# AWS Resources deployment using a Jupyter Notebook

In [None]:
# !python3 -m pip install boto3
# !python3 -m pip install requests
# !python3 -m pip install tqdm
# !python3 -m pip install pandas
# !python3 -m pip install s3fs
# !python3 -m pip install ipywidgets
# !python3 -m pip install -q -U paramiko
# !python3 -m pip install -q -U scp
# !pip install -q -U ipython-sql
# !pip install -q -U psycopg2-binary

In [105]:
import IPython
import boto3
import time
import os
import json
import requests
import pandas as pd
import paramiko
import scp
from zipfile import ZipFile
from urllib.request import urlopen
from tqdm.notebook import tqdm
import psycopg2

#### Some basic settings

In [143]:
#core
my_bucket_name = 'dantohe-my-experimental-iac-01'
my_region = 'us-west-2'
stem = 'my-experimental'

#ec2
my_InstanceProfileName = f'{stem}-InstanceProfileName-iac-01'
ec2_pem_name      = f'{stem}-kp-june-2021-01'
my_role_name = f'{stem}-ec2-role-01'
my_security_group_name = f'{stem}-Airflow-security-group-01'

#redshift
my_redshift_role_name = f'{stem}-Redshift-role-01'
redshift_port = 5439
redshift_user = 'redshift'
# Only printable ASCII characters except for '/', '@', '"', ' ', '\', ''' may be used.
redshift_MasterUserPassword = 'kljhdfsKLJDD12345'
redshift_db=f'{stem}-capstone-db'
redshift_ClusterIdentifier=f'{stem}-redshift-cluster'
#https://aws.amazon.com/redshift/pricing/
redshift_NodeType='dc2.large'
# https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-clusters.html
redshift_NumberOfNodes=1
# https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/redshift.html#Redshift.Client.create_cluster
redshift_ClusterType='single-node'

#clients
ec2 = boto3.client('ec2')
iam = boto3.client('iam')
redshift = boto3.client('redshift')

#### Create an EC2 key-pair    
If the key already exists then don't do anything.    

In [89]:

key_exists = False

response = ec2.describe_key_pairs()['KeyPairs']
for key in response:
    if key['KeyName'] == ec2_pem_name:
        key_exists = True
    found_instance = ec2.describe_instances(
        Filters=[
            {
                'Name': 'key-name',
                'Values': [key['KeyName']]
            }
        ]
    )['Reservations']

if key_exists:
    print('key already exists')
else:
    ec2_pem_path = f'./{ec2_pem_name}.pem'
    if os.path.isfile(ec2_pem_path):
        os.remove(ec2_pem_path)
    ec2_keypair = ec2.create_key_pair(KeyName=ec2_pem_name)
    with open(ec2_pem_path, 'w+') as ec2_pem_file:
        ec2_pem_file.write(str(ec2_keypair['KeyMaterial']))
    !chmod 400 {ec2_pem_path}
    print(f'{ec2_pem_name} has been created sucessfully and the pem is available at\n{ec2_pem_path}')
    

my-experimental-kp-june-2021-01 has been created sucessfully and the pem is available at
./my-experimental-kp-june-2021-01.pem


## EC2 Resources    
IAM - refrences: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam.html#role   


### Create a role and attach the s3 access policies

#### A utility that checks if a given role already exists    
If already in place returns the role object, otherwise returns a None.    

