def get_security_group(sg_name): vpc_conn = get_vpc_connection_obj() for group in vpc_conn.get_all_security_groups(): if group.name == sg_name: return group return None
def get_region_non_default_vpc(): # get the non-default VPC object from AWS (default VPC is generated by amazon and is pu) vpc_conn = get_vpc_connection_obj() vpcs = vpc_conn.get_all_vpcs() print "list of vpc id's returned from region %s: %s" % (cfg["aws_region"], vpcs) for vpc in vpcs: if not vpc.is_default: print "%s is the first non-default VPC!!" % vpc.id return vpc raise Exception("ERROR! non-default VPC was not discovered in region")
def get_vpc_subnets(): vpc_conn = get_vpc_connection_obj() vpc_obj = get_region_non_default_vpc() subnet_ids = [] subnets = vpc_conn.get_all_subnets() for subnet in subnets: if subnet.vpc_id == vpc_obj.id: print "adding to subnet group: %s %s %s" % (subnet.id, subnet.cidr_block, subnet.availability_zone) subnet_ids.append(subnet.id) return subnet_ids
def create_new_db_instance(): # boto.set_stream_logger('boto') # get obnoxious amount of debug info... print 'creating new mysql database RDS instance in region: ', cfg['aws_region'] vpc_conn = aws_api_connections.get_vpc_connection_obj() rds_conn = aws_api_connections.get_rds_connection_obj() # get the existing list of subnets (typically 2) subnet_ids = get_vpc_subnets() # build the subnet group for this db instance, deleting any existing group first if it exists subnet_group_list = rds_conn.get_all_db_subnet_groups() for subnet_group in subnet_group_list: if subnet_group.name == cfg['db_subnet_name']: print "existing db subnet group will be deleted: " + subnet_group.name rds_conn.delete_db_subnet_group(cfg['db_subnet_name']) rds_conn.create_db_subnet_group(cfg['db_subnet_name'], 'group of private subnets in vpc', subnet_ids) # find the db security group we defined as part of the creating the vpc security groups db_security_group = get_db_security_group(vpc_conn) print "utilizing db security group: " + str(db_security_group) # with subnet group and db security group collected, issue the call to create the rds instance rds_conn.create_dbinstance(cfg['db_instance_id'], 10, 'db.t2.micro', cfg['db_user'], cfg['db_pwd'], engine='MySQL', port=3306, db_name=cfg['db_name'], availability_zone=None, multi_az=False, engine_version='5.6', auto_minor_version_upgrade=False, vpc_security_groups=[db_security_group.id], db_subnet_group_name = cfg['db_subnet_name'])
#!/usr/bin/env python from aws_api_connections import get_vpc_connection_obj from aws_utils import get_region_non_default_vpc from aws_utils import get_security_group from config.config_reader import cfg # global vpc connection used throughout this script conn = get_vpc_connection_obj() def create_all_security_groups(): vpc = get_region_non_default_vpc() vpc_id = vpc.id # db sg has dependency on webapp sg, so need to delete it first delete_security_group(cfg['database_sg_name']) delete_security_group(cfg['webapp_sg_name']) delete_security_group(cfg['webapp_elb_sg_name']) create_webapp_sg(vpc_id) create_database_sg(vpc_id) create_elastic_load_balancer_sg(vpc_id) def delete_security_group(sg_name): sg = get_security_group(sg_name) if sg: print "deleting security group: " + sg.name
def create_vpc_in_region(): vpc_conn = aws_api_connections.get_vpc_connection_obj() # create the main virtual private cloud vpc = vpc_conn.create_vpc(cfg["vpc_main_cidr"]) #'10.0.0.0/16') vpc_conn.modify_vpc_attribute(vpc.id, enable_dns_support=True) vpc_conn.modify_vpc_attribute(vpc.id, enable_dns_hostnames=True) # make sure the vpc is actually ready for the next set of operations # this may be overkill and can probably be deleted... # vpc_instance = vpc_conn.get_all_vpcs(vpc_ids=[vpc.id])[0] # print "vpc status: ", vpc_instance.state # while not vpc_instance.state == 'available': # print "status is NOT available. sleeping 5 seconds." # time.sleep(5) # creating a brand new route table prevents association with internet gw and created subnets. # i'm probably doing something wrong, but the only way i got this to work is to utilize the # default/main route table generated as part of vpc creation # route_table = vpc_conn.create_route_table(vpc.id) route_table = None route_table_list = vpc_conn.get_all_route_tables() for rt in route_table_list: if rt.vpc_id == vpc.id: route_table = rt break print "using route table from newly created vpc: ", route_table # testing to see if this is needed for route/subnet association. wtf # network_acl = vpc_conn.create_network_acl(vpc.id) # create an internet gateway and add a route to the internet to our route table gateway = vpc_conn.create_internet_gateway() vpc_conn.attach_internet_gateway(gateway.id, vpc.id) vpc_conn.create_route(route_table.id, "0.0.0.0/0", gateway.id) # create the 2 subnets in this VPC. for some reason, aws changes the available zones, so find 2 and move on success_count = 0 suffixes = ["a", "b", "c", "d", "e"] for suffix in suffixes: az = cfg["aws_region"] + suffix # irritating. i have to associate the availability zone with a cidr, so need the obnoxious if check below try: if success_count == 0: subnet_1 = vpc_conn.create_subnet(vpc.id, cfg["subnet_1_cidr"], availability_zone=az) success_count = 1 continue if success_count == 1: subnet_2 = vpc_conn.create_subnet(vpc.id, cfg["subnet_2_cidr"], availability_zone=az) success_count = 2 break except: continue # if we were unable to create the 2 availability zones, bail if success_count < 2: raise Exception("ERROR! unable to create 2 subnets in region " + cfg["aws_region"]) # now add routes to each of our subnets vpc_conn.associate_route_table(route_table.id, subnet_1.id) vpc_conn.associate_route_table(route_table.id, subnet_2.id) print "created VPC: ", vpc.id return vpc