def getPrivateIpFromPublicName(self, name):
auth = AWSV4Sign(self.credentials, self.region, self.service)
response = requests.get(
'{0}/1/get-private-ip-from-public?name={1}'.format(self.url, name),
auth=auth)
payload = json.loads(response.content.decode("utf-8"))
return payload['private_ips']
def call_nightlatch(session, url):
credentials = session.get_credentials()
region = url.split('execute-api.')[1].split('.amazonaws.com')[0]
service = 'execute-api'
auth = AWSV4Sign(credentials, region, service)
response = requests.get(url, auth=auth)
print(response)
def __init__(self, url, auto_commit_interval=DEFAULT_COMMIT_INTERVAL,
unique_key='_id', chunk_size=DEFAULT_MAX_BULK,
meta_index_name="mongodb_meta", meta_type="mongodb_meta",
attachment_field="content", **kwargs):
aws = kwargs.get('aws', {'access_id': '', 'secret_key': '', 'region': 'us-east-1'})
client_options = kwargs.get('clientOptions', {})
if 'aws' in kwargs:
if _HAS_AWS is False:
raise ConfigurationError('aws extras must be installed to sign Elasticsearch requests')
aws_args = kwargs.get('aws', {'region': 'us-east-1'})
aws = aws_session.Session()
if 'access_id' in aws_args and 'secret_key' in aws_args:
aws = aws_session.Session(
aws_access_key_id = aws_args['access_id'],
aws_secret_access_key = aws_args['secret_key'])
credentials = aws.get_credentials()
region = aws.region_name or aws_args['region']
aws_auth = AWSV4Sign(credentials, region, 'es')
client_options['http_auth'] = aws_auth
client_options['use_ssl'] = True
client_options['verify_certs'] = True
client_options['connection_class'] = es_connection.RequestsHttpConnection
self.elastic = Elasticsearch(
hosts=[url], **client_options)
self.auto_commit_interval = auto_commit_interval
self.meta_index_name = meta_index_name
self.meta_type = meta_type
self.unique_key = unique_key
self.chunk_size = chunk_size
if self.auto_commit_interval not in [None, 0]:
self.run_auto_commit()
self._formatter = DefaultDocumentFormatter()
self.has_attachment_mapping = False
self.attachment_field = attachment_field
def send_request(payload, method):
session = boto3.Session()
credentials = session.get_credentials()
# sigv4 credentials must be scoped to the correct api-gateway region. Parse region from
# cidr vending machine api - gateway endpoint : https://{api-id}.execute-api.{region}.amazonaws.com.
uri = os.environ['VENDING_MACHINE_API']
region = uri.split('.')[2]
headers = {"Content-Type": "application/json"}
service = 'execute-api'
auth = AWSV4Sign(credentials, region, service)
payload['region'] = session.region_name
if method in ['POST', 'PATCH', 'DELETE']:
if method == 'POST':
response = requests.post(uri,
auth=auth,
headers=headers,
params=payload)
elif method == 'PATCH':
response = requests.patch(uri,
auth=auth,
headers=headers,
params=payload)
elif method == 'DELETE':
response = requests.delete(uri,
auth=auth,
headers=headers,
params=payload)
return response
else:
raise ValueError("Invalid HTTP method: {} ".format(method))
def handler(event, context):
"""
Handler for APIGATEWAY request
:param event: api gateway msg/event
:param context: context of event
:return: returns fqdn from api gateway requests
"""
if event:
session = boto3.session.Session()
credentials = session.get_credentials()
# You must provide an AWS region
region = session.region_name or 'us-west-2'
service = 'apigateway'
auth = AWSV4Sign(credentials, region, service)
endpoint = 'https://apigateway.us-west-2.amazonaws.com/apikeys'
r = requests.get(endpoint, auth=auth)
l = r.json()['_embedded']['item']
for item in l:
print(item['id'])
usage_ids = requests.get(
f"https://apigateway.us-west-2.amazonaws.com/usageplans?keyId={item['id']}",
auth=auth)
usages = usage_ids.json()['_embedded']['item']
usage_details = requests.get(
f"https://apigateway.us-west-2.amazonaws.com//usageplans/{usages['id']}/usage?startDate=2020-04-01&endDate=2020-04-30",
auth=auth)
print(usage_details.json())
#return response(msg=f"keys are: {r.content}", statuscode=r.status_code)
else:
return response(msg=f"Input message is null\n.", statuscode=200)
def create_aws_auth(aws_args):
try:
aws_session = session.Session(**convert_aws_args(aws_args))
except TypeError as exc:
raise errors.InvalidConfiguration(
'Elastic DocManager unknown aws config option: %s' % (exc, ))
return AWSV4Sign(aws_session.get_credentials(), aws_session.region_name
or DEFAULT_AWS_REGION, 'es')
def __init__(self, configuration):
super(AmazonElasticsearchService, self).__init__(configuration)