In [109]:
def does_role_already_exist(role_name):
    roles = iam.list_roles()
    role_list = roles['Roles']
    requested_role= None

    for role in role_list:
        if role['RoleName'] == role_name:
            requested_role = role
            return requested_role
    return requested_role

### Create role for ec2 and attach s3 access policies

In [90]:
roles = iam.list_roles()
role_list = roles['Roles']
ec2_role= None

for key in role_list:
    if key['RoleName'] == my_role_name:
        ec2_role = key

if ec2_role is not None:
    print(f'Role {my_role_name} already exists')
else:
    ec2_role = iam.create_role(
        Path='/',
        RoleName=my_role_name,
        Description='',
        MaxSessionDuration=3600,
        AssumeRolePolicyDocument="""{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": { "Service": "ec2.amazonaws.com"},
          "Action": "sts:AssumeRole"
        }
      ]
    }""".replace('<dw_bucket>', my_bucket_name))['Role']
    ### Also atach the S3 policy to the role
    for ec2_policy in  [
        'arn:aws:iam::aws:policy/AmazonS3FullAccess']:
        assert iam.attach_role_policy(
            RoleName=ec2_role['RoleName'],
            PolicyArn=ec2_policy)['ResponseMetadata']['HTTPStatusCode'] == 200
    
    print(f'{my_role_name} has been createed - the S3 policies have been attached')
#     ec2_role['Arn']

my-experimental-ec2-role-01 has been createed - the S3 policies have been attached


### Creates the instance profile AND adds the role to instance profile

In [91]:
instance_profiles = iam.list_instance_profiles()
instance_profiles_list = instance_profiles['InstanceProfiles']
ec2_instance_profile = None

# existing_instance_profile_names =[]

for key in instance_profiles_list:
    if key['InstanceProfileName'] == my_InstanceProfileName:
        ec2_instance_profile =key
#     existing_instance_profile_names.append(key['InstanceProfileName'])

# if my_InstanceProfileName in existing_instance_profile_names:
#     print(f'{my_InstanceProfileName} already exists')
if ec2_instance_profile is not None:
    print(f'{my_InstanceProfileName} already exists')
else:
    #creates the instaance profile
    ec2_instance_profile = iam.create_instance_profile(InstanceProfileName=my_InstanceProfileName)['InstanceProfile']
    iam.get_waiter('instance_profile_exists').wait(InstanceProfileName=my_InstanceProfileName)

    #adds the role to the instance profile
    assert iam.add_role_to_instance_profile(InstanceProfileName=ec2_instance_profile['InstanceProfileName'], RoleName=ec2_role['RoleName'])['ResponseMetadata']['HTTPStatusCode'] == 200
    print(f'{my_InstanceProfileName} has been created')

my-experimental-InstanceProfileName-iac-01 has been created


### Createting a security group

In [92]:
security_groups = ec2.describe_security_groups()
existing_security_groups = security_groups['SecurityGroups']

ec2_sg = None

for key in existing_security_groups:
    if key['GroupName'] == my_security_group_name:
      ec2_sg=key  
    
if ec2_sg is not None:
    print(f'The security group {my_security_group_name} already exists')
else:
    ec2_sg = ec2.create_security_group(
        Description='Allows 22 trafic',
        GroupName=my_security_group_name)
    ec2.authorize_security_group_ingress(CidrIp='0.0.0.0/0', FromPort=22, ToPort=22, GroupId=ec2_sg['GroupId'], IpProtocol='TCP')
    ec2.authorize_security_group_ingress(CidrIp='0.0.0.0/0', FromPort=8080, ToPort=8080, GroupId=ec2_sg['GroupId'], IpProtocol='TCP')
    ec2.authorize_security_group_ingress(CidrIp='0.0.0.0/0', FromPort=5555, ToPort=5555, GroupId=ec2_sg['GroupId'], IpProtocol='TCP')
    ec2.authorize_security_group_ingress(CidrIp='0.0.0.0/0', FromPort=3306, ToPort=3306, GroupId=ec2_sg['GroupId'], IpProtocol='TCP')
    print(f'The security group {my_security_group_name} has been created')
    print(f"SG ID: {ec2_sg['GroupId']}")

The security group my-experimental-Airflow-security-group-01 has been created
SG ID: sg-00b0b2fea8e7306bb


