def test_elastic_network_interfaces_modify_attribute_boto3(): ec2 = boto3.resource("ec2", region_name="us-east-1") client = boto3.client("ec2", "us-east-1") vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16") subnet = ec2.create_subnet(VpcId=vpc.id, CidrBlock="10.0.0.0/18") sec_group1 = ec2.create_security_group(GroupName=str(uuid4()), Description="n/a") sec_group2 = ec2.create_security_group(GroupName=str(uuid4()), Description="n/a") eni_id = subnet.create_network_interface(Groups=[sec_group1.id]).id my_eni = client.describe_network_interfaces( NetworkInterfaceIds=[eni_id])["NetworkInterfaces"][0] my_eni["Groups"].should.have.length_of(1) my_eni["Groups"][0]["GroupId"].should.equal(sec_group1.id) with pytest.raises(ClientError) as ex: client.modify_network_interface_attribute(NetworkInterfaceId=eni_id, Groups=[sec_group2.id], DryRun=True) ex.value.response["Error"]["Code"].should.equal("DryRunOperation") ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(412) ex.value.response["Error"]["Message"].should.equal( "An error occurred (DryRunOperation) when calling the ModifyNetworkInterface operation: Request would have succeeded, but DryRun flag is set" ) client.modify_network_interface_attribute(NetworkInterfaceId=eni_id, Groups=[sec_group2.id]) my_eni = client.describe_network_interfaces( NetworkInterfaceIds=[eni_id])["NetworkInterfaces"][0] my_eni["Groups"].should.have.length_of(1) my_eni["Groups"][0]["GroupId"].should.equal(sec_group2.id)
def security_group(name, description): try: group = ec2.get_all_security_groups(groupnames=[name])[0] except boto.exception.EC2ResponseError: group = None if group is None: ec2.create_security_group(name, description) group = ec2.get_all_security_groups(groupnames=[name])[0] return group
def test_security_group_ingress_separate_from_security_group_by_id(): ec2 = boto3.client("ec2", region_name="us-west-1") sg_name = str(uuid4()) ec2.create_security_group(GroupName=sg_name, Description="test security group") sg_2 = str(uuid4())[0:6] template = { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "test-security-group2": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "test security group", "Tags": [{ "Key": "sg-name", "Value": sg_2 }], }, }, "test-sg-ingress": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupName": sg_name, "IpProtocol": "tcp", "FromPort": "80", "ToPort": "8080", "SourceSecurityGroupId": { "Ref": "test-security-group2" }, }, }, }, } template_json = json.dumps(template) cf = boto3.client("cloudformation", region_name="us-west-1") cf.create_stack(StackName=str(uuid4())[0:6], TemplateBody=template_json) security_group1 = ec2.describe_security_groups( GroupNames=[sg_name])["SecurityGroups"][0] security_group2 = get_secgroup_by_tag(ec2, sg_2) security_group1["IpPermissions"].should.have.length_of(1) security_group1["IpPermissions"][0][ "UserIdGroupPairs"].should.have.length_of(1) security_group1["IpPermissions"][0]["UserIdGroupPairs"][0][ "GroupId"].should.equal(security_group2["GroupId"]) security_group1["IpPermissions"][0]["IpProtocol"].should.equal("tcp") security_group1["IpPermissions"][0]["FromPort"].should.equal(80) security_group1["IpPermissions"][0]["ToPort"].should.equal(8080)
def create_security_group(self, security_group_name, description, delete_if_exists=False): """ Returns the identifier of the group. """ if delete_if_exists: try: self.delete_security_group(security_group_name) logger.info( 'create_security_group has deleted existing group ' '{0} prior to re-creating it.'.format(security_group_name)) except DeleteGroupException: logger.debug('security group did not already exist') # create the group in the VPC or classic kwargs = {} if self.account.vpc_id: kwargs['vpc_id'] = self.account.vpc_id ec2 = self.connect_ec2() try: group = ec2.create_security_group(security_group_name, description, **kwargs) return group.id except boto.exception.EC2ResponseError as e: raise GroupExistsException(e.message)
def create_security_group(self, security_group_name, description, delete_if_exists=False): ''' Returns the identifier of the group. ''' if not description: description = 'Default description provided by stackd.io' if delete_if_exists: try: self.delete_security_group(security_group_name) logger.warn('create_security_group has deleted existing group ' '{0} prior to creating it.'.format( security_group_name)) except BadRequest: logger.debug('security group did not already exist') # create the group in the VPC or classic kwargs = {} if self.obj.vpc_id: kwargs['vpc_id'] = self.obj.vpc_id ec2 = self.connect_ec2() group = ec2.create_security_group(security_group_name, description, **kwargs) return group.id
def _create_security_group_abort_on_error(name, desc, rules): ec2 = boto.ec2.connect_to_region(env.ec2_region) try: sg = ec2.create_security_group(name, desc, vpc_id=env.ec2_vpc_id) except boto.exception.EC2ResponseError as e: if e.error_code == 'InvalidGroup.Duplicate': abort('\n' '\n' ' "%s" security group already exists!' % name) else: abort('\n' '\n' ' "%s" security group could not be created!: %s' % (name, e.message)) for rule in rules: ec2.authorize_security_group( group_id=sg.id, ip_protocol=rule[0], from_port=rule[1], to_port=rule[2], cidr_ip=rule[3]) puts('\n' ' "%s" security group created successfully!' % name)
def createSG(ec2, name, rules): """ Create a new SecurityGroup """ # check if the security group exists group = None sgGroups = [sg for sg in ec2.get_all_security_groups() if sg.name == name] if sgGroups: group = sgGroups[0] ec2.delete_security_group(name=name, group_id=group) print "Creating %s Security Group" % name group = ec2.create_security_group(name, 'group for %s' % name) if group: # Set the inbound rules for rule in rules: if rule.src_group_name: group.authorize(ip_protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, cidr_ip=rule.cidr_ip, src_group=group) else: group.authorize(ip_protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, cidr_ip=rule.cidr_ip, src_group=None) return True else: logError('Error during ' + name + ' Security Group update') return False
def create_security_group(self, security_group_name, description, delete_if_exists=False): """ Returns the identifier of the group. """ if delete_if_exists: try: self.delete_security_group(security_group_name) logger.info('create_security_group has deleted existing group ' '{0} prior to re-creating it.'.format(security_group_name)) except DeleteGroupException: logger.debug('security group did not already exist') # create the group in the VPC or classic kwargs = {} if self.account.vpc_id: kwargs['vpc_id'] = self.account.vpc_id ec2 = self.connect_ec2() try: group = ec2.create_security_group( security_group_name, description, **kwargs ) return group.id except boto.exception.EC2ResponseError as e: raise GroupExistsException(e.message)
def test_elastic_network_interfaces_with_groups_boto3(): ec2 = boto3.resource("ec2", region_name="us-east-1") client = boto3.client("ec2", "us-east-1") vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16") subnet = ec2.create_subnet(VpcId=vpc.id, CidrBlock="10.0.0.0/18") sec_group1 = ec2.create_security_group(GroupName=str(uuid4()), Description="n/a") sec_group2 = ec2.create_security_group(GroupName=str(uuid4()), Description="n/a") my_eni = subnet.create_network_interface(Groups=[sec_group1.id, sec_group2.id]) all_enis = client.describe_network_interfaces()["NetworkInterfaces"] [eni["NetworkInterfaceId"] for eni in all_enis].should.contain(my_eni.id) my_eni = [eni for eni in all_enis if eni["NetworkInterfaceId"] == my_eni.id][0] my_eni["Groups"].should.have.length_of(2) set([group["GroupId"] for group in my_eni["Groups"]]).should.equal( set([sec_group1.id, sec_group2.id]) )
