def create_elastic_load_balancer(): elb_conn = get_elb_connection_obj() # setup availability zones to which this lb forwards requests ports = [(80, cfg['webapp_instance_port'], 'http'), (443, cfg['webapp_instance_port'], 'http')] subnets = get_vpc_subnets() elb_sg = get_security_group(cfg['webapp_elb_sg_name']) # create the load balancer. NB: zones must be None when associating elb to non-default vpc elb = elb_conn.create_load_balancer(name=cfg['elb_name'], zones=None, listeners=ports, subnets=subnets, security_groups=[elb_sg.id]) # Add the health check configuration to the ELB. hc = HealthCheck( interval=10, healthy_threshold=2, unhealthy_threshold=3, target='HTTP:' + str(cfg['webapp_instance_port']) + cfg['health_check_url'] ) elb.configure_health_check(hc) print 'elastic load balancer created: ', elb print 'elastic load balancer dns: ', elb.dns_name return elb
def create_database_sg(vpc_id): db_sg = conn.create_security_group(cfg['database_sg_name'], 'security group for rds', vpc_id=vpc_id) print "rds security group just created. name: %s id: %s" % (db_sg.name, db_sg.id) # stupid. the only way to remove the default 'All' egress rule... conn.revoke_security_group_egress(db_sg.id, '-1', from_port="0", to_port="65535", cidr_ip='0.0.0.0/0') # only allow instances associated with the webapp security group to access our db instance webapp_sg = get_security_group(cfg['webapp_sg_name']) db_sg.authorize(ip_protocol='tcp', from_port=3306, to_port=3306, cidr_ip=None, src_group=webapp_sg)
def create_ec2_from_ami(): ec2 = get_ec2_connection_obj() # TODO!!! need to check for existence of this key before blindly creating it... print 'creating ec2 ssh key pair with name %s' % cfg['ec2_ssh_key_name'] key = ec2.create_key_pair(cfg['ec2_ssh_key_name']) key.save(cfg['ec2_ssh_key_local_path']) print 'just saved private key pem file to %s' % cfg['ec2_ssh_key_local_path'] security_group = get_security_group(cfg['webapp_sg_name']) print 'utilizing security group: %s' % security_group print 'security group id: %s' % security_group.id subnet_list = get_vpc_subnets() ec2.run_instances(cfg['ec2_ami'], key_name=cfg['ec2_ssh_key_name'], security_group_ids=[security_group.id], subnet_id=subnet_list[0], instance_type=cfg['ec2_instance_type'])
def delete_security_group(sg_name): sg = get_security_group(sg_name) if sg: print "deleting security group: " + sg.name sg.delete()