### Requesting spot instance(s)

In [93]:
# time.sleep(30) #wait instance profile...
#Amazon Linux AMI - it has some issues and complications with installing mysql and airflow
# ec2_ami_id = 'ami-0aeeebd8d2ab47354'
#defaulting to ubuntu
ec2_ami_id = 'ami-09e67e426f25ce0d7'
ec2_spot = ec2.request_spot_instances(
    AvailabilityZoneGroup='us-east-1',
    InstanceCount=1,
    LaunchSpecification={
        'SecurityGroupIds': [ec2_sg['GroupId']],
        'EbsOptimized': False,
        'KeyName': ec2_pem_name,
        'ImageId': ec2_ami_id,
        'InstanceType': 't3.large',
        'IamInstanceProfile': {
            'Arn': ec2_instance_profile['Arn']
        },
        "BlockDeviceMappings": [
            {
                "DeviceName": "/dev/sda1",
                "Ebs": {
                        "DeleteOnTermination": True,
                        "VolumeSize": 30,
                        "Encrypted": False,
                        "VolumeType": "gp2"
                }
            }
        ],
    },
    SpotPrice='0.10',
    Type='one-time',
    InstanceInterruptionBehavior='terminate'
)
ec2_spot_id = ec2_spot['SpotInstanceRequests'][0]['SpotInstanceRequestId']
ec2.get_waiter('spot_instance_request_fulfilled').wait(SpotInstanceRequestIds=[ec2_spot_id])
print(f'Spot instance request: {ec2_spot_id}')

Spot instance request: sir-mfphg1pk


### Gets the instance ID

In [94]:
ec2_vm_id = ec2.describe_spot_instance_requests(SpotInstanceRequestIds=[ ec2_spot_id ]) \
    ['SpotInstanceRequests'] \
    [0] \
    ['InstanceId']
ec2.get_waiter('instance_status_ok').wait(InstanceIds=[ ec2_vm_id ])
print(f'InstanceIds: {ec2_vm_id}')

InstanceIds: i-0449127a7bf786f5c


### Allocating a public IP address

In [95]:
ec2_ip = ec2.allocate_address(Domain='vpc')
print(f"PublicIp: {ec2_ip['PublicIp']}\nAllocationId: {ec2_ip['AllocationId']}")

PublicIp: 3.233.87.119
AllocationId: eipalloc-0997597fda788bb9e


### Associates the IP address with the instance

In [96]:
ec2_vm_ip = ec2.associate_address(
     InstanceId = ec2_vm_id,
     AllocationId = ec2_ip["AllocationId"])
print(f"IP AssociationId: {ec2_vm_ip['AssociationId']}")

IP AssociationId: eipassoc-07f2108476e5e79af


## SSH

### SSH utilities

In [97]:
def get_ssh(ip, pem_path):
    print(f"ssh -i {pem_path} ubuntu@{ip}")
    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    ssh.connect(hostname=ip, username='ubuntu', pkey=paramiko.RSAKey.from_private_key_file(pem_path))
    return ssh

def run_via_ssh(
        ip,
        pem_path,
        commands,
        display_output=False):
    
    ssh = get_ssh(ip, pem_path)
    try:
        for command in tqdm(commands):
            stdin, stdout, stderr = ssh.exec_command(command)
            exit_status = stdout.channel.recv_exit_status()
            if exit_status == 0:
                print(('command executed successfuly:::', command))
                if display_output:
                    output_buffer = stdout.read().decode('utf-8')
                    if output_buffer:
                        print(f">>> {output_buffer}")
            else:
                error_buffer = stderr.read().decode('utf-8')
                print(('!!!failed', command))
                print(f"!!! {error_buffer}")
    finally:
        ssh.close()