def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id): """ Returns tuple of (group_id, ip) after validating rule params. rule: Dict describing a rule. name: Name of the security group being managed. groups: Dict of all available security groups. AWS accepts an ip range or a security group as target of a rule. This function validate the rule specification and return either a non-None group_id or a non-None ip range. """ FOREIGN_SECURITY_GROUP_REGEX = '^(\S+)/(sg-\S+)/(\S+)' group_id = None group_name = None ip = None target_group_created = False if 'group_id' in rule and 'cidr_ip' in rule: module.fail_json(msg="Specify group_id OR cidr_ip, not both") elif 'group_name' in rule and 'cidr_ip' in rule: module.fail_json(msg="Specify group_name OR cidr_ip, not both") elif 'group_id' in rule and 'group_name' in rule: module.fail_json(msg="Specify group_id OR group_name, not both") elif 'group_id' in rule and re.match(FOREIGN_SECURITY_GROUP_REGEX, rule['group_id']): # this is a foreign Security Group. Since you can't fetch it you must create an instance of it owner_id, group_id, group_name = re.match(FOREIGN_SECURITY_GROUP_REGEX, rule['group_id']).groups() group_instance = SecurityGroup(owner_id=owner_id, name=group_name, id=group_id) groups[group_id] = group_instance groups[group_name] = group_instance elif 'group_id' in rule: group_id = rule['group_id'] elif 'group_name' in rule: group_name = rule['group_name'] if group_name == name: group_id = group.id groups[group_id] = group groups[group_name] = group elif group_name in groups: group_id = groups[group_name].id else: if not rule.get('group_desc', '').strip(): module.fail_json(msg="group %s will be automatically created by rule %s and no description was provided" % (group_name, rule)) if not module.check_mode: auto_group = ec2.create_security_group(group_name, rule['group_desc'], vpc_id=vpc_id) group_id = auto_group.id groups[group_id] = auto_group groups[group_name] = auto_group target_group_created = True elif 'cidr_ip' in rule: ip = rule['cidr_ip'] return group_id, ip, target_group_created
def get_or_create_security_group(region ,group_name): """ Search by group_name, if doesn't exits, it is created """ try: ec2 = boto.ec2.connect_to_region(region) group = ec2.get_all_security_groups(groupnames=[group_name])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': group = ec2.create_security_group( group_name, 'group {} for region {}'.format(group_name, region)) else: raise
def create_security_group(group_name="mqlibtest"): """ Instances are pretty locked down by default. We can assign them to security groups to give access rights. This group allows us to access our instances over SSH """ ec2 = boto.ec2.connect_to_region(AWS_REGION) for g in ec2.get_all_security_groups(): if g.name == group_name: return # We already have this group setup group = ec2.create_security_group(group_name, "MQLib SSH access group") group.authorize("tcp", 22, 22, "0.0.0.0/0") # SSH is on port 22, all IPs print "Created new security group"
def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id): """ Returns tuple of (group_id, ip) after validating rule params. rule: Dict describing a rule. name: Name of the security group being managed. groups: Dict of all available security groups. AWS accepts an ip range or a security group as target of a rule. This function validate the rule specification and return either a non-None group_id or a non-None ip range. """ group_id = None group_name = None ip = None target_group_created = False if 'group_id' in rule and 'cidr_ip' in rule: module.fail_json(msg="Specify group_id OR cidr_ip, not both") elif 'group_name' in rule and 'cidr_ip' in rule: module.fail_json(msg="Specify group_name OR cidr_ip, not both") elif 'group_id' in rule and 'group_name' in rule: module.fail_json(msg="Specify group_id OR group_name, not both") elif 'group_id' in rule: group_id = rule['group_id'] elif 'group_name' in rule: group_name = rule['group_name'] if group_name in groups: group_id = groups[group_name].id elif group_name == name: group_id = group.id groups[group_id] = group groups[group_name] = group else: if not rule.get('group_desc', '').strip(): module.fail_json( msg= "group %s will be automatically created by rule %s and no description was provided" % (group_name, rule)) if not module.check_mode: auto_group = ec2.create_security_group(group_name, rule['group_desc'], vpc_id=vpc_id) group_id = auto_group.id groups[group_id] = auto_group groups[group_name] = auto_group target_group_created = True elif 'cidr_ip' in rule: ip = rule['cidr_ip'] return group_id, ip, target_group_created
def get_or_create_security_group(region, group_name): """ Search by group_name, if doesn't exits, it is created """ try: ec2 = boto.ec2.connect_to_region(region) group = ec2.get_all_security_groups(groupnames=[group_name])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': group = ec2.create_security_group( group_name, 'group {} for region {}'.format(group_name, region)) else: raise
def security_group_ssh(): # If the demo security group exists, purge so it's known to be clean. groups = ec2.get_all_security_groups() for group in groups: if group.name == DEMO_SECURITY_GROUP: ec2.delete_security_group(DEMO_SECURITY_GROUP) # create new security group opening up ssh and tomcat7 ports group = ec2.create_security_group(DEMO_SECURITY_GROUP, 'Security group for demonstration') my_cidr = get_external_ip() + '/32' group.authorize('tcp', 22, 22, my_cidr) group.authorize('tcp', 8080, 8080, my_cidr) return;
def create_security_group(group_name="mqlibtest"): """ Instances are pretty locked down by default. We can assign them to security groups to give access rights. This group allows us to access our instances over SSH """ ec2 = boto.ec2.connect_to_region(AWS_REGION) for g in ec2.get_all_security_groups(): if g.name == group_name: return # We already have this group setup group = ec2.create_security_group( group_name, "MQLib SSH access group") group.authorize("tcp", 22, 22, "0.0.0.0/0") # SSH is on port 22, all IPs print "Created new security group"
def create_security_rule(ec2,vpc,group,protocol,start,end,cidr): # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. print 'Creating security rule %s:%s[%s,%s]->%s'%(group,protocol,start,end,cidr) try: ec2_group = ec2.get_all_security_groups(groupnames=[group])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': print 'Creating Security Group: %s' % group # Create a security group to control access to instance via SSH. ec2_group = ec2.create_security_group(group, group, vpc_id=vpc) else: raise
def create_security_group(group_name): """ Instances are pretty locked down by default. We can assign them to security groups to give access rights. """ ec2 = boto.ec2.connect_to_region(AWS_REGION) for g in ec2.get_all_security_groups(): if g.name == group_name: return # We already have this group setup group = ec2.create_security_group(group_name, "%s SSH access group" % group_name) group.authorize("tcp", 22, 22, "0.0.0.0/0") # SSH is on port 22, all IPs group.authorize("tcp", 80, 80, "0.0.0.0/0") group.authorize("tcp", 61000, 65000, "0.0.0.0/0") print "Created new security group"
