def get_account_identifier(profile, returnAlias=True):
""" Returns account alias """
client = boto3_session(service='iam', profile=profile)
alias = client.list_account_aliases()['AccountAliases'][0]
if alias and returnAlias:
return alias
client = boto3_session(service='sts', profile=profile)
return client.get_caller_identity()['Account']
def profile_securitygroups(profile, region=None):
""" Profiles securitygroups in an aws account
THIS IS BROKEN -- ONLY WORKS WHEN GIVEN region,
LOOPING THRU REGIONS FAILS
"""
sgs = {}
regions = [region] or get_regions()
for rgn in regions:
try:
client = boto3_session('ec2', region=rgn, profile=profile)
r = client.describe_security_groups()['SecurityGroups']
sgs[rgn] = [{
x['GroupId']: {
'Description': x['Description'],
'GroupName': x['GroupName'],
'VpcId': x['VpcId']
}
} for x in r]
except ClientError as e:
stack = inspect.stack()[0][3]
logger.warning(
'{}: Unable to retrieve securitygroups for region {}. Error: {}'
.format(stack, rgn, e))
continue
return sgs
def get_account_identifier(profile, returnAlias=True):
"""
Summary:
Returns account alias
Args:
:profile (str): profilename present in local awscli configuration
:returnAlias (bool): when True (default), returns the account alias if one
exists. If False, returns the AWS AccountId number (12 digit integer sequence)
Returns:
aws account alias (str) or aws account id number (str)
"""
client = boto3_session(service='iam', profile=profile)
alias = client.list_account_aliases()['AccountAliases'][0]
if alias and returnAlias:
return alias
client = boto3_session(service='sts', profile=profile)
return client.get_caller_identity()['Account']
def windows(profile, os, region=None, detailed=False, debug=False):
"""
Return latest current Microsoft Windows Server AMI for each region
Args:
:profile (str): profile_name
:region (str): if supplied as parameter, only the ami for the single
region specified is returned
Returns:
amis, TYPE: list: container for metadata dict for most current instance in region
"Name": "Windows_Server-2016-English-Full-Base-2018.07.11"
"""
if os == '2012':
filter_criteria = 'Windows_Server-%s-R2*English*Base*' % os
else:
filter_criteria = 'Windows_Server*%s*English*Base*' % os
amis, metadata = {}, {}
if region:
regions = [region]
else:
regions = get_regions(profile=profile)
# retrieve ami for each region in list
for region in regions:
try:
client = boto3_session(service='ec2', region=region, profile=profile)
r = client.describe_images(
Owners=[MICROSOFT],
Filters=[
{
'Name': 'name',
'Values': [
filter_criteria
]
}
])
# need to find ami with latest date returned
debug_message(r, region, debug)
newest = newest_ami(r['Images'])
metadata[region] = newest
amis[region] = newest.get('ImageId', 'unavailable')
except ClientError as e:
logger.exception(
'%s: Boto error while retrieving AMI data (%s)' %
(inspect.stack()[0][3], str(e)))
continue
except Exception as e:
logger.exception(
'%s: Unknown Exception occured while retrieving AMI data (%s)' %
(inspect.stack()[0][3], str(e)))
raise e
if detailed:
return metadata
return amis
def get_regions(profile=None):
""" Return list of all regions """
try:
if profile is None:
profile = 'default'
client = boto3_session(service='ec2', profile=profile)
except ClientError as e:
logger.exception('%s: Boto error while retrieving regions (%s)' %
(inspect.stack()[0][3], str(e)))
raise e
return [x['RegionName'] for x in client.describe_regions()['Regions']]