### Instaling MySql and Airflow

In [98]:
run_via_ssh(
    ip=ec2_ip['PublicIp'],
    pem_path=ec2_pem_path,
    commands=[
        'sudo apt-get -y update',
        'sudo apt-get install -y libmysqlclient-dev mysql-server',
        f"sudo mysql -e \"SET GLOBAL explicit_defaults_for_timestamp = 1;\"",
        f"sudo mysql -e \"DROP DATABASE IF EXISTS airflow;\"",       
        f"sudo mysql -e \"CREATE DATABASE airflow CHARACTER SET UTF8mb3 COLLATE utf8_general_ci;\"",
        f"sudo mysql -e \"CREATE USER 'airflow'@'localhost' IDENTIFIED BY 'airflow';\"",
        f"sudo mysql -e \"GRANT ALL PRIVILEGES ON airflow.* TO 'airflow'@'localhost';\"",
        f"sudo apt install -y redis-server",
        'sudo apt-get install -y python3 python3-pip python3-setuptools',
        'sudo pip3 install -U pip',
        'sudo pip3 install -U apache-airflow',
        'sudo pip3 install -U apache-airflow[mysql]',
        'sudo pip3 install -U apache-airflow[celery]'
    ])

ssh -i ./my-experimental-kp-june-2021-01.pem ubuntu@3.233.87.119


  0%|          | 0/13 [00:00<?, ?it/s]

('command executed successfuly:::', 'sudo apt-get -y update')
('command executed successfuly:::', 'sudo apt-get install -y libmysqlclient-dev mysql-server')
('command executed successfuly:::', 'sudo mysql -e "SET GLOBAL explicit_defaults_for_timestamp = 1;"')
('command executed successfuly:::', 'sudo mysql -e "DROP DATABASE IF EXISTS airflow;"')
('command executed successfuly:::', 'sudo mysql -e "CREATE DATABASE airflow CHARACTER SET UTF8mb3 COLLATE utf8_general_ci;"')
('command executed successfuly:::', 'sudo mysql -e "CREATE USER \'airflow\'@\'localhost\' IDENTIFIED BY \'airflow\';"')
('command executed successfuly:::', 'sudo mysql -e "GRANT ALL PRIVILEGES ON airflow.* TO \'airflow\'@\'localhost\';"')
('command executed successfuly:::', 'sudo apt install -y redis-server')
('command executed successfuly:::', 'sudo apt-get install -y python3 python3-pip python3-setuptools')
('command executed successfuly:::', 'sudo pip3 install -U pip')
('command executed successfuly:::', 'sudo pip3 in

### Configure Airflow

In [99]:
run_via_ssh(ip=ec2_ip['PublicIp'],
    pem_path=ec2_pem_path,
    commands=[
        'airflow db init',
        'sudo apt-get install -y crudini',
        "crudini --set ~/airflow/airflow.cfg core load_examples False",
        "crudini --set ~/airflow/airflow.cfg core load_default_connections False",
        "crudini --set ~/airflow/airflow.cfg core sql_alchemy_conn 'mysql://airflow:airflow@localhost/airflow'",
        "crudini --set ~/airflow/airflow.cfg core executor CeleryExecutor",
        "crudini --set ~/airflow/airflow.cfg core sql_alchemy_schema airflow",
        "crudini --set ~/airflow/airflow.cfg scheduler min_file_process_interval 10",
        "crudini --set ~/airflow/airflow.cfg scheduler dag_dir_list_interval 60",
        "crudini --set ~/airflow/airflow.cfg celery result_backend 'redis://127.0.0.1:6379/0'",
        "crudini --set ~/airflow/airflow.cfg celery broker_url 'db+mysql://airflow:airflow@localhost/airflow'",
        'airflow db init',
    ])

ssh -i ./my-experimental-kp-june-2021-01.pem ubuntu@3.233.87.119


  0%|          | 0/12 [00:00<?, ?it/s]