def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id): """ Returns tuple of (group_id, ip) after validating rule params. rule: Dict describing a rule. name: Name of the security group being managed. groups: Dict of all available security groups. AWS accepts an ip range or a security group as target of a rule. This function validate the rule specification and return either a non-None group_id or a non-None ip range. """ group_id = None group_name = None ip = None target_group_created = False if 'group_id' in rule and 'cidr_ip' in rule: module.fail_json(msg="Specify group_id OR cidr_ip, not both") elif 'group_name' in rule and 'cidr_ip' in rule: module.fail_json(msg="Specify group_name OR cidr_ip, not both") elif 'group_id' in rule and 'group_name' in rule: module.fail_json(msg="Specify group_id OR group_name, not both") elif 'group_id' in rule: group_id = rule['group_id'] elif 'group_name' in rule: group_name = rule['group_name'] if group_name in groups: group_id = groups[group_name].id elif group_name == name: group_id = group.id groups[group_id] = group groups[group_name] = group else: if not rule.get('group_desc', '').strip(): module.fail_json(msg="group %s will be automatically created by rule %s and no description was provided" % (group_name, rule)) if not module.check_mode: auto_group = ec2.create_security_group(group_name, rule['group_desc'], vpc_id=vpc_id) group_id = auto_group.id groups[group_id] = auto_group groups[group_name] = auto_group target_group_created = True elif 'cidr_ip' in rule: ip = rule['cidr_ip'] return group_id, ip, target_group_created
def main(config_path, name_prefix, tag): with open(config_path) as f: config = json.load(f) ec2 = boto.ec2.connect_to_region( INSTANCE_CONFIG['region'], aws_access_key_id=config['access_key_id'], aws_secret_access_key=config['secret_access_key']) name = name_prefix + "-" + datetime.utcnow().isoformat() # Assume that ssh key is uploaded group = ec2.create_security_group(name, 'A group that allows SSH access') group.authorize('tcp', 22, 22, "0.0.0.0/0") reservation = ec2.run_instances( INSTANCE_CONFIG['ami'], key_name=os.path.basename(config['certificate_path']).split(".")[0], instance_type=INSTANCE_CONFIG['type'], security_groups=[name]) # Find the actual Instance object inside the Reservation object # returned by EC2. instance = reservation.instances[0] # The instance has been launched but it's not yet up and # running. Let's wait for it's state to change to 'running'. print 'waiting for instance' while instance.state != 'running': print '.', time.sleep(1) instance.update() print 'done' instance.add_tag(tag) print "DoNe! To connect use:" print "ssh -i {} ubuntu@{}".format(config['certificate_path'], instance.public_dns_name)
def auto_vpn(ami=ami, instance_type=instance_type, key_name=keyname, group_name="vpn_2", ssh_port="22", vpn_port="1194", cidr="0.0.0.0/0", tag="auto_vpn", user_data=None): ec2 = conn_region try: group = ec2.get_all_security_groups(groupnames=[group_name])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': group = ec2.create_security_group( group_name, 'A group that allows VPN access') else: raise
def auto_vpn(ami=ami, instance_type=instance_type, key_name=keyname, group_name="vpn_2", ssh_port="22", vpn_port="1194", cidr="0.0.0.0/0", tag="auto_vpn", user_data=None): ec2 = conn_region try: group = ec2.get_all_security_groups(groupnames=[group_name])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': group = ec2.create_security_group(group_name, 'A group that allows VPN access') else: raise
def createSG(ec2,name,rules): """ Create a new SecurityGroup """ # check if the security group exists group = None sgGroups = [sg for sg in ec2.get_all_security_groups() if sg.name == name] if sgGroups: group = sgGroups[0] ec2.delete_security_group(name=name, group_id=group) print "Creating %s Security Group" % name group = ec2.create_security_group(name, 'group for %s' % name) if group: # Set the inbound rules for rule in rules: if rule.src_group_name: group.authorize(ip_protocol=rule.ip_protocol,from_port=rule.from_port,to_port=rule.to_port,cidr_ip=rule.cidr_ip,src_group=group) else: group.authorize(ip_protocol=rule.ip_protocol,from_port=rule.from_port,to_port=rule.to_port,cidr_ip=rule.cidr_ip,src_group=None) return True else: logError('Error during '+name+' Security Group update') return False
outfile = open('keypair.pem', 'w') key_pair = ec2.create_key_pair(KeyName='keypair') KeyPairOut = str(key_pair.key_material) outfile.write(KeyPairOut) except ClientError as e: print("Key Pair Already Exist") ''' Creating Security Group ''' ec2 = boto3.client('ec2') response = ec2.describe_vpcs() vpc_id = response.get('Vpcs', [{}])[0].get('VpcId', '') try: response = ec2.create_security_group( GroupName='SECURITYGROUP', Description='security group for ec2 instance', VpcId=vpc_id) security_group_id = response['GroupId'] print('Security Group Created %s in vpc %s.' % (security_group_id, vpc_id)) data = ec2.authorize_security_group_ingress(GroupId=security_group_id, IpPermissions=[{ 'IpProtocol': 'tcp', 'FromPort': 80, 'ToPort': 80, 'IpRanges': [{ 'CidrIp': '0.0.0.0/0'
ec2 = boto.ec2.connect_to_region(region_name=region_name, aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key) print(u"Establishing security group voodoovpn") voodoovpngroup_name = u'voodoovpn' matching_security_groups = [ sg for sg in ec2.get_all_security_groups() if sg.name == voodoovpngroup_name ] if len(matching_security_groups) > 0: print(u"Found security group voodoovpn") voodoovpngroup = matching_security_groups[0] else: print(u"Creating security group voodoovpn") voodoovpngroup = ec2.create_security_group(voodoovpngroup_name, 'Voodoo VPN access') voodoovpngroup.authorize('tcp', 500, 500, '0.0.0.0/0') voodoovpngroup.authorize('udp', 500, 500, '0.0.0.0/0') voodoovpngroup.authorize('udp', 4500, 4500, '0.0.0.0/0') if key_name is not None: # open an ssh port, if we provided an ssh key voodoovpngroup.authorize('tcp', 22, 22, '0.0.0.0/0') voodoovpngroup.authorize('udp', 22, 22, '0.0.0.0/0') print(u"Generating VPN credentials") # generate IPSEC_PSK, VPN_USER = '******' IPSEC_PSK = ''.join( random.choice(string.ascii_lowercase + string.ascii_uppercase + string.digits) for x in range(32)) VPN_PASSWORD = ''.join(
# The save method will also chmod the file to protect # your private key. key.save(key_dir) else: raise # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: group = ec2.get_all_security_groups(groupnames=[group_name])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': print 'Creating Security Group: %s' % group_name # Create a security group to control access to instance via SSH. group = ec2.create_security_group(group_name, 'A group that allows SSH access') else: raise # Add a rule to the security group to authorize SSH traffic # on the specified port. try: group.authorize('tcp', ssh_port, ssh_port, "0.0.0.0/0") except ec2.ResponseError, e: if e.code == 'InvalidPermission.Duplicate': print 'Security Group: %s already authorized' % group_name else: raise @task def create_instance(name, ami=ubuntu_lts_ami, instance_type='t1.micro',
net3 = vpcCon.create_subnet(vpcid, "10.0.3.0/24") net4 = vpcCon.create_subnet(vpcid, "10.0.4.0/24") print "subnet ", net1.id, " was created" print "subnet ", net2.id, " was created" print "subnet ", net3.id, " was created" print "subnet ", net4.id, " was created" import boto.ec2 print "begin create security group" ec2 = boto.ec2.connect_to_region(region, aws_access_key_id= aws_access_key, aws_secret_access_key =aws_secret_key) net1_group = ec2.create_security_group('net1', 'Our net1 Group', vpc_id=vpcid) net2_group = ec2.create_security_group('net2', 'Our net2 Group', vpc_id=vpcid) net3_group = ec2.create_security_group('net3', 'Our net3 Group', vpc_id=vpcid) net4_group = ec2.create_security_group('net4', 'Our net3 Group', vpc_id=vpcid) print "begin add authorize to security" b = net1_group.authorize("tcp", from_port=0,to_port=65535, cidr_ip="0.0.0.0/0") b = net1_group.authorize("udp", from_port=0,to_port=65535, cidr_ip="0.0.0.0/0") b = net2_group.authorize("tcp", from_port=0,to_port=65535, cidr_ip="0.0.0.0/0") b = net2_group.authorize("udp", from_port=0,to_port=65535, cidr_ip="0.0.0.0/0") b = net3_group.authorize("tcp", from_port=0,to_port=65535, cidr_ip="0.0.0.0/0") b = net3_group.authorize("udp", from_port=0,to_port=65535, cidr_ip="0.0.0.0/0")