region = configuration['region']
cred = None
if configuration.get('use_aws_iam_profile', False):
cred = credentials.get_credentials(session.Session())
else:
cred = credentials.Credentials(
access_key=configuration.get('access_key', ''),
secret_key=configuration.get('secret_key', ''))
self.auth = AWSV4Sign(cred, region, 'es')
def __init__(self, configuration):
super(AmazonElasticsearchService, self).__init__(configuration)
region = configuration["region"]
cred = None
if configuration.get("use_aws_iam_profile", False):
cred = credentials.get_credentials(session.Session())
else:
cred = credentials.Credentials(
access_key=configuration.get("access_key", ""),
secret_key=configuration.get("secret_key", ""),
)
self.auth = AWSV4Sign(cred, region, "es")
def render_react(app, props=None):
kwargs = {
'headers': {
'Content-Type': 'application/json'
},
'json': {
'app': app,
'props': props or {}
},
}
local = json.loads(settings.REACT_LOCAL)
if not local:
# include aws creds in request
creds = boto3.session.Session().get_credentials()
auth = AWSV4Sign(creds, 'us-east-1', 'execute-api')
kwargs.update({'auth': auth})
kwargs['json']['props'].update({'aws': 'direct'})
resp = requests.post(settings.REACT_URL, **kwargs)
return format_response(resp.json())
def send_data(data, connection_id):
endpoint = "https://{api_id}.execute-api.{region}.amazonaws.com/{stage}/@connections/{connection_id}"
session = boto3.Session()
credentials = session.get_credentials()
api_id = get_api_id()
fe = endpoint.format(connection_id=quote(connection_id),
api_id=api_id,
region=session.region_name,
stage="prod")
# ak = "AKIAI2VOK2U3MAWQFZSA"
# sk = "DHfNU5C2fqhS6CB0gdLCZqPqheqAdiMFS9A9jTVN"
auth = AWSV4Sign(credentials, session.region_name, 'execute-api')
resp = requests.post(fe, json=data, auth=auth)
if resp.status_code != 200:
raise Exception("Failed data post: {}:{}".format(
resp.status_code, resp.text))
def __get_accounts_from_appsync(plugin_config: dict):
"""Make the call to get the aws accounts."""
endpoint = plugin_config.get('appsync_url', None)
if endpoint is None or endpoint == '':
safe_print(
'AppSync URL Not Configured. Cheack the README for instructions.')
return {}
query = 'query {listAccounts {items {id name}}}'
headers = {"Content-Type": "application/json"}
payload = {"query": query}
service = 'appsync'
appsync_region = __parse_region_from_url(endpoint) or region
auth = AWSV4Sign(credentials, appsync_region, service)
try:
appsync_accounts = requests.post(endpoint,
auth=auth,
json=payload,
headers=headers).json()
if 'errors' in appsync_accounts:
safe_print('Error attempting to query AppSync', color=ERROR_COLOR)
err = appsync_accounts['errors'][0]
if 'errorType' in err and 'message' in err:
errorType = err['errorType']
errorMessage = err['message']
safe_print(f'\t{errorType}: {errorMessage}', color=ERROR_COLOR)
return {}
else:
appsync_accounts = appsync_accounts['data']['listAccounts'][
'items']
if appsync_accounts is not None:
__write_cache(appsync_accounts)
except Exception as exception:
appsync_accounts = {}
safe_print("Cannot make the request to AppSync: ")
safe_print(str(exception))
safe_print("Make sure you are authorized to make the request")
return appsync_accounts
def get_es_client(host, port):
# Establish credentials
# msession = boto3.session.Session()
msession = boto3.session.Session(
aws_access_key_id=os.environ.get('ACCESS_KEY_ID'),
aws_secret_access_key=os.environ.get('SECRET_ACCESS_KEY'))
credentials = msession.get_credentials()
region = msession.region_name or 'eu-west-1'
# Elasticsearch settings
service = 'es'
auth = AWSV4Sign(credentials, region, service)
es_client = Elasticsearch(host=host,
port=int(port),
connection_class=RequestsHttpConnection,
http_auth=auth,
use_ssl=False,
verify_ssl=False)
if es_client.info() is not None:
return es_client
else:
print('ES Client couldn\'t be created successfully in get_es_client()')
return None
def __init__(self, upload=False, get_sentiment=False):
# Connect to s3
self.s3 = boto3.client(service_name='s3')
# Establish credentials
session_var = boto3.session.Session()
credentials = session_var.get_credentials()
awsauth = AWSV4Sign(credentials, region_name, 'es')
# Connect to es
self.es = Elasticsearch(host=es_endpoint,
port=443,
connection_class=RequestsHttpConnection,
http_auth=awsauth,
use_ssl=True,
verify_ssl=True)
self.upload = upload
if self.upload and not self.es.indices.exists(index=self.es_index):
logger.info('Creating mapping...')
