# Week 1 - Lab

This lab consists of a couple different exercises. First, we'll practice creating data frames from JSON files. In the second exercise we'll review some AWS concepts and create our first Cloud Formation stack.

**Table of Contents**

-   [Exercise 1](#exercise-1)
    -   [JSON](#json)
    -   [Pandas read_json](#pandas-read_json)
    -   [R rjson](#r-rjson)
-   [Exercise 2](#exercise-2)
    -   [Cloud Formation](#cloud-formation)
    -   [CIDR Notation](#cidr-exercise)
-   [Deliverables](#deliverables)

<a id='exercise-1'></a>
## Exercise 1

<a id='json'></a>
### JSON

[JSON](https://www.json.org/) stands for JavaScript Object Notation. It's not uncommon for source datasets to be encoded as JSON. Furthermore, JSON records may not be *flat*. That is, a JSON structure may contain other JSON structures. Here is a partial specification of JSON:

In [None]:
from IPython.display import Image
Image(filename='json_specification.png') 

The [New York Philharmonic](http://archives.nyphil.org/performancehistory/#program) has collected all of their *programs* in JSON documents. The data sets can be found [here](https://github.com/nyphilarchive/PerformanceHistory). Download the JSON file for the programs from [May 2004 until November 2011](https://github.com/nyphilarchive/PerformanceHistory/blob/master/Programs/json/2004-05_TO_2010-11.json).

<a id='pandas-read_json'></a>
### Pandas read_json

Let's try to read this JSON file into pandas DataFrame with [read_json](https://pandas.pydata.org/pandas-docs/stable/user_guide/io.html#reading-json). More specifically, I want a DataFrame that contains each *concert*. Each row must contain only the *general information* (*id*, *programID*, *orchestra*, *season*) and the *concert information* (*eventType* *Location*, *Venue*, *Date*, and *Time*).

We could try this:

In [None]:
import pandas as pd
performances = pd.read_json("2004-05_TO_2010-11.json")
performances.head()

That's not what we want. Let's try the JSON [normalization](https://pandas.pydata.org/pandas-docs/stable/user_guide/io.html#normalization) utility.

In [None]:
import json
from pandas.io.json import json_normalize

with open("2004-05_TO_2010-11.json") as f:
    p = json.load(f)
performances = json_normalize(p["programs"])
performances.head()

That looks a lot better. Now, use `json_normalize` and finish the task as specified. 

<a id='r-rjson'></a>
### R rjson

Complete the same task using the R package [rjson](https://cran.r-project.org/web/packages/rjson/rjson.pdf) (or some other json R package of your choosing). However, this time the output should be a data.frame of each *work*. Each row must contain only the *general information* (*id*, *programID*, *orchestra*, *season*) and the *works information* (*ID*, *composerName*, *workTitle*, and *conductorName*). You can omit the work *soloists*.

<a id='exercise-2'></a>
## Exercise 2

<a id='cloud-formation'></a>
### Cloud Formation

We'll discuss AWS [Cloud Formation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) in greater detail throughout the course, but the for the purposes of this lab, we will simply execute a Cloud Formation template provided below in order to create some basic AWS networking and computing infrastructure. 

I've already created a VPC, Internet Gateway, and a Route Table, which we will utilize. I did this manually through the AWS Dashboard. The VPC ID is *vpc-00b2b0d347ea0e3cc*. The Route Table ID is *rtb-0a2cf6dba7472c492*, and the Internet Gateway ID is *igw-03db1eeeb17ee8eaf*.