('command executed successfuly:::', 'airflow db init')
('command executed successfuly:::', 'sudo apt-get install -y crudini')
('command executed successfuly:::', 'crudini --set ~/airflow/airflow.cfg core load_examples False')
('command executed successfuly:::', 'crudini --set ~/airflow/airflow.cfg core load_default_connections False')
('command executed successfuly:::', "crudini --set ~/airflow/airflow.cfg core sql_alchemy_conn 'mysql://airflow:airflow@localhost/airflow'")
('command executed successfuly:::', 'crudini --set ~/airflow/airflow.cfg core executor CeleryExecutor')
('command executed successfuly:::', 'crudini --set ~/airflow/airflow.cfg core sql_alchemy_schema airflow')
('command executed successfuly:::', 'crudini --set ~/airflow/airflow.cfg scheduler min_file_process_interval 10')
('command executed successfuly:::', 'crudini --set ~/airflow/airflow.cfg scheduler dag_dir_list_interval 60')
('command executed successfuly:::', "crudini --set ~/airflow/airflow.cfg celery result_

### Create Airflow dag directory

In [100]:
run_via_ssh(
    ip=ec2_ip['PublicIp'],
    pem_path=ec2_pem_path,
    commands=[
        'mkdir -p ~/airflow/dags'
    ])

ssh -i ./my-experimental-kp-june-2021-01.pem ubuntu@3.233.87.119


  0%|          | 0/1 [00:00<?, ?it/s]

('command executed successfuly:::', 'mkdir -p ~/airflow/dags')


### Install python modules

In [101]:
run_via_ssh(
    ip=ec2_ip['PublicIp'],
    pem_path=ec2_pem_path,
    commands=[
        'sudo pip3 install -U tensorflow',
        'sudo pip3 install -U pandas',
        'sudo pip3 install -U scikit-learn',
        'sudo pip3 install -U numpy',
        'sudo pip3 install -U psycopg2-binary',
        'sudo pip3 install -U requests',
        'sudo pip3 install -U boto3',
        'sudo pip3 install -U matplotlib',
        'sudo pip3 install -U reportlab',
        'sudo pip3 install -U flower',
        'sudo pip3 install -U proj',
        'sudo pip3 install -U redis'
    ])

ssh -i ./my-experimental-kp-june-2021-01.pem ubuntu@3.233.87.119


  0%|          | 0/12 [00:00<?, ?it/s]

('command executed successfuly:::', 'sudo pip3 install -U tensorflow')
('command executed successfuly:::', 'sudo pip3 install -U pandas')
('command executed successfuly:::', 'sudo pip3 install -U scikit-learn')
('command executed successfuly:::', 'sudo pip3 install -U numpy')
('command executed successfuly:::', 'sudo pip3 install -U psycopg2-binary')
('command executed successfuly:::', 'sudo pip3 install -U requests')
('command executed successfuly:::', 'sudo pip3 install -U boto3')
('command executed successfuly:::', 'sudo pip3 install -U matplotlib')
('command executed successfuly:::', 'sudo pip3 install -U reportlab')
('command executed successfuly:::', 'sudo pip3 install -U flower')
('command executed successfuly:::', 'sudo pip3 install -U proj')
('command executed successfuly:::', 'sudo pip3 install -U redis')


### Start Airflow

In [102]:
# airflow kerberos -D
# airflow scheduler -D
# airflow webserver -D
run_via_ssh(
    ip=ec2_ip['PublicIp'],
    pem_path=ec2_pem_path,
    commands=[
        'airflow users  create --role Admin --username admin --email admin --firstname admin --lastname admin --password admin',
        'airflow scheduler -D',
        'airflow celery worker -D',
        'airflow celery flower -D',
        'airflow webserver -p 8080 -D'
    ])

ssh -i ./my-experimental-kp-june-2021-01.pem ubuntu@3.233.87.119


  0%|          | 0/5 [00:00<?, ?it/s]

('command executed successfuly:::', 'airflow users  create --role Admin --username admin --email admin --firstname admin --lastname admin --password admin')
('command executed successfuly:::', 'airflow scheduler -D')
('command executed successfuly:::', 'airflow celery worker -D')
('command executed successfuly:::', 'airflow celery flower -D')
('command executed successfuly:::', 'airflow webserver -p 8080 -D')