self.es.indices.create(index=self.es_index,
body={'mappings': self.mapping})
if get_sentiment:
self.comprehend = boto3.client(service_name='comprehend')
else:
self.comprehend = None
def lambda_handler(event, context):
# Establish credentials
session_var = session.Session()
credentials = session_var.get_credentials()
region = session_var.region_name or aws_region
# Check to see if this event is a task event and, if so, if it contains
# information about an event failure. If so, send an SNS notification.
if "detail-type" not in event:
raise ValueError(
"ERROR: event object is not a valid CloudWatch Logs event")
else:
if event["detail-type"] == "ECS Task State Change":
detail = event["detail"]
if detail["lastStatus"] == "STOPPED":
if detail[
"stoppedReason"] == "Essential container in task exited":
# Send an error status message.
sns_client = client('sns')
sns_client.publish(
TopicArn=sns_topic,
Subject="ECS task failure detected for container",
Message=json.dumps(detail))
# Send msg to slack_webhookurl
url = slack_webhookurl
Subject = "ECS task failure detected for container",
Message = json.dumps(detail)
messagedata = json.loads(Message)
# Break out Cloudwatch payload into variables that we use
taskArn = messagedata['taskArn']
desiredStatus = messagedata['desiredStatus']
lastStatus = messagedata['lastStatus']
stoppedReason = messagedata['stoppedReason']
clusterArn = messagedata['clusterArn']
# Get service name
serviceName = messagedata['containers'][0]['name']
taskDefinitionArn = messagedata['taskDefinitionArn']
#Only post to slack with specific data from cloudwatch ##
payload = {
'channel':
slack_channel,
'username':
slack_username,
'text':
'%s \n Task ARN: %s \n Desired Status: %s \n Last Status: %s \n Stopped Reason: %s \n Cluster ARN: %s \n Service: %s '
% (Subject, taskArn, desiredStatus, lastStatus,
stoppedReason, clusterArn, serviceName),
'icon_emoji':
'ghostwn:',
'username':
slack_username,
'channel':
slack_channel
}
headers = {"content-type": "application/json"}
r = requests.put(url,
data=json.dumps(payload),
headers=headers)
print r.status_code
print r.content
note = "Post of data to slack was attempted"
# Elasticsearch connection. Note that you must sign your requests in order
# to call the Elasticsearch API anonymously. Use the requests_aws_sign
# package for this.
service = 'es'
auth = AWSV4Sign(credentials, region, service)
es_client = Elasticsearch(host=es_host,
port=443,
connection_class=RequestsHttpConnection,
http_auth=auth,
use_ssl=True,
verify_ssl=True)
es_client.index(index="ecs-index", doc_type="eventstream", body=event)
scheduler_table = dynamodb.Table('v486121-GPS-PathFinder-Scheduler-Table-' + env)
validation_table = dynamodb.Table('v486121-GPS-PathFinder-Validation-Rules-' + env)
response = scheduler_table.scan()
schedule_data = eval(json.dumps(response))
response = validation_table.scan()
validate_data = eval(json.dumps(response))
#########################Create elasticsearch session instance###################################
session = session.Session()
credentials = session.get_credentials()
region = 'us-east-1'
service = 'es'
auth = AWSV4Sign(credentials, region, service)
try:
es = Elasticsearch(host=host,
port=443,
connection_class=RequestsHttpConnection,
http_auth=auth,
use_ssl=True,
verify_ssl=True,
timeout=30,
max_retries=10,
retry_on_timeout=True
)
except Exception, err:
print('Creating elasticsearch instance failed because : '+str(err))
def request(self, method, url,
params=None,
data=None,
headers=None,
cookies=None,
files=None,
timeout=None,
allow_redirects=True,
proxies=None,
hooks=None,
stream=None,
verify=True,
cert=None,
json=None):
"""Constructs and sends a :class:`Request <Request>`.