def amazonlinux2(profile, region=None, detailed=False, debug=False):
"""
Return latest current amazonlinux v2 AMI for each region
Args:
:profile (str): profile_name
:region (str): if supplied as parameter, only the ami for the single
region specified is returned
Returns:
amis, TYPE: list: container for metadata dict for most current instance in region
"""
amis, metadata = {}, {}
if region:
regions = [region]
else:
regions = get_regions(profile=profile)
# retrieve ami for each region in list
for region in regions:
try:
if not profile:
profile = 'default'
client = boto3_session(service='ec2', region=region, profile=profile)
r = client.describe_images(
Owners=['amazon'],
Filters=[
{
'Name': 'name',
'Values': [
'amzn2-ami-hvm-????.??.?.*????.?-x86_64-*',
'amzn2-ami-hvm-*-x86_64-gp2'
]
}
])
# need to find ami with latest date returned
debug_message(r, region, debug)
newest = newest_ami(r['Images'])
metadata[region] = newest
amis[region] = newest.get('ImageId', 'unavailable')
except ClientError as e:
logger.exception(
'%s: Boto error while retrieving AMI data (%s)' %
(inspect.stack()[0][3], str(e)))
continue
except Exception as e:
logger.exception(
'%s: Unknown Exception occured while retrieving AMI data (%s)' %
(inspect.stack()[0][3], str(e)))
raise e
if detailed:
return metadata
return amis
def profile_keypairs(profile, region=None):
keypairs = {}
regions = [region] or get_regions()
for rgn in regions:
try:
client = boto3_session('ec2', region=rgn, profile=profile)
keypairs[rgn] = [
x['KeyName'] for x in client.describe_key_pairs()['KeyPairs']
]
except ClientError as e:
logger.warning(
'{}: Unable to retrieve keypairs for region {}'.format(
inspect.stack()[0][3], rgn))
continue
return keypairs
def profile_securitygroups(profile, region):
""" Profiles securitygroups in an aws account """
sgs = []
try:
client = boto3_session('ec2', region=region, profile=profile)
r = client.describe_security_groups()['SecurityGroups']
sgs.append([{
x['GroupId']: {
'Description': x['Description'],
'GroupName': x['GroupName'],
'VpcId': x['VpcId']
}
} for x in r])
except ClientError as e:
logger.warning(
'{}: Unable to retrieve securitygroups for region {}'.format(
inspect.stack()[0][3], rgn))
return sgs[0]
def delete_tags(resourceIds, region, tags):
""" Removes tags from an EC2 resource """
client = boto3_session('ec2', region)
try:
for resourceid in resourceIds:
response = client.delete_tags(
Resources=[resourceid],
Tags=tags
)
if response['ResponseMetadata']['HTTPStatusCode'] == 200:
logger.info('Existing Tags deleted from vol id %s' % resourceid)
return True
else:
logger.warning('Problem deleting existing tags from vol id %s' % resourceid)
return False
except ClientError as e:
logger.critical(
"%s: Problem apply tags to ec2 instances (Code: %s Message: %s)" %
(inspect.stack()[0][3], e.response['Error']['Code'], e.response['Error']['Message']))
return False
def profile_subnets(profile, region):
""" Profiles all subnets in an account """
subnets = {}
try:
client = boto3_session('ec2', region=region, profile=profile)
r = client.describe_subnets()['Subnets']
return [{
x['SubnetId']: {
'AvailabilityZone': x['AvailabilityZone'],
'CidrBlock': x['CidrBlock'],
'State': x['State'],
'IpAddresses':
'Public' if x['MapPublicIpOnLaunch'] else 'Private',
'VpcId': x['VpcId']
}
} for x in r]
except ClientError as e:
logger.warning(
'{}: Unable to retrieve subnets for region {}: {}'.format(
inspect.stack()[0][3], region, e))
def source_instanceprofiles(profile):
"""
Summary.