### Accesing the environment 

In [103]:
print(f"SSH      : ssh -i {ec2_pem_name} ubuntu@{ec2_ip['PublicIp']}")
print(f"WebServer: http://{ec2_ip['PublicIp']}:8080")
print(f"Flower   : http://{ec2_ip['PublicIp']}:5555")

SSH      : ssh -i my-experimental-kp-june-2021-01 ubuntu@3.233.87.119
WebServer: http://3.233.87.119:8080
Flower   : http://3.233.87.119:5555


## Refshift Setup

### Creates a role for Redshift and attach the needed policies.   

In [119]:
redshift_role = does_role_already_exist(my_redshift_role_name)

if redshift_role is None:
    redshift_role = iam.create_role(
        Path='/',
        RoleName=my_redshift_role_name,
        Description='role used for for capstone project',
        MaxSessionDuration=3600,
        AssumeRolePolicyDocument="""{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "Service": "redshift.amazonaws.com"
          },
          "Action": "sts:AssumeRole"
        }
      ]
    }""")['Role']
#     attaching the policies
    for redshift_policy in  [
        'arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess']:
        assert iam.attach_role_policy(
            RoleName=redshift_role['RoleName'],
            PolicyArn=redshift_policy)['ResponseMetadata']['HTTPStatusCode'] == 200
    print(f'Redshift role {my_redshift_role_name} has been created. The policies were also attached. ')
else:
    print(f'Redshift role {my_redshift_role_name} already exists ')


Redshift role my-experimental-Redshift-role-01 has been created. The policies were also attached. 


### Create a security group for Redshift

In [123]:
redshift_sg = ec2.create_security_group(
    Description='Allows 5432 trafic',
    GroupName='Redshift')
ec2.authorize_security_group_ingress(CidrIp='0.0.0.0/0', FromPort=5439, ToPort=5439, GroupId=redshift_sg['GroupId'], IpProtocol='TCP')
print(f"Refshift security group {redshift_sg['GroupId']} created successfuly")

Refshift security group sg-0a7d3117cc0d30bce created successfuly


### Allocate a public IP for Redshift

In [146]:
redshift_ip = ec2.allocate_address(Domain='vpc')
# [ redshift_ip['PublicIp'], redshift_ip['AllocationId'] ]
print(f"Redshift PublicIp: {redshift_ip['PublicIp']} for AllocationId: {redshift_ip['AllocationId']}")

Redshift PublicIp: 3.233.92.3 for AllocationId: eipalloc-0458f750f29e4dcea


### Create a Redshift cluster

In [147]:
# redshift_host = redshift_ip['PublicIp']
# https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/redshift.html#Redshift.Client.create_cluster
redshift_cluster = redshift.create_cluster(
    DBName=redshift_db,
    ClusterIdentifier=redshift_ClusterIdentifier,
    NodeType=redshift_NodeType,
    ClusterType=redshift_ClusterType,
#     change the next one (uncomment) if the redshift_ClusterType is multinode
#     see https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/redshift.html#Redshift.Client.create_cluster
#     NumberOfNodes=redshift_NumberOfNodes,
    MasterUsername=redshift_user,
    MasterUserPassword=redshift_MasterUserPassword,
    VpcSecurityGroupIds=[ redshift_sg['GroupId'] ],
    IamRoles=[ redshift_role['Arn'] ],
    ElasticIp=redshift_ip['PublicIp'],
    PubliclyAccessible=True,
    Encrypted=False)['Cluster']
redshift.get_waiter('cluster_available').wait(ClusterIdentifier=redshift_cluster['ClusterIdentifier'])
print(f"Redshift cluster {redshift_cluster['ClusterIdentifier']} has been created")