:param method: method for the new :class:`Request` object.
:param url: URL for the new :class:`Request` object.
:param params: (optional) Dictionary or bytes to be sent in the
query string for the :class:`Request`.
:param data: (optional) Dictionary, bytes, or file-like object to
send in the body of the :class:`Request`.
:param json: (optional) json data to send in the body of
the :class:`Request`.
:param headers: (optional) Dictionary of HTTP Headers to send
with the :class:`Request`.
:param cookies: (optional) Dict or CookieJar object to send
with the :class:`Request`.
:param files: (optional) Dictionary of ``'name': file-like-objects``
(or ``{'name': ('filename', fileobj)}``) for multipart
encoding upload.
:param timeout: (optional) How long to wait for the server to send data
before giving up, as a float, or a :ref:`(connect timeout, read
timeout) <timeouts>` tuple.
:type timeout: float or tuple
:param allow_redirects: (optional) Boolean. Set to True if
POST/PUT/DELETE redirect following is allowed.
:type allow_redirects: bool
:param proxies: (optional) Dictionary mapping protocol to the
URL of the proxy.
:param verify: (optional) if ``True``, the SSL cert will be verified.
A CA_BUNDLE path can also be provided.
:param stream: (optional) if ``False``, the response content will be
immediately downloaded.
:param cert: (optional) if String, path to ssl client cert file
(.pem). If Tuple, ('cert', 'key') pair.
:return: :class:`Response <Response>` object
:rtype: requests.Response
"""
auth = AWSV4Sign(self.creds, self.region, self.service)
session = requests.sessions.Session()
req = requests.Request(
method,
url,
data=data,
headers=headers,
params=params,
cookies=cookies,
files=files,
auth=auth,
json=json,
hooks=hooks)
prepped = req.prepare()
response = session.send(prepped,
stream=stream,
verify=verify,
proxies=proxies,
cert=cert,
timeout=timeout,
allow_redirects=allow_redirects
)
session.close()
return response
def handler(event, context):
"""
Handler for APIGATEWAY request
:param event: api gateway msg/event
:param context: context of event
:return: returns fqdn from api gateway requests
"""
if event:
try:
operation = event['httpMethod']
payload = includevalues = None
if operation in operations:
payload = event.get(
'queryStringParameters',
None) if operation == 'GET' else json.loads(event['body'])
if payload:
includevalues = payload.get('includeValues', False)
if includevalues and includevalues.lower() == 'true':
includevalues = True
else:
includevalues = False
# get credential form role using boto3 libs
session = boto3.session.Session()
credentials = session.get_credentials()
# You must provide an AWS region
region = session.region_name or 'us-west-2'
service = 'apigateway'
auth = AWSV4Sign(credentials, region, service)
endpoint = f'https://{service}.{region}.amazonaws.com/apikeys?includeValues={includevalues}'
r = requests.get(endpoint, auth=auth)
item_list = r.json()['_embedded']['item']
key_list = []
for item in item_list:
if includevalues:
key_details = {
"name": {item['name']},
"id": item['id'],
"value": item.get('value', None),
"descrpition": item['description']
}
else:
key_details = {
"name": item['name'],
"id": item['id'],
"descrpition": item['description']
}
key_list = [*key_list, key_details]
# usage_ids = requests.get(f"https://apigateway.us-west-2.amazonaws.com/usageplans?keyId={item['id']}", auth=auth)
# usages = usage_ids.json()['_embedded']['item']
# usage_details = requests.get(f"https://apigateway.us-west-2.amazonaws.com//usageplans/{usages['id']}/usage?startDate=2020-04-01&endDate=2020-04-30",
# auth=auth)
ret_response = {"key_list": key_list}
return response(msg=f"{ret_response}".replace("\'", "\""),
statuscode=r.status_code)
except Exception as e:
response(msg=f"An exepection occurred {traceback.format_exc()}",
statuscode=500)
else:
return response(msg=f"Input message is null.\n", statuscode=200)
