def get_security_group(sg_name):
vpc_conn = get_vpc_connection_obj()
for group in vpc_conn.get_all_security_groups():
if group.name == sg_name:
return group
return None
def get_region_non_default_vpc():
# get the non-default VPC object from AWS (default VPC is generated by amazon and is pu)
vpc_conn = get_vpc_connection_obj()
vpcs = vpc_conn.get_all_vpcs()
print "list of vpc id's returned from region %s: %s" % (cfg["aws_region"], vpcs)
for vpc in vpcs:
if not vpc.is_default:
print "%s is the first non-default VPC!!" % vpc.id
return vpc
raise Exception("ERROR! non-default VPC was not discovered in region")
def get_vpc_subnets():
vpc_conn = get_vpc_connection_obj()
vpc_obj = get_region_non_default_vpc()
subnet_ids = []
subnets = vpc_conn.get_all_subnets()
for subnet in subnets:
if subnet.vpc_id == vpc_obj.id:
print "adding to subnet group: %s %s %s" % (subnet.id, subnet.cidr_block, subnet.availability_zone)
subnet_ids.append(subnet.id)
return subnet_ids
def create_new_db_instance():
# boto.set_stream_logger('boto') # get obnoxious amount of debug info...
print 'creating new mysql database RDS instance in region: ', cfg['aws_region']
vpc_conn = aws_api_connections.get_vpc_connection_obj()
rds_conn = aws_api_connections.get_rds_connection_obj()
# get the existing list of subnets (typically 2)
subnet_ids = get_vpc_subnets()
# build the subnet group for this db instance, deleting any existing group first if it exists
subnet_group_list = rds_conn.get_all_db_subnet_groups()
for subnet_group in subnet_group_list:
if subnet_group.name == cfg['db_subnet_name']:
print "existing db subnet group will be deleted: " + subnet_group.name
rds_conn.delete_db_subnet_group(cfg['db_subnet_name'])
rds_conn.create_db_subnet_group(cfg['db_subnet_name'], 'group of private subnets in vpc', subnet_ids)
# find the db security group we defined as part of the creating the vpc security groups
db_security_group = get_db_security_group(vpc_conn)
print "utilizing db security group: " + str(db_security_group)
# with subnet group and db security group collected, issue the call to create the rds instance
rds_conn.create_dbinstance(cfg['db_instance_id'], 10, 'db.t2.micro', cfg['db_user'], cfg['db_pwd'],
engine='MySQL',
port=3306,
db_name=cfg['db_name'],
availability_zone=None,
multi_az=False,
engine_version='5.6',
auto_minor_version_upgrade=False,
vpc_security_groups=[db_security_group.id],
db_subnet_group_name = cfg['db_subnet_name'])
#!/usr/bin/env python
from aws_api_connections import get_vpc_connection_obj
from aws_utils import get_region_non_default_vpc
from aws_utils import get_security_group
from config.config_reader import cfg
# global vpc connection used throughout this script
conn = get_vpc_connection_obj()
def create_all_security_groups():
vpc = get_region_non_default_vpc()
vpc_id = vpc.id
# db sg has dependency on webapp sg, so need to delete it first
delete_security_group(cfg['database_sg_name'])
delete_security_group(cfg['webapp_sg_name'])
delete_security_group(cfg['webapp_elb_sg_name'])
create_webapp_sg(vpc_id)
create_database_sg(vpc_id)
create_elastic_load_balancer_sg(vpc_id)
def delete_security_group(sg_name):
sg = get_security_group(sg_name)
if sg:
print "deleting security group: " + sg.name
def create_vpc_in_region():
vpc_conn = aws_api_connections.get_vpc_connection_obj()
# create the main virtual private cloud
vpc = vpc_conn.create_vpc(cfg["vpc_main_cidr"]) #'10.0.0.0/16')
vpc_conn.modify_vpc_attribute(vpc.id, enable_dns_support=True)
vpc_conn.modify_vpc_attribute(vpc.id, enable_dns_hostnames=True)
# make sure the vpc is actually ready for the next set of operations
# this may be overkill and can probably be deleted...
# vpc_instance = vpc_conn.get_all_vpcs(vpc_ids=[vpc.id])[0]
# print "vpc status: ", vpc_instance.state
# while not vpc_instance.state == 'available':
# print "status is NOT available. sleeping 5 seconds."
# time.sleep(5)
# creating a brand new route table prevents association with internet gw and created subnets.
# i'm probably doing something wrong, but the only way i got this to work is to utilize the
# default/main route table generated as part of vpc creation
# route_table = vpc_conn.create_route_table(vpc.id)
route_table = None
route_table_list = vpc_conn.get_all_route_tables()
for rt in route_table_list:
if rt.vpc_id == vpc.id:
route_table = rt
break
print "using route table from newly created vpc: ", route_table
# testing to see if this is needed for route/subnet association. wtf
# network_acl = vpc_conn.create_network_acl(vpc.id)
# create an internet gateway and add a route to the internet to our route table
gateway = vpc_conn.create_internet_gateway()
vpc_conn.attach_internet_gateway(gateway.id, vpc.id)
vpc_conn.create_route(route_table.id, "0.0.0.0/0", gateway.id)
# create the 2 subnets in this VPC. for some reason, aws changes the available zones, so find 2 and move on
success_count = 0
suffixes = ["a", "b", "c", "d", "e"]
for suffix in suffixes:
az = cfg["aws_region"] + suffix
# irritating. i have to associate the availability zone with a cidr, so need the obnoxious if check below
try:
if success_count == 0:
subnet_1 = vpc_conn.create_subnet(vpc.id, cfg["subnet_1_cidr"], availability_zone=az)
success_count = 1
continue
if success_count == 1:
subnet_2 = vpc_conn.create_subnet(vpc.id, cfg["subnet_2_cidr"], availability_zone=az)
success_count = 2
break
except:
continue
# if we were unable to create the 2 availability zones, bail
if success_count < 2:
raise Exception("ERROR! unable to create 2 subnets in region " + cfg["aws_region"])
# now add routes to each of our subnets
vpc_conn.associate_route_table(route_table.id, subnet_1.id)
vpc_conn.associate_route_table(route_table.id, subnet_2.id)
print "created VPC: ", vpc.id
return vpc