Redshift cluste my-experimental-redshift-cluster has been created


### Connecting to the cluster

In [148]:
%load_ext sql

In [152]:
redshift_url = f"postgresql://{redshift_user}:{redshift_MasterUserPassword}@{redshift_ip['PublicIp']}:5439/{redshift_db}"
print(f"Redshift connection string = '{redshift_url}'")
%sql $redshift_url

Redshift connection string = 'postgresql://redshift:kljhdfsKLJDD12345@3.233.92.3:5439/my-experimental-capstone-db'


In [153]:
%sql $redshift_url

In [155]:
%%sql
drop table if exists public.test_table;
create table if not exists public.test_table
(
    test_1  varchar,
    test_2    integer
)

 * postgresql://redshift:***@3.233.92.3:5439/my-experimental-capstone-db
Done.
Done.


[]

## Clean Up

### Delete Redshift cluster

In [None]:
redshift.delete_cluster(ClusterIdentifier=redshift_cluster['ClusterIdentifier'], SkipFinalClusterSnapshot=True)
redshift.get_waiter('cluster_deleted').wait(ClusterIdentifier=redshift_cluster['ClusterIdentifier'])
print('Redshift cluster deleted.')

### Release Redshift public IP

In [158]:
ec2.release_address(AllocationId=redshift_ip['AllocationId'])

{'ResponseMetadata': {'RequestId': '6ef62ee5-18a0-4ea0-a4bb-8a675b1a8a2f',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '6ef62ee5-18a0-4ea0-a4bb-8a675b1a8a2f',
   'cache-control': 'no-cache, no-store',
   'strict-transport-security': 'max-age=31536000; includeSubDomains',
   'content-type': 'text/xml;charset=UTF-8',
   'content-length': '229',
   'date': 'Sat, 26 Jun 2021 13:19:31 GMT',
   'server': 'AmazonEC2'},
  'RetryAttempts': 0}}

### Delete Redshift security group

In [159]:
ec2.delete_security_group(GroupId=redshift_sg['GroupId'])

{'ResponseMetadata': {'RequestId': '236dbbde-719e-4e54-9aea-07c9b7e661fe',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '236dbbde-719e-4e54-9aea-07c9b7e661fe',
   'cache-control': 'no-cache, no-store',
   'strict-transport-security': 'max-age=31536000; includeSubDomains',
   'content-type': 'text/xml;charset=UTF-8',
   'content-length': '239',
   'date': 'Sat, 26 Jun 2021 13:19:35 GMT',
   'server': 'AmazonEC2'},
  'RetryAttempts': 0}}

### Delete Redshift role

In [160]:
for attached_policy in iam.list_attached_role_policies(RoleName=redshift_role['RoleName'])['AttachedPolicies']:
        iam.detach_role_policy(RoleName=redshift_role['RoleName'], PolicyArn=attached_policy['PolicyArn'])
for policy_name in iam.list_role_policies(RoleName=redshift_role['RoleName'])['PolicyNames']:
    iam.delete_role_policy(RoleName=redshift_role['RoleName'], PolicyName=policy_name)
iam.delete_role(RoleName=redshift_role['RoleName'])

{'ResponseMetadata': {'RequestId': '4d22d16f-d066-47b8-a863-a3c7507fc76d',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '4d22d16f-d066-47b8-a863-a3c7507fc76d',
   'content-type': 'text/xml',
   'content-length': '200',
   'date': 'Sat, 26 Jun 2021 13:19:41 GMT'},
  'RetryAttempts': 0}}

### Cancel thr spot instance request

In [161]:
ec2.cancel_spot_instance_requests(SpotInstanceRequestIds=[ ec2_spot_id ])
# ec2.cancel_spot_instance_requests(SpotInstanceRequestIds=[ 'sir-rk8sj4bj' ])

