def get_aws_tags(self) -> List[dict]: """ return only the tags that are defined as part of a model config, and have been explicitly set, in AWS tag format """ return AWSTag.to_tags( {i: self.tags[i] for i in self.tags if i in self.TAGS})
def _create_filter(self) -> str: # create filter and return the filter id filter_response = self.ec2_client.create_traffic_mirror_filter( Description=self._filter_description, TagSpecifications=[{ "ResourceType": "traffic-mirror-filter", "Tags": AWSTag.to_tags({AWSTag.NAME_KEY: self._filter_name}), }], ) filter_id = filter_response["TrafficMirrorFilter"][ "TrafficMirrorFilterId"] # tap dns self.ec2_client.modify_traffic_mirror_filter_network_services( TrafficMirrorFilterId=filter_id, AddNetworkServices=['amazon-dns'], ) # create filter rules for direction in ["ingress", "egress"]: for rule, cidr in zip([100, 200], ["0.0.0.0/0", "::/0"]): self.ec2_client.create_traffic_mirror_filter_rule( TrafficMirrorFilterId=filter_id, TrafficDirection=direction, RuleNumber=rule, RuleAction="accept", DestinationCidrBlock=cidr, SourceCidrBlock=cidr, Description=VENDOR + " " + direction + " rule", ) return filter_id
def list_subnets(self) -> Iterable[Subnet_Props]: subnets = self.ec2_client.describe_subnets( Filters=[{ "Name": "vpc-id", "Values": self.vpc_ids }]) for subnet in subnets["Subnets"]: tags = AWSTag.to_dict(subnet.get(AWSTag.TAGS_KEY)) yield Subnet_Props(subnet["SubnetId"], tags.get(AWSTag.NAME_KEY), subnet["SubnetArn"], subnet["AvailabilityZoneId"])
def create(self, nlb_or_eni_arn: str) -> str: # create the target (of the mirroring) kwargs = { "Description": VENDOR + "TrafficMirror", "TagSpecifications": [{ 'ResourceType': 'traffic-mirror-target', 'Tags': AWSTag.to_tags({AWSTag.NAME_KEY: VENDOR + 'NLBTarget'}) }], } if "elasticloadbalancing" in nlb_or_eni_arn: kwargs["NetworkLoadBalancerArn"] = nlb_or_eni_arn else: kwargs["NetworkInterfaceId"] = nlb_or_eni_arn response = self.ec2_client.create_traffic_mirror_target(**kwargs) return response["TrafficMirrorTarget"]["TrafficMirrorTargetId"]
def discover(self) -> Generator[Spile, None, None]: """ find all the nitro instances and return a Spile if so""" paginator = self.ec2_client.get_paginator("describe_instances") filters = [{"Name": "instance-type", "Values": self.FOREST_SPECIES}] if self.vpc_ids: filters.append({"Name": "vpc-id", "Values": self.vpc_ids}) page_iterator = paginator.paginate(Filters=filters) for page in page_iterator: for garbo in page["Reservations"]: for instance in garbo["Instances"]: instance_id = instance["InstanceId"] tags = AWSTag.to_dict(instance.get(AWSTag.TAGS_KEY)) for interface in instance["NetworkInterfaces"]: yield Spile( ec2_client=self.ec2_client, eni_tag=ENI_Tag(instance_id, interface["NetworkInterfaceId"], tags, instance["State"]["Name"]), )
def list_mirror_targets(cls, region: str) -> Iterable[Mirror_Target_Props]: response = cls._get_client( region=region).describe_traffic_mirror_targets( )['TrafficMirrorTargets'] for target in response: tags = AWSTag.to_dict(target.get(AWSTag.TAGS_KEY)) # get the VPC_ID if target['Type'] == cls.TARGET_NIC: try: vpc_id = cls._get_client( region=region).describe_network_interfaces( NetworkInterfaceIds=[ target['NetworkInterfaceId'], ])["NetworkInterfaces"][0]["VpcId"] vpc_bound = True except Exception as e: if 'does not exist' in str(e): id = target['TrafficMirrorTargetId'] logging.warning( f'Invalid Instance Session Mirroring Target `{id}`, delete manually.' ) continue if target['Type'] == cls.TARGET_NLB: try: lb = boto3.client( 'elbv2', region_name=region).describe_load_balancers( LoadBalancerArns=[ target['NetworkLoadBalancerArn'] ], )['LoadBalancers'][0] except Exception as e: if 'or more load balancers not found' in str(e): id = target['TrafficMirrorTargetId'] logging.warning( f'Invalid NLB Session Mirroring Target `{id}`, delete manually.' ) continue raise vpc_id = lb["VpcId"] vpc_bound = True if lb.get("Schema") == "internal" else False yield Mirror_Target_Props(target['TrafficMirrorTargetId'], tags.get(AWSTag.NAME_KEY), target['Type'], vpc_id, vpc_bound)
def list_vpcs(cls, region: str) -> Iterable[VPC_Props]: vpcs = cls._get_client(region=region).describe_vpcs() for vpc in vpcs["Vpcs"]: tags = AWSTag.to_dict(vpc.get(AWSTag.TAGS_KEY)) yield VPC_Props(vpc["VpcId"], tags.get(AWSTag.NAME_KEY), tags)
def test_to_dict(self): key = {'Key': 'Foo', 'Value': 'Bar'} key_dict = AWSTag.to_dict([key]) self.assertEqual({'Foo': 'Bar'}, key_dict)
def test_delete_dict(self): tags = {'Key': 'Foo'} self.assertEqual({'Foo': AWSTag.Delete}, AWSTag.to_dict([tags]))
def test_delete_tag(self): python_dict = {'Foo': AWSTag.Delete} self.assertEqual([{'Key': 'Foo'}], AWSTag.to_tags(python_dict))
def test_to_tags(self): python_dict = {'Foo': 'Bar'} aws_tags = AWSTag.to_tags(python_dict) self.assertEqual([{'Key': 'Foo', 'Value': 'Bar'}], aws_tags)
def test_to_dict_none(self): key_dict = AWSTag.to_dict([]) self.assertEqual({}, key_dict)