tag="instance test", cidr = "0.0.0.0/0", user_data="None", login_usr="******"): ec2 = boto.connect_ec2() try: key = ec2.get_all_key_pairs(keynames=[key_name])[0] except ec2.ResponseError, e: if e.code == 'InvalidKeyPair.NotFound': print 'Creating keypair: %s' % key_name key = ec2.create_key_pair(key_name) key.save(key_dir) try: group = ec2.get_all_security_groups( groupnames=[group_name])[0] except ec2.ResponseError, e: if e.code == "InvalidGroup.NotFound" : print "Creating Security Group: %s" % group_name group = ec2.create_security_group(group_name, "A group that allows ssh access") group.authorize("tcp", ssh_port, ssh_port, cidr) group.authorize("tcp", solr_port, solr_port, cidr) group.authorize("tcp", http_port, http_port, cidr) else: raise reservation = ec2.run_instances(ami, key_name=key_name, security_groups=[group_name], instance_type=instance_type, user_data=user_data) instance = reservation.instances[0] print 'waiting for instance to start' while instance.state != 'running': print "Instance state =" + str(instance.state) time.sleep(5)
def test_elastic_network_interfaces_filtering_boto3(): ec2 = boto3.resource("ec2", region_name="us-east-1") client = boto3.client("ec2", "us-east-1") vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16") subnet = ec2.create_subnet(VpcId=vpc.id, CidrBlock="10.0.0.0/18") sec_group1 = ec2.create_security_group(GroupName=str(uuid4()), Description="n/a") sec_group2 = ec2.create_security_group(GroupName=str(uuid4()), Description="n/a") eni1 = subnet.create_network_interface( Groups=[sec_group1.id, sec_group2.id]) eni2 = subnet.create_network_interface(Groups=[sec_group1.id]) eni3 = subnet.create_network_interface(Description=str(uuid4())) all_enis = client.describe_network_interfaces()["NetworkInterfaces"] [eni["NetworkInterfaceId"] for eni in all_enis].should.contain(eni1.id) [eni["NetworkInterfaceId"] for eni in all_enis].should.contain(eni2.id) [eni["NetworkInterfaceId"] for eni in all_enis].should.contain(eni3.id) # Filter by NetworkInterfaceId enis_by_id = client.describe_network_interfaces( NetworkInterfaceIds=[eni1.id])["NetworkInterfaces"] enis_by_id.should.have.length_of(1) set([eni["NetworkInterfaceId"] for eni in enis_by_id]).should.equal(set([eni1.id])) # Filter by ENI ID enis_by_id = client.describe_network_interfaces( Filters=[{ "Name": "network-interface-id", "Values": [eni1.id] }])["NetworkInterfaces"] enis_by_id.should.have.length_of(1) set([eni["NetworkInterfaceId"] for eni in enis_by_id]).should.equal(set([eni1.id])) # Filter by Security Group enis_by_group = client.describe_network_interfaces( Filters=[{ "Name": "group-id", "Values": [sec_group1.id] }])["NetworkInterfaces"] enis_by_group.should.have.length_of(2) set([eni["NetworkInterfaceId"] for eni in enis_by_group]).should.equal(set([eni1.id, eni2.id])) # Filter by ENI ID and Security Group enis_by_group = client.describe_network_interfaces(Filters=[ { "Name": "network-interface-id", "Values": [eni1.id] }, { "Name": "group-id", "Values": [sec_group1.id] }, ])["NetworkInterfaces"] enis_by_group.should.have.length_of(1) set([eni["NetworkInterfaceId"] for eni in enis_by_group]).should.equal(set([eni1.id])) # Filter by Description enis_by_description = client.describe_network_interfaces( Filters=[{ "Name": "description", "Values": [eni3.description] }])["NetworkInterfaces"] enis_by_description.should.have.length_of(1) enis_by_description[0]["Description"].should.equal(eni3.description) # Unsupported filter if not settings.TEST_SERVER_MODE: # ServerMode will just throw a generic 500 filters = [{"Name": "not-implemented-filter", "Values": ["foobar"]}] client.describe_network_interfaces.when.called_with( Filters=filters).should.throw(NotImplementedError)
# your private key. key.save(key_dir) else: raise # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: group = ec2.get_all_security_groups( groupnames=[aws_cfg["group_name"]])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': print 'Creating Security Group: %s' % aws_cfg["group_name"] # Create a security group to control access to instance via SSH. group = ec2.create_security_group( aws_cfg["group_name"], 'A group that allows SSH access') else: raise # Add a rule to the security group to authorize SSH traffic # on the specified port. for port in ["80", aws_cfg["ssh_port"]]: try: group.authorize('tcp', port, port, "0.0.0.0/0") except ec2.ResponseError, e: if e.code == 'InvalidPermission.Duplicate': print 'Security Group: %s already authorized' % aws_cfg[ "group_name"] else: raise
def main(): argument_spec = ec2_argument_spec() argument_spec.update(dict( name=dict(type='str', required=True), description=dict(type='str', required=True), vpc_id=dict(type='str'), rules=dict(type='list'), rules_egress=dict(type='list'), state = dict(default='present', type='str', choices=['present', 'absent']), purge_rules=dict(default=True, required=False, type='bool'), purge_rules_egress=dict(default=True, required=False, type='bool'), ) ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, ) if not HAS_BOTO: module.fail_json(msg='boto required for this module') name = module.params['name'] description = module.params['description'] vpc_id = module.params['vpc_id'] rules = module.params['rules'] rules_egress = module.params['rules_egress'] state = module.params.get('state') purge_rules = module.params['purge_rules'] purge_rules_egress = module.params['purge_rules_egress'] changed = False ec2 = ec2_connect(module) # find the group if present group = None groups = {} for curGroup in ec2.get_all_security_groups(): groups[curGroup.id] = curGroup if curGroup.name in groups: # Prioritise groups from the current VPC if vpc_id is None or curGroup.vpc_id == vpc_id: groups[curGroup.name] = curGroup else: groups[curGroup.name] = curGroup if curGroup.name == name and (vpc_id is None or curGroup.vpc_id == vpc_id): group = curGroup # Ensure requested group is absent if state == 'absent': if group: '''found a match, delete it''' try: if not module.check_mode: group.delete() except Exception as e: module.fail_json(msg="Unable to delete security group '%s' - %s" % (group, e)) else: group = None changed = True else: '''no match found, no changes required''' # Ensure requested group is present elif state == 'present': if group: '''existing group found''' # check the group parameters are correct group_in_use = False rs = ec2.get_all_instances() for r in rs: for i in r.instances: group_in_use |= reduce(lambda x, y: x | (y.name == 'public-ssh'), i.groups, False) if group.description != description: if group_in_use: module.fail_json(msg="Group description does not match, but it is in use so cannot be changed.") # if the group doesn't exist, create it now else: '''no match found, create it''' if not module.check_mode: group = ec2.create_security_group(name, description, vpc_id=vpc_id) # When a group is created, an egress_rule ALLOW ALL # to 0.0.0.0/0 is added automatically but it's not # reflected in the object returned by the AWS API # call. We re-read the group for getting an updated object # amazon sometimes takes a couple seconds to update the security group so wait till it exists while len(ec2.get_all_security_groups(filters={ 'group_id': group.id, })) == 0: time.sleep(0.1) group = ec2.get_all_security_groups(group_ids=(group.id,))[0] changed = True else: module.fail_json(msg="Unsupported state requested: %s" % state) # create a lookup for all existing rules on the group if group: # Manage ingress rules groupRules = {} addRulesToLookup(group.rules, 'in', groupRules) # Now, go through all provided rules and ensure they are there. if rules is not None: for rule in rules: validate_rule(module, rule) group_id, ip, target_group_created = get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id) if target_group_created: changed = True if rule['proto'] in ('all', '-1', -1): rule['proto'] = -1 rule['from_port'] = None rule['to_port'] = None # Convert