{'CancelledSpotInstanceRequests': [{'SpotInstanceRequestId': 'sir-mfphg1pk',
   'State': 'cancelled'}],
 'ResponseMetadata': {'RequestId': '95463800-3e99-4b0f-aaac-daf82ac52deb',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '95463800-3e99-4b0f-aaac-daf82ac52deb',
   'cache-control': 'no-cache, no-store',
   'strict-transport-security': 'max-age=31536000; includeSubDomains',
   'content-type': 'text/xml;charset=UTF-8',
   'content-length': '426',
   'date': 'Sat, 26 Jun 2021 13:19:44 GMT',
   'server': 'AmazonEC2'},
  'RetryAttempts': 0}}

### Terminate the spot instance

In [162]:
ec2.terminate_instances(InstanceIds=[ ec2_vm_id ])
# ec2.terminate_instances(InstanceIds=[ 'i-080cf3bee321c8357' ])

{'TerminatingInstances': [{'CurrentState': {'Code': 32,
    'Name': 'shutting-down'},
   'InstanceId': 'i-0449127a7bf786f5c',
   'PreviousState': {'Code': 16, 'Name': 'running'}}],
 'ResponseMetadata': {'RequestId': '909c7bf8-c428-410d-8c25-efd18bba0014',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '909c7bf8-c428-410d-8c25-efd18bba0014',
   'cache-control': 'no-cache, no-store',
   'strict-transport-security': 'max-age=31536000; includeSubDomains',
   'content-type': 'text/xml;charset=UTF-8',
   'transfer-encoding': 'chunked',
   'vary': 'accept-encoding',
   'date': 'Sat, 26 Jun 2021 13:19:47 GMT',
   'server': 'AmazonEC2'},
  'RetryAttempts': 0}}

### Wait for the instance to terminate and release the IP address 

In [163]:
ec2.get_waiter('instance_terminated').wait(InstanceIds=[ ec2_vm_id ])
ec2.release_address(AllocationId=ec2_ip['AllocationId'])

#if stuck needs to be removed manualy from the console ( VPC -> Elastic IPs)
# ec2.get_waiter('instance_terminated').wait(InstanceIds=['i-080cf3bee321c8357'])
# ec2.release_address(AllocationId='eipassoc-026af42e9e3b0fb02')



{'ResponseMetadata': {'RequestId': 'b0758db3-df42-4fdf-b56f-18b7f8c0af62',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': 'b0758db3-df42-4fdf-b56f-18b7f8c0af62',
   'cache-control': 'no-cache, no-store',
   'strict-transport-security': 'max-age=31536000; includeSubDomains',
   'content-type': 'text/xml;charset=UTF-8',
   'content-length': '229',
   'date': 'Sat, 26 Jun 2021 13:20:22 GMT',
   'server': 'AmazonEC2'},
  'RetryAttempts': 0}}

### Delete security group

In [None]:
ec2.delete_security_group(GroupId=ec2_sg['GroupId'])

# ec2.delete_security_group(GroupId='sg-0a1592d4d67e19433')

### Delete the key-pair

In [None]:
ec2.delete_key_pair(KeyName=ec2_pem_name)

### Detach and delete the role policies

In [None]:
for attached_policy in iam.list_attached_role_policies(RoleName=ec2_role['RoleName'])['AttachedPolicies']:
    iam.detach_role_policy(RoleName=ec2_role['RoleName'], PolicyArn=attached_policy['PolicyArn'])
for policy_name in iam.list_role_policies(RoleName=ec2_role['RoleName'])['PolicyNames']:
    iam.delete_role_policy(RoleName=ec2_role['RoleName'], PolicyName=policy_name)

### Remove role from instance profile

In [None]:
iam.remove_role_from_instance_profile(InstanceProfileName=ec2_instance_profile['InstanceProfileName'], RoleName=ec2_role['RoleName'])

### Delete instance profile

In [None]:
iam.delete_instance_profile(InstanceProfileName=ec2_instance_profile['InstanceProfileName'])

### Delete the role

In [None]:
iam.delete_role(RoleName=ec2_role['RoleName'])

## ALL DONE