def get_account_identifier(profile, returnAlias=True): """ Returns account alias """ client = boto3_session(service='iam', profile=profile) alias = client.list_account_aliases()['AccountAliases'][0] if alias and returnAlias: return alias client = boto3_session(service='sts', profile=profile) return client.get_caller_identity()['Account']
def profile_securitygroups(profile, region=None): """ Profiles securitygroups in an aws account THIS IS BROKEN -- ONLY WORKS WHEN GIVEN region, LOOPING THRU REGIONS FAILS """ sgs = {} regions = [region] or get_regions() for rgn in regions: try: client = boto3_session('ec2', region=rgn, profile=profile) r = client.describe_security_groups()['SecurityGroups'] sgs[rgn] = [{ x['GroupId']: { 'Description': x['Description'], 'GroupName': x['GroupName'], 'VpcId': x['VpcId'] } } for x in r] except ClientError as e: stack = inspect.stack()[0][3] logger.warning( '{}: Unable to retrieve securitygroups for region {}. Error: {}' .format(stack, rgn, e)) continue return sgs
def get_account_identifier(profile, returnAlias=True): """ Summary: Returns account alias Args: :profile (str): profilename present in local awscli configuration :returnAlias (bool): when True (default), returns the account alias if one exists. If False, returns the AWS AccountId number (12 digit integer sequence) Returns: aws account alias (str) or aws account id number (str) """ client = boto3_session(service='iam', profile=profile) alias = client.list_account_aliases()['AccountAliases'][0] if alias and returnAlias: return alias client = boto3_session(service='sts', profile=profile) return client.get_caller_identity()['Account']
def windows(profile, os, region=None, detailed=False, debug=False): """ Return latest current Microsoft Windows Server AMI for each region Args: :profile (str): profile_name :region (str): if supplied as parameter, only the ami for the single region specified is returned Returns: amis, TYPE: list: container for metadata dict for most current instance in region "Name": "Windows_Server-2016-English-Full-Base-2018.07.11" """ if os == '2012': filter_criteria = 'Windows_Server-%s-R2*English*Base*' % os else: filter_criteria = 'Windows_Server*%s*English*Base*' % os amis, metadata = {}, {} if region: regions = [region] else: regions = get_regions(profile=profile) # retrieve ami for each region in list for region in regions: try: client = boto3_session(service='ec2', region=region, profile=profile) r = client.describe_images( Owners=[MICROSOFT], Filters=[ { 'Name': 'name', 'Values': [ filter_criteria ] } ]) # need to find ami with latest date returned debug_message(r, region, debug) newest = newest_ami(r['Images']) metadata[region] = newest amis[region] = newest.get('ImageId', 'unavailable') except ClientError as e: logger.exception( '%s: Boto error while retrieving AMI data (%s)' % (inspect.stack()[0][3], str(e))) continue except Exception as e: logger.exception( '%s: Unknown Exception occured while retrieving AMI data (%s)' % (inspect.stack()[0][3], str(e))) raise e if detailed: return metadata return amis
def get_regions(profile=None): """ Return list of all regions """ try: if profile is None: profile = 'default' client = boto3_session(service='ec2', profile=profile) except ClientError as e: logger.exception('%s: Boto error while retrieving regions (%s)' % (inspect.stack()[0][3], str(e))) raise e return [x['RegionName'] for x in client.describe_regions()['Regions']]
def amazonlinux2(profile, region=None, detailed=False, debug=False): """ Return latest current amazonlinux v2 AMI for each region Args: :profile (str): profile_name :region (str): if supplied as parameter, only the ami for the single region specified is returned Returns: amis, TYPE: list: container for metadata dict for most current instance in region """ amis, metadata = {}, {} if region: regions = [region] else: regions = get_regions(profile=profile) # retrieve ami for each region in list for region in regions: try: if not profile: profile = 'default' client = boto3_session(service='ec2', region=region, profile=profile) r = client.describe_images( Owners=['amazon'], Filters=[ { 'Name': 'name', 'Values': [ 'amzn2-ami-hvm-????.??.?.*????.?-x86_64-*', 'amzn2-ami-hvm-*-x86_64-gp2' ] } ]) # need to find ami with latest date returned debug_message(r, region, debug) newest = newest_ami(r['Images']) metadata[region] = newest amis[region] = newest.get('ImageId', 'unavailable') except ClientError as e: logger.exception( '%s: Boto error while retrieving AMI data (%s)' % (inspect.stack()[0][3], str(e))) continue except Exception as e: logger.exception( '%s: Unknown Exception occured while retrieving AMI data (%s)' % (inspect.stack()[0][3], str(e))) raise e if detailed: return metadata return amis
def profile_keypairs(profile, region=None): keypairs = {} regions = [region] or get_regions() for rgn in regions: try: client = boto3_session('ec2', region=rgn, profile=profile) keypairs[rgn] = [ x['KeyName'] for x in client.describe_key_pairs()['KeyPairs'] ] except ClientError as e: logger.warning( '{}: Unable to retrieve keypairs for region {}'.format( inspect.stack()[0][3], rgn)) continue return keypairs