ip to list we can iterate over if not isinstance(ip, list): ip = [ip] # If rule already exists, don't later delete it for thisip in ip: ruleId = make_rule_key('in', rule, group_id, thisip) if ruleId in groupRules: del groupRules[ruleId] # Otherwise, add new rule else: grantGroup = None if group_id: grantGroup = groups[group_id] if not module.check_mode: group.authorize(rule['proto'], rule['from_port'], rule['to_port'], thisip, grantGroup) changed = True # Finally, remove anything left in the groupRules -- these will be defunct rules if purge_rules: for (rule, grant) in groupRules.itervalues() : grantGroup = None if grant.group_id: if grant.owner_id != group.owner_id: # this is a foreign Security Group. Since you can't fetch it you must create an instance of it group_instance = SecurityGroup(owner_id=grant.owner_id, name=grant.name, id=grant.group_id) groups[grant.group_id] = group_instance groups[grant.name] = group_instance grantGroup = groups[grant.group_id] if not module.check_mode: group.revoke(rule.ip_protocol, rule.from_port, rule.to_port, grant.cidr_ip, grantGroup) changed = True # Manage egress rules groupRules = {} addRulesToLookup(group.rules_egress, 'out', groupRules) # Now, go through all provided rules and ensure they are there. if rules_egress is not None: for rule in rules_egress: validate_rule(module, rule) group_id, ip, target_group_created = get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id) if target_group_created: changed = True if rule['proto'] in ('all', '-1', -1): rule['proto'] = -1 rule['from_port'] = None rule['to_port'] = None # Convert ip to list we can iterate over if not isinstance(ip, list): ip = [ip] # If rule already exists, don't later delete it for thisip in ip: ruleId = make_rule_key('out', rule, group_id, thisip) if ruleId in groupRules: del groupRules[ruleId] # Otherwise, add new rule else: grantGroup = None if group_id: grantGroup = groups[group_id].id if not module.check_mode: ec2.authorize_security_group_egress( group_id=group.id, ip_protocol=rule['proto'], from_port=rule['from_port'], to_port=rule['to_port'], src_group_id=grantGroup, cidr_ip=thisip) changed = True elif vpc_id: # when using a vpc, but no egress rules are specified, # we add in a default allow all out rule, which was the # default behavior before egress rules were added default_egress_rule = 'out--1-None-None-None-0.0.0.0/0' if default_egress_rule not in groupRules: if not module.check_mode: ec2.authorize_security_group_egress( group_id=group.id, ip_protocol=-1, from_port=None, to_port=None, src_group_id=None, cidr_ip='0.0.0.0/0' ) changed = True else: # make sure the default egress rule is not removed del groupRules[default_egress_rule] # Finally, remove anything left in the groupRules -- these will be defunct rules if purge_rules_egress: for (rule, grant) in groupRules.itervalues(): grantGroup = None if grant.group_id: grantGroup = groups[grant.group_id].id if not module.check_mode: ec2.revoke_security_group_egress( group_id=group.id, ip_protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, src_group_id=grantGroup, cidr_ip=grant.cidr_ip) changed = True if group: module.exit_json(changed=changed, group_id=group.id) else: module.exit_json(changed=changed, group_id=None)
def main(): argument_spec = ec2_argument_spec() argument_spec.update( dict( name=dict(), group_id=dict(), description=dict(), vpc_id=dict(), rules=dict(type='list'), rules_egress=dict(type='list'), state=dict(default='present', type='str', choices=['present', 'absent']), purge_rules=dict(default=True, required=False, type='bool'), purge_rules_egress=dict(default=True, required=False, type='bool'), )) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, required_one_of=[['name', 'group_id']], required_if=[['state', 'present', ['name']]], ) if not HAS_BOTO: module.fail_json(msg='boto required for this module') name = module.params['name'] group_id = module.params['group_id'] description = module.params['description'] vpc_id = module.params['vpc_id'] rules = deduplicate_rules_args( rules_expand_sources(rules_expand_ports(module.params['rules']))) rules_egress = deduplicate_rules_args( rules_expand_sources(rules_expand_ports( module.params['rules_egress']))) state = module.params.get('state') purge_rules = module.params['purge_rules'] purge_rules_egress = module.params['purge_rules_egress'] if state == 'present' and not description: module.fail_json(msg='Must provide description when state is present.') changed = False ec2 = ec2_connect(module) # find the group if present group = None groups = {} try: security_groups = ec2.get_all_security_groups() except BotoServerError as e: module.fail_json(msg="Error in get_all_security_groups: %s" % e.message, exception=traceback.format_exc()) for curGroup in security_groups: groups[curGroup.id] = curGroup if curGroup.name in groups: # Prioritise groups from the current VPC if vpc_id is None or curGroup.vpc_id == vpc_id: groups[curGroup.name] = curGroup else: groups[curGroup.name] = curGroup if group_id: if curGroup.id == group_id: group = curGroup else: if curGroup.name == name and (vpc_id is None or curGroup.vpc_id == vpc_id): group = curGroup # Ensure requested group is absent if state == 'absent': if group: # found a match, delete it try: if not module.check_mode: group.delete() except BotoServerError as e: module.fail_json( msg="Unable to delete security group '%s' - %s" % (group, e.message), exception=traceback.format_exc()) else: group = None changed = True else: # no match found, no changes required pass # Ensure requested group is present elif state == 'present': if group: # existing group if group.description != description: module.fail_json( msg= "Group description does not match existing group. ec2_group does not support this case." ) # if the group doesn't exist, create it now else: # no match found, create it if not module.check_mode: group = ec2.create_security_group(name, description, vpc_id=vpc_id) # When a group is created, an egress_rule ALLOW ALL # to 0.0.0.0/0 is added automatically but it's not # reflected in the object returned by the AWS API # call. We re-read the group for getting an updated object # amazon sometimes takes a couple seconds to update the security group so wait till it exists while len( ec2.get_all_security_groups( filters={'group_id': group.id})) == 0: time.sleep(0.1) group = ec2.get_all_security_groups(group_ids=(group.id, ))[0] changed = True else: module.fail_json(msg="Unsupported state requested: %s" % state) # create a lookup for all existing rules on the group if group: # Manage ingress rules groupRules = {} addRulesToLookup(group.rules, 'in', groupRules) # Now, go through all provided rules and ensure they are there. if rules is not None: for rule in rules: validate_rule(module, rule) group_id, ip, target_group_created = get_target_from_rule( module, ec2, rule, name, group, groups, vpc_id) if target_group_created: changed = True if rule['proto'] in ('all', '-1', -1): rule['proto'] = -1 rule['from_port'] = None rule['to_port'] = None # Convert ip to list we can iterate over if not isinstance(ip, list): ip = [ip] # If rule already exists, don't later delete it for thisip in ip: ruleId = make_rule_key('in', rule, group_id, thisip) if ruleId not in groupRules: grantGroup = None if group_id: grantGroup = groups[group_id] if not module.check_mode: group.authorize(rule['proto'], rule['from_port'], rule['to_port'], thisip, grantGroup) changed = True else: del groupRules[ruleId] # Finally, remove anything left in the groupRules -- these will be defunct rules if purge_rules: for (rule, grant) in groupRules.values(): grantGroup = None if grant.group_id: if grant.owner_id != group.owner_id: # this is a foreign Security Group. Since you can't fetch it you must create an instance of it