ICCDI AWS-CLI Python Script


#!/usr/bin/python3.6

"""comp-up.py: Spin up servers, security groups in AWS."""

__author__ = "Kurt Giessel"
__copyright__ = "Copyright 2018, Highline College"
__license__ = "GPL"
__version__ = "0.1"
__email__ = "kgiessel@highline.edu"

import os
from subprocess import PIPE, run
import time
import configparser
config = configparser.ConfigParser()
config.read('config.ini')

##########
#variables

event = (config.items('EVENT'))
eventID = event[0][1]
teams = (config.items('TEAMS'))
numTeams = teams[0][1]
teamName = teams[1][1]
servers = (config.items('SERVERS'))
network = (config.items('NETWORK'))
vpc = network[0][1]
cidr = network[1][1]
team = 1

##########
#functions

def get_stdout(cmd):
    result = run(cmd, stdout=PIPE, stderr=PIPE, universal_newlines=True, shell=True)
    return result.stdout

#####
#main

while team <= int(numTeams):

    if team < 10:
        teamNum = '0%s' % team
    else:
        teamNum = team
    teamNameNum = teamName + str(teamNum)

    print('')
    print('###################################')
    print('')
    print('Starting Config for %s' % (teamNameNum))
    print('')
    print('###################################')
    print('')

    #create subnet
    subnetID = get_stdout('aws ec2 create-subnet --vpc-id %s --cidr-block 192.168.%s.0/%s' % (vpc, str(team), str(cidr))) #create subnet
    subnetID = subnetID.splitlines()[9]
    subnetID = subnetID.split()[1][1:-2] #get subnetID
    os.system('aws ec2 create-tags --resources %s --tags Key=Name,Value="%s" Key=Team,Value="%s" Key=Event,Value="%s"' % (subnetID, teamNameNum, teamNameNum, eventID)) #apply tag to subnet

    for server in range(len(servers)):

        instanceName = teamNameNum + '-' + servers[server][0] #instance name TeamNameXX-Server
        imageID = servers[server][1].split()[1] #AMI image used
        ipAddr = '192.168.' + str(team) + '.' + servers[server][1].split()[0] #IP Address -

        print('')
        print('### Creating %s ###' % (instanceName))
        print('')

        #create security group
        print('Creating Security Group %s' % (instanceName))
        secGroup = get_stdout('aws ec2 create-security-group --vpc-id %s --group-name %s --description "%s Created by comp-up.py"' % (vpc, instanceName, instanceName)) #create security group
        secGroup = secGroup.splitlines()[1]
        secGroup = secGroup.split()[1][1:-1] #get security group name
        print('Security Group %s created with id %s' % (instanceName, secGroup))
        os.system('aws ec2 authorize-security-group-ingress --group-id %s --protocol tcp --port 0-65535 --cidr 192.168.0.0/16' % (secGroup)) #add rules to security group
        os.system('aws ec2 authorize-security-group-ingress --group-id %s --protocol udp --port 0-65535 --cidr 192.168.0.0/16' % (secGroup)) #add rules to security group
        print('Opened all TCP and UDP ports on rule %s' % (secGroup))

        #get platform to set remote security group
        platform = get_stdout('aws ec2 describe-images --image-ids %s --query Images[*].{OS:Platform} --output text' % (imageID)) #get platform
        if platform.rstrip() == 'windows':
            remoteSG = network[2][1]
            instanceType = 't2.medium'
        else:
            remoteSG = network[3][1]
            instanceType = 't2.micro'

        #create instance
        print('Creating %s from image %s with IP %s on subnet %s with security groups %s and %s' % (instanceName, imageID, ipAddr, subnetID, secGroup, remoteSG))
        null = get_stdout('aws ec2 run-instances --image-id %s --count 1 --instance-type %s --key-name blueteam --security-group-ids %s %s --subnet-id %s --private-ip-address %s --associate-public-ip-address' % (imageID, instanceType, secGroup, remoteSG, subnetID, ipAddr)) #create instance

        time.sleep(5)
        instanceID = get_stdout('aws ec2 describe-instances --filters "Name=network-interface.addresses.private-ip-address,Values=%s" --query Reservations[*].Instances[*].[InstanceId] --output text' % (ipAddr))
        instanceID = instanceID.rstrip()
        while not instanceID:
            time.sleep(5)
            instanceID = get_stdout('aws ec2 describe-instances --filters "Name=network-interface.addresses.private-ip-address,Values=%s" --query Reservations[*].Instances[*].[InstanceId] --output text' % (ipAddr))
        #allocate Elastic IP
        print('Allocating Elastic IP and associating it with %s' % (instanceID))
        allocationID = get_stdout('aws ec2 allocate-address --domain vpc') #allocate elastic IP
        allocationID = allocationID.splitlines()[3]
        allocationID = allocationID.split()[1][1:-1]
        instanceState = get_stdout('aws ec2 describe-instance-status --instance-id %s --query InstanceStatuses[*].{Status:InstanceState} --output text' % (instanceID))
        while not instanceState: #wait for instance state running before associating elastic IP
            time.sleep(5)
            instanceState = get_stdout('aws ec2 describe-instance-status --instance-id %s --query InstanceStatuses[*].{Status:InstanceState} --output text' % (instanceID))
        get_stdout('aws ec2 associate-address --instance-id %s --allocation-id %s' % (instanceID, allocationID)) #associate instance and elastic IP

        #create tags
        print('Creating Tags for InstanceID %s, AllocationID %s, and SecurityGroupID %s with values %s, %s, %s' % (instanceID, allocationID, secGroup, instanceName, teamNameNum, eventID))
        os.system('aws ec2 create-tags --resources %s %s %s --tags Key=Name,Value="%s" Key=Team,Value="%s" Key=Event,Value="%s"' % (instanceID, allocationID, secGroup, instanceName, teamNameNum, eventID)) #add tags

    team += 1

print('###################################')
print('')
print('%s Successfully Created' % (numTeams))
print('')
print('###################################')