def profile_securitygroups(profile, region): """ Profiles securitygroups in an aws account """ sgs = [] try: client = boto3_session('ec2', region=region, profile=profile) r = client.describe_security_groups()['SecurityGroups'] sgs.append([{ x['GroupId']: { 'Description': x['Description'], 'GroupName': x['GroupName'], 'VpcId': x['VpcId'] } } for x in r]) except ClientError as e: logger.warning( '{}: Unable to retrieve securitygroups for region {}'.format( inspect.stack()[0][3], rgn)) return sgs[0]
def delete_tags(resourceIds, region, tags): """ Removes tags from an EC2 resource """ client = boto3_session('ec2', region) try: for resourceid in resourceIds: response = client.delete_tags( Resources=[resourceid], Tags=tags ) if response['ResponseMetadata']['HTTPStatusCode'] == 200: logger.info('Existing Tags deleted from vol id %s' % resourceid) return True else: logger.warning('Problem deleting existing tags from vol id %s' % resourceid) return False except ClientError as e: logger.critical( "%s: Problem apply tags to ec2 instances (Code: %s Message: %s)" % (inspect.stack()[0][3], e.response['Error']['Code'], e.response['Error']['Message'])) return False
def profile_subnets(profile, region): """ Profiles all subnets in an account """ subnets = {} try: client = boto3_session('ec2', region=region, profile=profile) r = client.describe_subnets()['Subnets'] return [{ x['SubnetId']: { 'AvailabilityZone': x['AvailabilityZone'], 'CidrBlock': x['CidrBlock'], 'State': x['State'], 'IpAddresses': 'Public' if x['MapPublicIpOnLaunch'] else 'Private', 'VpcId': x['VpcId'] } } for x in r] except ClientError as e: logger.warning( '{}: Unable to retrieve subnets for region {}: {}'.format( inspect.stack()[0][3], region, e))
def source_instanceprofiles(profile): """ Summary. returns instance profile roles in an AWS account Returns: iam role information, TYPE: json Format: { 'RoleName': 'SR-S3Ops', 'Arn': 'arn:aws:iam::716400000000:role/SR-S3Ops', 'CreateDate': } """ client = boto3_session(service='iam', profile=profile) r = client.list_instance_profiles()['InstanceProfiles'] return [{ 'InstanceProfileName': x['InstanceProfileName'], 'Arn': x['Arn'], 'CreateDate': x['CreateDate'].strftime('%Y-%m-%dT%H:%M:%S') } for x in r]
# formatting act = Colors.ORANGE # accent highlight (bright orange) bd = Colors.BOLD + Colors.WHITE # title formatting bn = Colors.CYAN # color for main binary highlighting lk = Colors.DARKBLUE # color for filesystem path confirmations red = Colors.RED # color for failed operations yl = Colors.GOLD3 # color when copying, creating paths rst = Colors.RESET # reset all color, formatting bucket = 'http-imagestore' key = 'nlines-bash' profilename = 'gcreds-da-atos' global s3 s3 = boto3_session(service='s3', profile=profilename) logger = logging.getLogger(__version__) logger.setLevel(logging.INFO) def git_root(): """ Summary. Returns root directory of git repository """ cmd = 'git rev-parse --show-toplevel 2>/dev/null' return subprocess.getoutput(cmd).strip()
def run_ec2_instance(pf, region, imageid, imagetype, subid, sgroup, kp, ip_arn, size, count, userdata_content, debug): """ Summary. Creates a new EC2 instance with properties given by supplied parameters Args: :imageid (str): Amazon Machine Image Id :subid (str): AWS subnet id (subnet-abcxyz) :sgroup (str): Security group id :kp (str): keypair name matching pre-existing keypair in the targeted AWS account :userdata (str): Path to userdata file; otherwise, None :debug (bool): debug flag to enable verbose logging Returns: InstanceId(s), TYPE: list """ now = datetime.datetime.utcnow() # ec2 client instantiation for launch client = boto3_session('ec2', region=region, profile=pf) # name tag content name_tag = nametag(imagetype, now.strftime('%Y-%m-%d')) tags = [{ 'Key': 'Name', 'Value': name_tag }, { 'Key': 'os', 'Value': imagetype }, { 'Key': 'CreateDateTime', 'Value': now.strftime('%Y-%m-%dT%H:%M:%SZ') }] try: if ip_arn is None: response = client.run_instances( ImageId=imageid, InstanceType=size, KeyName=kp, MaxCount=int(count), MinCount=1, SecurityGroupIds=[sgroup], SubnetId=subid, UserData=userdata_content, DryRun=debug, InstanceInitiatedShutdownBehavior='stop', TagSpecifications=[{ 'ResourceType': 'instance', 'Tags': tags }]) else: response = client.run_instances( ImageId=imageid, InstanceType=size, KeyName=kp, MaxCount=int(count), MinCount=1, SecurityGroupIds=[sgroup], SubnetId=subid, UserData=userdata_content, DryRun=debug, IamInstanceProfile={'Name': ip_arn.split('/')[-1]}, InstanceInitiatedShutdownBehavior='stop', TagSpecifications=[{ 'ResourceType': 'instance', 'Tags': tags }]) except ClientError as e: if e.response['Error']['Code'] == 'UnauthorizedOperation': stdout_message( message= "IAM user has inadequate permissions to launch EC2 instance(s) (Code: %s)" % e.response['Error']['Code'], prefix='WARN') sys.exit(exit_codes['EX_NOPERM']['Code']) else: logger.critical( "%s: Unknown problem launching EC2 Instance(s) (Code: %s Message: %s)" % (inspect.stack()[0][3], e.response['Error']['Code'], e.response['Error']['Message'])) return [] return [x['InstanceId'] for x in response['Instances']]
def get_regions(): client = boto3_session('ec2') return [ x['RegionName'] for x in client.describe_regions()['Regions'] if 'cn' not in x['RegionName'] ]
def __init__(self, bucket, profile=None): self.client = boto3_session(service='s3', profile_name=profile) self.bucket = bucket