group_instance = SecurityGroup(owner_id=grant.owner_id, name=grant.name, id=grant.group_id) groups[grant.group_id] = group_instance groups[grant.name] = group_instance grantGroup = groups[grant.group_id] if not module.check_mode: group.revoke(rule.ip_protocol, rule.from_port, rule.to_port, grant.cidr_ip, grantGroup) changed = True # Manage egress rules groupRules = {} addRulesToLookup(group.rules_egress, 'out', groupRules) # Now, go through all provided rules and ensure they are there. if rules_egress is not None: for rule in rules_egress: validate_rule(module, rule) group_id, ip, target_group_created = get_target_from_rule( module, ec2, rule, name, group, groups, vpc_id) if target_group_created: changed = True if rule['proto'] in ('all', '-1', -1): rule['proto'] = -1 rule['from_port'] = None rule['to_port'] = None # Convert ip to list we can iterate over if not isinstance(ip, list): ip = [ip] # If rule already exists, don't later delete it for thisip in ip: ruleId = make_rule_key('out', rule, group_id, thisip) if ruleId in groupRules: del groupRules[ruleId] # Otherwise, add new rule else: grantGroup = None if group_id: grantGroup = groups[group_id].id if not module.check_mode: ec2.authorize_security_group_egress( group_id=group.id, ip_protocol=rule['proto'], from_port=rule['from_port'], to_port=rule['to_port'], src_group_id=grantGroup, cidr_ip=thisip) changed = True else: # when no egress rules are specified, # we add in a default allow all out rule, which was the # default behavior before egress rules were added default_egress_rule = 'out--1-None-None-None-0.0.0.0/0' if default_egress_rule not in groupRules: if not module.check_mode: ec2.authorize_security_group_egress(group_id=group.id, ip_protocol=-1, from_port=None, to_port=None, src_group_id=None, cidr_ip='0.0.0.0/0') changed = True else: # make sure the default egress rule is not removed del groupRules[default_egress_rule] # Finally, remove anything left in the groupRules -- these will be defunct rules if purge_rules_egress: for (rule, grant) in groupRules.values(): grantGroup = None if grant.group_id: grantGroup = groups[grant.group_id].id if not module.check_mode: ec2.revoke_security_group_egress( group_id=group.id, ip_protocol=rule.ip_protocol, from_port=rule.from_port, to_port=rule.to_port, src_group_id=grantGroup, cidr_ip=grant.cidr_ip) changed = True if group: module.exit_json(changed=changed, group_id=group.id) else: module.exit_json(changed=changed, group_id=None)
def deploy(): ec2 = boto.ec2.connect_to_region('us-east-1', aws_access_key_id='', aws_secret_access_key='') ec2_key_pair = ec2.get_key_pair("key_pair") print ec2_key_pair if ec2_key_pair == None: ec2_key_pair = ec2.create_key_pair("key_pair") ec2_key_pair.save(".") group = ec2.get_all_security_groups(filters={'group-name': 'group'}) if not group: group = ec2.create_security_group("csc326-groupg326-2-006", "a group for ec2") group.authorize("icmp", -1, -1, "0.0.0.0/0") group.authorize("tcp", 22, 22, "0.0.0.0/0") group.authorize("tcp", 80, 80, "0.0.0.0/0") group.authorize('tcp', 8080, 8080, '0.0.0.0/0') else: group = group[0] instances = ec2.get_only_instances() runninginstances = [i for i in instances if i.state == 'running'] instance = None if not instances or (instances and not runninginstances): instances = ec2.run_instances( image_id='ami-8caa1ce4', key_name='key_pair', security_groups=['csc326-groupg326-2-006'], instance_type='t1.micro') instances = instances.instances[0] else: instances = instances[0] instance = instances print "Waiting for instance to be ready to run.." while instance.update() != 'running': time.sleep(10) print "Instance is ready and running" os.system("ssh -i key_pair.pem ubuntu@%s sudo apt-get update" % (instance.ip_address)) os.system( "ssh -i key_pair.pem ubuntu@%s sudo apt-get install -y python-pip" % (instance.ip_address)) os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install bottle" % (instance.ip_address)) os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install beaker" % (instance.ip_address)) os.system( "ssh -i key_pair.pem ubuntu@%s sudo pip install google-api-python-client" % (instance.ip_address)) os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install oauth2client" % (instance.ip_address)) os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install BeautifulSoup4" % (instance.ip_address)) os.system("ssh -i key_pair.pem ubuntu@%s sudo pip install BeautifulSoup4" % (instance.ip_address)) os.system("ssh -i key_pair.pem ubuntu@%s mkdir app" % (instance.ip_address)) os.system("scp -i key_pair.pem ~/RandomSearch/Lab2/* ubuntu@%s:~/app" % (instance.ip_address)) os.system( "ssh -i key_pair.pem ubuntu@%s sudo nohup python app/frontEnd.py" % (instance.ip_address)) #elasticIPaddr = ec2.allocate_address() #elasticIPaddr.associate(instance.id) return instance.ip_address
def launch_spot_instance(id, profile, spot_wait_sleep=5, instance_wait_sleep=3): ec2 = boto.ec2.connect_to_region(profile['region']) if not 'key_pair' in profile: print('key pair {0} does not exist'.format(profile['key_pair'][0])) profile['key_pair'] = ('KP-' + id, 'KP-' + id + '.pem') try: print >> sys.stderr, 'Creating key pair...', keypair = ec2.create_key_pair('KP-' + id) keypair.save('.') print >> sys.stderr, 'created' except boto.exception.EC2ResponseError as e: if e.code == 'InvalidKeyPair.Duplicate': print >> sys.stderr, 'already exists' else: raise e if not 'security_group' in profile: try: print >> sys.stderr, 'Creating security group...', sc = ec2.create_security_group('SG-' + id, 'Security Group for ' + id) for proto, fromport, toport, ip in profile['firewall']: sc.authorize(proto, fromport, toport, ip) profile['security_group'] = (sc.id, sc.name) print >> sys.stderr, 'created' except boto.exception.EC2ResponseError as e: if e.code == 'InvalidGroup.Duplicate': print >> sys.stderr, 'already exists' sc = ec2.get_all_security_groups(groupnames=['SG-' + id])[0] profile['security_group'] = (sc.id, sc.name) else: raise e existing_requests = ec2.get_all_spot_instance_requests( filters={ 'launch.group-id': profile['security_group'][0], 'state': ['open', 'active'] }) if existing_requests: if len(existing_requests) > 1: raise Exception('Too many existing spot requests') print >> sys.stderr, 'Reusing existing spot request' spot_req_id = existing_requests[0].id else: bdm = boto.ec2.blockdevicemapping.BlockDeviceMapping() bdm['/dev/sda1'] = boto.ec2.blockdevicemapping.BlockDeviceType( volume_type='gp2', size=profile['disk_size'], delete_on_termination=profile['disk_delete_on_termination']) bdm['/dev/sdb'] = boto.ec2.blockdevicemapping.BlockDeviceType( ephemeral_name='ephemeral0') print >> sys.stderr, 'Requesting spot instance' spot_reqs = ec2.request_spot_instances( price=profile['price'], image_id=profile['image_id'], instance_type=profile['type'], placement=profile['region'] + profile['availability_zone'], security_groups=[profile['security_group'][1]], key_name=profile['key_pair'][0], block_device_map=bdm, instance_profile_arn= 'arn:aws:iam::720533437540:instance-profile/ec2_ml') spot_req_id = spot_reqs[0].id print >> sys.stderr, 'Waiting for launch', instance_id = None spot_tag_added = False while not instance_id: spot_req = ec2.get_all_spot_instance_requests( request_ids=[spot_req_id])[0] if not spot_tag_added: spot_req.add_tag('Name', id) spot_tag_added = True if spot_req.state == 'failed': # print(dir(spot_req)) raise Exception('spto request failed') print('Spot request failed - {0}'.format(spot_req.status)) sys.exit(0) instance_id = spot_req.instance_id if not instance_id: print >> sys.stderr, '.', time.sleep(spot_wait_sleep) print >> sys.stderr print >> sys.stderr, 'Retrieving instance by id' reservations = ec2.get_all_instances(instance_ids=[instance_id]) instance = reservations[0].instances[0] instance.add_tag('Name', id) print >> sys.stderr, 'Got instance: ' + str( instance.id) + ' [' + instance.state + ']' print >> sys.stderr, 'Waiting for instance to boot', while not instance.state in ['running', 'terminated', 'shutting-down']: print >> sys.stderr, '.', time.sleep(instance_wait_sleep) instance.update() print >> sys.stderr if instance.state != 'running': raise Exception('Instance was terminated') return instance