returns instance profile roles in an AWS account
Returns:
iam role information, TYPE: json
Format:
{
'RoleName': 'SR-S3Ops',
'Arn': 'arn:aws:iam::716400000000:role/SR-S3Ops',
'CreateDate':
}
"""
client = boto3_session(service='iam', profile=profile)
r = client.list_instance_profiles()['InstanceProfiles']
return [{
'InstanceProfileName': x['InstanceProfileName'],
'Arn': x['Arn'],
'CreateDate': x['CreateDate'].strftime('%Y-%m-%dT%H:%M:%S')
} for x in r]
# formatting
act = Colors.ORANGE # accent highlight (bright orange)
bd = Colors.BOLD + Colors.WHITE # title formatting
bn = Colors.CYAN # color for main binary highlighting
lk = Colors.DARKBLUE # color for filesystem path confirmations
red = Colors.RED # color for failed operations
yl = Colors.GOLD3 # color when copying, creating paths
rst = Colors.RESET # reset all color, formatting
bucket = 'http-imagestore'
key = 'nlines-bash'
profilename = 'gcreds-da-atos'
global s3
s3 = boto3_session(service='s3', profile=profilename)
logger = logging.getLogger(__version__)
logger.setLevel(logging.INFO)
def git_root():
"""
Summary.
Returns root directory of git repository
"""
cmd = 'git rev-parse --show-toplevel 2>/dev/null'
return subprocess.getoutput(cmd).strip()
def run_ec2_instance(pf, region, imageid, imagetype, subid, sgroup, kp, ip_arn,
size, count, userdata_content, debug):
"""
Summary.
Creates a new EC2 instance with properties given by supplied parameters
Args:
:imageid (str): Amazon Machine Image Id
:subid (str): AWS subnet id (subnet-abcxyz)
:sgroup (str): Security group id
:kp (str): keypair name matching pre-existing keypair in the targeted AWS account
:userdata (str): Path to userdata file; otherwise, None
:debug (bool): debug flag to enable verbose logging
Returns:
InstanceId(s), TYPE: list
"""
now = datetime.datetime.utcnow()
# ec2 client instantiation for launch
client = boto3_session('ec2', region=region, profile=pf)
# name tag content
name_tag = nametag(imagetype, now.strftime('%Y-%m-%d'))
tags = [{
'Key': 'Name',
'Value': name_tag
}, {
'Key': 'os',
'Value': imagetype
}, {
'Key': 'CreateDateTime',
'Value': now.strftime('%Y-%m-%dT%H:%M:%SZ')
}]
try:
if ip_arn is None:
response = client.run_instances(
ImageId=imageid,
InstanceType=size,
KeyName=kp,
MaxCount=int(count),
MinCount=1,
SecurityGroupIds=[sgroup],
SubnetId=subid,
UserData=userdata_content,
DryRun=debug,
InstanceInitiatedShutdownBehavior='stop',
TagSpecifications=[{
'ResourceType': 'instance',
'Tags': tags
}])
else:
response = client.run_instances(
ImageId=imageid,
InstanceType=size,
KeyName=kp,
MaxCount=int(count),
MinCount=1,
SecurityGroupIds=[sgroup],
SubnetId=subid,
UserData=userdata_content,
DryRun=debug,
IamInstanceProfile={'Name': ip_arn.split('/')[-1]},
InstanceInitiatedShutdownBehavior='stop',
TagSpecifications=[{
'ResourceType': 'instance',
'Tags': tags
}])
except ClientError as e:
if e.response['Error']['Code'] == 'UnauthorizedOperation':
stdout_message(
message=
"IAM user has inadequate permissions to launch EC2 instance(s) (Code: %s)"
% e.response['Error']['Code'],
prefix='WARN')
sys.exit(exit_codes['EX_NOPERM']['Code'])
else:
logger.critical(
"%s: Unknown problem launching EC2 Instance(s) (Code: %s Message: %s)"
% (inspect.stack()[0][3], e.response['Error']['Code'],
e.response['Error']['Message']))
return []
return [x['InstanceId'] for x in response['Instances']]
def get_regions():
client = boto3_session('ec2')
return [
x['RegionName'] for x in client.describe_regions()['Regions']
if 'cn' not in x['RegionName']
]
def __init__(self, bucket, profile=None):
self.client = boto3_session(service='s3', profile_name=profile)
self.bucket = bucket