:
response = cls._get_client(
region=region).describe_traffic_mirror_targets(
)['TrafficMirrorTargets']
for target in response:
tags = AWSTag.to_dict(target.get(AWSTag.TAGS_KEY))
# get the VPC_ID
if target['Type'] == cls.TARGET_NIC:
try:
vpc_id = cls._get_client(
region=region).describe_network_interfaces(
NetworkInterfaceIds=[
target['NetworkInterfaceId'],
])["NetworkInterfaces"][0]["VpcId"]
vpc_bound = True
except Exception as e:
if 'does not exist' in str(e):
id = target['TrafficMirrorTargetId']
logging.warning(
f'Invalid Instance Session Mirroring Target `{id}`, delete manually.'
)
continue
if target['Type'] == cls.TARGET_NLB:
try:
lb = boto3.client(
'elbv2', region_name=region).describe_load_balancers(
LoadBalancerArns=[
target['NetworkLoadBalancerArn']
], )['LoadBalancers'][0]
except Exception as e:
if 'or more load balancers not found' in str(e):
id = target['TrafficMirrorTargetId']
logging.warning(
f'Invalid NLB Session Mirroring Target `{id}`, delete manually.'
)
continue
raise
vpc_id = lb["VpcId"]
vpc_bound = True if lb.get("Schema") == "internal" else False
yield Mirror_Target_Props(target['TrafficMirrorTargetId'],
tags.get(AWSTag.NAME_KEY),
target['Type'], vpc_id, vpc_bound)
def list_vpcs(cls, region: str) -> Iterable[VPC_Props]:
vpcs = cls._get_client(region=region).describe_vpcs()
for vpc in vpcs["Vpcs"]:
tags = AWSTag.to_dict(vpc.get(AWSTag.TAGS_KEY))
yield VPC_Props(vpc["VpcId"], tags.get(AWSTag.NAME_KEY), tags)
def test_to_dict(self):
key = {'Key': 'Foo', 'Value': 'Bar'}
key_dict = AWSTag.to_dict([key])
self.assertEqual({'Foo': 'Bar'}, key_dict)
def test_delete_dict(self):
tags = {'Key': 'Foo'}
self.assertEqual({'Foo': AWSTag.Delete}, AWSTag.to_dict([tags]))
def test_delete_tag(self):
python_dict = {'Foo': AWSTag.Delete}
self.assertEqual([{'Key': 'Foo'}], AWSTag.to_tags(python_dict))
def test_to_tags(self):
python_dict = {'Foo': 'Bar'}
aws_tags = AWSTag.to_tags(python_dict)
self.assertEqual([{'Key': 'Foo', 'Value': 'Bar'}], aws_tags)
def test_to_dict_none(self):
key_dict = AWSTag.to_dict([])
self.assertEqual({}, key_dict)