key = ec2.get_all_key_pairs(keynames=[key_name])[0] except ec2.ResponseError, e: if e.code == 'InvalidKeyPair.NotFound': print e.code else: raise # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: group = ec2.get_all_security_groups(groupnames=[group_name])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': print e.code group = ec2.create_security_group(group_name, group_description) else: raise # Add a rule to the security group to authorize SSH traffic # on the specified port. try: group.authorize(ip_protocol='icmp',from_port=-1, to_port=-1, cidr_ip='0.0.0.0/0') group.authorize(ip_protocol='tcp',from_port=22, to_port=22, cidr_ip='0.0.0.0/0') group.authorize(ip_protocol='tcp',from_port=80, to_port=80, cidr_ip='0.0.0.0/0') except ec2.ResponseError, e: if e.code == 'InvalidPermission.Duplicate': print e.code else: raise
# check the group parameters are correct group_in_use = False rs = ec2.get_all_instances() for r in rs: for i in r.instances: group_in_use |= reduce(lambda x, y: x | (y.name == 'public-ssh'), i.groups, False) if group.description != description: if group_in_use: module.fail_json(msg="Group description does not match, but it is in use so cannot be changed.") # if the group doesn't exist, create it now else: '''no match found, create it''' if not module.check_mode: group = ec2.create_security_group(name, description, vpc_id=vpc_id) # When a group is created, an egress_rule ALLOW ALL # to 0.0.0.0/0 is added automatically but it's not # reflected in the object returned by the AWS API # call. We re-read the group for getting an updated object # amazon sometimes takes a couple seconds to update the security group so wait till it exists while len(ec2.get_all_security_groups(filters={ 'group_id': group.id, })) == 0: time.sleep(0.1) group = ec2.get_all_security_groups(group_ids=(group.id,))[0] changed = True else: module.fail_json(msg="Unsupported state requested: %s" % state) # create a lookup for all existing rules on the group
except ec2.ResponseError, e: if e.code == 'InvalidKeyPair.NotFound': print 'Creating keypair %s' %key_name key = ec2.create_key_pair(key_name) key.save(key_dir) else: raise # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: group = ec2.get_all_security_groups(groupnames=[group_name])[0] except ec2.ResponseError, e: if e.code == "InvalidGroup.NotFound": print 'Creating Security group: %s' %group_name group = ec2.create_security_group(group_name, "Allow SSH") else: raise #Add SSH rule to Security group try: group.authorize('tcp',ssh_port,ssh_port, cidr) except ec2.ResponseError, e: if e.code == 'InvalidPermission.Duplicate': print 'Security group %s already authorized' % group_name else: raise # Now start up the instance. The run_instances method # has many, many parameters but these are all we need # for now. reservation = ec2.run_instances(ami, key_name=key_name,
key.save(directory_path=env.ssh_directory) else: raise # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: ec2_group = ec2.get_all_security_groups( groupnames=[env.aws_ec2_security_group_name])[0] # noqa except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': print 'Creating EC2 Security Group: %s' % env.aws_ec2_security_group_name # Create a security group to control access to instance via SSH. ec2_group = ec2.create_security_group( env.aws_ec2_security_group_name, 'A group that allows SSH and HTTP access') else: raise # Add a rule to the security group to authorize SSH traffic # on the specified port. for port in ["80", env.aws_ssh_port]: try: ec2_group.authorize('tcp', port, port, "0.0.0.0/0") except ec2.ResponseError, e: if e.code == 'InvalidPermission.Duplicate': print 'Security Group: %s already authorized' % env.aws_ec2_security_group_name # noqa else: raise
"-d", "--description", help= "Override the groups description [default: group name + 'security group']") parser.add_argument( "--vpc_id", help="The ID of the VPC to create the security group in, if any.") args = parser.parse_args() # process common command line arguments log = logging.getLogger('botocross') bc.configure_logging(log, args.log_level) credentials = bc.parse_credentials(args) regions = bc.filter_regions(boto.ec2.regions(), args.region) # execute business logic log.info("Creating EC2 security groups named '" + args.group + "':") description = args.description if args.description else args.group + " security group" for region in regions: pprint(region.name, indent=2) try: ec2 = boto.connect_ec2(region=region, **credentials) group = ec2.create_security_group(args.group, description=description, vpc_id=args.vpc_id) print group.id except boto.exception.BotoServerError, e: log.error(e.error_message)
""" for region in boto.ec2.regions(): print 'Creating Security Group in %s region' %region.name ec2 = region.connect() # Check to see if specified security group already exists in this region # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: group = ec2.get_all_security_groups(groupnames= [args.security_group_name])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': print 'Creating Security Group: %s' % args.security_group_name # Create a security group to control access to instance via SSH. group = ec2.create_security_group(args.security_group_name, 'Lakitu First Server Security Group') else: raise # Add a rule to the security group to authorize SSH traffic # on the specified port. try: group.authorize('tcp', ssh_port, ssh_port, cidr) except ec2.ResponseError, e: if e.code == 'InvalidPermission.Duplicate': print 'Security Group: %s already authorized' \ %args.security_group_name else: raise
# The save method will also chmod the file to protect # your private key. key.save(directory_path=env.ssh_directory) else: raise # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: ec2_group = ec2.get_all_security_groups(groupnames=[env.aws_ec2_security_group_name])[0] # noqa except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': print 'Creating EC2 Security Group: %s' % env.aws_ec2_security_group_name # Create a security group to control access to instance via SSH. ec2_group = ec2.create_security_group(env.aws_ec2_security_group_name, 'A group that allows SSH and HTTP access') else: raise # Add a rule to the security group to authorize SSH traffic # on the specified port. for port in ["80", env.aws_ssh_port]: try: ec2_group.authorize('tcp', port, port, "0.0.0.0/0") except ec2.ResponseError, e: if e.code == 'InvalidPermission.Duplicate': print 'Security Group: %s already authorized' % env.aws_ec2_security_group_name # noqa else: raise @task
# The save method will also chmod the file to protect # your private key. key.save(key_dir) else: raise # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: group = ec2.get_all_security_groups(groupnames=[aws_cfg["group_name"]])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': print 'Creating Security Group: %s' % aws_cfg["group_name"] # Create a security group to control access to instance via SSH. group = ec2.create_security_group(aws_cfg["group_name"], 'A group that allows SSH access') else: raise # Add a rule to the security group to authorize SSH traffic # on the specified port. for port in ["80", aws_cfg["ssh_port"]]: try: group.authorize('tcp', port, port, "0.0.0.0/0") except ec2.ResponseError, e: if e.code == 'InvalidPermission.Duplicate': print 'Security Group: %s already authorized' % aws_cfg["group_name"] else: raise # postgres authorization
net2 = vpcCon.create_subnet(vpcid, "10.0.2.0/24") net3 = vpcCon.create_subnet(vpcid, "10.0.3.0/24") net4 = vpcCon.create_subnet(vpcid, "10.0.4.0/24") print "subnet ", net1.id, " was created" print "subnet ", net2.id, " was created" print "subnet ", net3.id, " was created" print "subnet ", net4.id, " was created" import boto.ec2 print "begin create security group" ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key) net1_group = ec2.create_security_group('net1', 'Our net1 Group', vpc_id=vpcid) net2_group = ec2.create_security_group('net2', 'Our net2 Group', vpc_id=vpcid) net3_group = ec2.create_security_group('net3', 'Our net3 Group', vpc_id=vpcid) net4_group = ec2.create_security_group('net4', 'Our net3 Group', vpc_id=vpcid) print "begin add authorize to security" b = net1_group.authorize("tcp", from_port=0, to_port=65535, cidr_ip="0.0.0.0/0") b = net1_group.authorize("udp", from_port=0, to_port=65535, cidr_ip="0.0.0.0/0") b = net2_group.authorize("tcp",
# The save method will also chmod the file to protect # your private key. key.save(directory_path=env.ssh_directory) else: raise # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: group = ec2.get_all_security_groups(groupnames=[env.aws_security_group_name])[0] # noqa except ec2.ResponseError, e: if e.code == "InvalidGroup.NotFound": print "Creating Security Group: %s" % env.aws_security_group_name # Create a security group to control access to instance via SSH. group = ec2.create_security_group(env.aws_security_group_name, "A group that allows SSH access") else: raise # Add a rule to the security group to authorize SSH traffic # on the specified port. for port in ["80", env.aws_ssh_port]: try: group.authorize("tcp", port, port, "0.0.0.0/0") except ec2.ResponseError, e: if e.code == "InvalidPermission.Duplicate": print "Security Group: %s already authorized" % env.aws_security_group_name # noqa else: raise # postgres authorization
# AWS will store the public key but the private key is # generated and returned and needs to be stored locally. # The save method will also chmod the file to protect # your private key. key.save(key_dir) else: raise # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: group = ec2.get_all_security_groups(groupnames=[group_name])[0] except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': print 'Creating Security Group: %s' % group_name # Create a security group to control access to instance via SSH. group = ec2.create_security_group( group_name, 'A group that allows SSH access') else: raise # Add a rule to the security group to authorize SSH traffic # on the specified port. try: group.authorize('tcp', ssh_port, ssh_port, cidr) except ec2.ResponseError, e: if e.code == 'InvalidPermission.Duplicate': print 'Security Group: %s already authorized' % group_name else: raise # Now start up the instance. The run_instances method # has many, many parameters but these are all we need # for now. reservation = ec2.run_instances(ami, key_name=key_name,
image_id = regionToAMIs[region_name] print(u"Connecting to EC2 in region %s" % region_name) ec2 = boto.ec2.connect_to_region(region_name=region_name, aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key) print(u"Establishing security group voodoovpn") voodoovpngroup_name = u'voodoovpn' matching_security_groups = [sg for sg in ec2.get_all_security_groups() if sg.name==voodoovpngroup_name] if len(matching_security_groups) > 0: print(u"Found security group voodoovpn") voodoovpngroup = matching_security_groups[0] else: print(u"Creating security group voodoovpn") voodoovpngroup = ec2.create_security_group(voodoovpngroup_name,'Voodoo VPN access') voodoovpngroup.authorize('tcp',500,500,'0.0.0.0/0') voodoovpngroup.authorize('udp',500,500,'0.0.0.0/0') voodoovpngroup.authorize('udp',4500,4500,'0.0.0.0/0') if key_name is not None: # open an ssh port, if we provided an ssh key voodoovpngroup.authorize('tcp',22,22,'0.0.0.0/0') voodoovpngroup.authorize('udp',22,22,'0.0.0.0/0') print(u"Generating VPN credentials") # generate IPSEC_PSK, VPN_USER = '******' IPSEC_PSK = ''.join(random.choice(string.ascii_lowercase + string.ascii_uppercase + string.digits ) for x in range(32)) VPN_PASSWORD = ''.join(random.choice(string.ascii_lowercase + string.ascii_uppercase + string.digits ) for x in range(32))
parser.add_argument("--vpc_id", help="The ID of the VPC to create the security group in, if any.") parser.add_argument("-r", "--region", help="A region substring selector (e.g. 'us-west')") parser.add_argument("--access_key_id", dest='aws_access_key_id', help="Your AWS Access Key ID") parser.add_argument("--secret_access_key", dest='aws_secret_access_key', help="Your AWS Secret Access Key") args = parser.parse_args() credentials = {'aws_access_key_id': args.aws_access_key_id, 'aws_secret_access_key': args.aws_secret_access_key} def isSelected(region): return True if region.name.find(args.region) != -1 else False # execute business logic heading = "Creating EC2 security groups named '" + args.group + "'" regions = boto.ec2.regions() if args.region: heading += " (filtered by region '" + args.region + "')" regions = filter(isSelected, regions) description = args.description if args.description else args.group + " security group" print heading + ":" for region in regions: pprint(region.name, indent=2) try: ec2 = boto.connect_ec2(region=region, **credentials) print 'Creating security group ' + args.group group = ec2.create_security_group(args.group, description=description, vpc_id=args.vpc_id) print('... group ID is ' + group.id) except boto.exception.BotoServerError, e: print e.error_message
# it means that it doesn't exist and we need to create it. try: print ec2.get_all_security_groups() group = ec2.get_all_security_groups(filters={'group-name': group_name})[0] except IndexError: create_group = True except ec2.ResponseError, e: if e.code == 'InvalidGroup.NotFound': create_group = True else: raise if create_group: print 'Creating Security Group: %s' % group_name # Create a security group to control access to instance via SSH. group = ec2.create_security_group(group_name, 'A group that allows SSH access', vpc_id="vpc-9b04b5fe") # Add a rule to the security group to authorize SSH traffic # on the specified port. try: group.authorize('tcp', ssh_port, ssh_port, cidr) # Add a range of ports for MongoDB group.authorize('tcp', 27010, 27050, cidr) except ec2.ResponseError, e: if e.code == 'InvalidPermission.Duplicate': print 'Security Group: %s already authorized' % group_name else: raise # Now start up the instance. The run_instances and spot_instances # methods have many, many parameters but these are all we need
key.save(static.KEY_DIR) else: raise # Check to see if specified security group already exists. # If we get an InvalidGroup.NotFound error back from EC2, # it means that it doesn't exist and we need to create it. try: group = ec2.get_all_security_groups(groupnames=[static.SECURITY_GROUP_NAME])[0] except ec2.ResponseError, e: if e.code == "InvalidGroup.NotFound": output = "Creating Security Group: %s" % static.SECURITY_GROUP_NAME print output logger.info(output) # Create a security group to control access to instance via SSH. group = ec2.create_security_group(static.SECURITY_GROUP_NAME, "A group that allows SSH and HTTP access") else: raise # Add a rule to the security group to authorize SSH traffic on the specified port. try: group.authorize("tcp", static.SSH_PORT, static.SSH_PORT, static.CIDR_ANYONE) group.authorize("tcp", static.HTTPD_PORT, static.HTTPD_PORT, static.CIDR_ANYONE) except ec2.ResponseError, e: if e.code == "InvalidPermission.Duplicate": # print 'Security Group %s already authorized' % static.SECURITY_GROUP_NAME pass else: raise # Now start up the instance. The run_instances method