Additionally, I've created individual subnets for each student, and I've associated each subnet with the above route table. The Cloud Formation Script that I used to do this is below. In this lab, you will launch an EC2 instance into your assigned subnet and associate a Security Group your instance. 

```yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'CS4315 Summer 2019 Student Subnets'
Resources:
  CS4315Summer2019SubnetAkers:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.16.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Akers'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetAmaya:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.16.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: 'CS4315Summer2019-Subnet-Amaya'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetBarrette:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.17.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Barrette'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetBernicky:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.17.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Bernicky'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetChampion:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.18.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Champion'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetChavarria:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.18.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Chavarria'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetChavez:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.19.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Chavez'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetConrad:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.19.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019Subnet-Conrad'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetDeehr:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.20.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Deehr'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetDickerson:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.20.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Dickerson'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetEllis:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.21.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: 'CS4315Summer2019-Subnet-Ellis'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetFisher:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.21.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Fisher'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetFoullon:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.22.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: 'CS4315Summer2019-Subnet-Foullon'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetGossman:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.22.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Gossman'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetGreene:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.23.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Greene'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetGrier:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.23.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Grier'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetHarris:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.24.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Harris'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetHartman:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.24.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Hartman'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetIbarra:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.25.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Ibarra'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetLinse:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.25.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Linse'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetMaynes:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.26.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-Subnet-Maynes'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetSexauer:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.26.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: 'CS4315Summer2019-Subnet-Sexauer'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetUrabe:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.27.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: 'CS4315Summer2019-Subnet-Urabe'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetWickers:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.27.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: 'CS4315Summer2019-Subnet-Wickers'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetYoung:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.28.0/25'
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: 'CS4315Summer2019-Subnet-Young'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019SubnetInstructor:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: 'us-east-2b'
      CidrBlock: '192.168.28.128/25'
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: 'CS4315Summer2019-Subnet-Instructor'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
  CS4315Summer2019RtbAkers:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetAkers
  CS4315Summer2019RtbAmaya:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetAmaya
  CS4315Summer2019RtbBarrette:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetBarrette
  CS4315Summer2019RtbBernicky:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetBernicky
  CS4315Summer2019RtbChampion:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetChampion
  CS4315Summer2019RtbChavarria:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetChavarria
  CS4315Summer2019RtbChavez:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetChavez
  CS4315Summer2019RtbConrad:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetConrad
  CS4315Summer2019RtbDeehr:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetDeehr
  CS4315Summer2019RtbDickerson:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetDickerson
  CS4315Summer2019RtbEllis:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetEllis
  CS4315Summer2019RtbFisher:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetFisher
  CS4315Summer2019RtbFoullon:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetFoullon
  CS4315Summer2019RtbGossman:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetGossman
  CS4315Summer2019RtbGreene:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetGreene
  CS4315Summer2019RtbGrier:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetGrier
  CS4315Summer2019RtbHarris:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetHarris
  CS4315Summer2019RtbHartman:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetHartman
  CS4315Summer2019RtbIbarra:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetIbarra
  CS4315Summer2019RtbLinse:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetLinse
  CS4315Summer2019RtbMaynes:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetMaynes
  CS4315Summer2019RtbSexauer:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetSexauer
  CS4315Summer2019RtbUrabe:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetUrabe
  CS4315Summer2019RtbWickers:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetWickers
  CS4315Summer2019RtbYoung:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetYoung
  CS4315Summer2019RtbInstructor:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: 'rtb-0a2cf6dba7472c492'
      SubnetId: !Ref CS4315Summer2019SubnetInstructor
```

In order to create a Cloud Formation *Stack*, we will use the AWS command line interface (CLI). This a strict requirement for this course. You can obtain the AWS CLI from [here](https://aws.amazon.com/cli/). 

You will execute the following template, with some minor modifications. Wherever it says **Instructor** (5 places) in the below config, substitute your **LAST NAME**. Additionally, for the **Subnet ID**, you must use the Subnet ID of your assigned subnet.

```yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'CS4315 Basic EC2 Stack'
Resources:
  CS4315Summer2019EC2Instructor:
    Type: 'AWS::EC2::Instance'
    Properties:
      InstanceType: 'a1.medium'
      ImageId: 'ami-0dcd8f62a00af3d76'
      NetworkInterfaces:
      - AssociatePublicIpAddress: true
        DeviceIndex: 0
        GroupSet:
        - Ref: CS4315Summer2019SecurityGroupInstructor
        SubnetId: 'subnet-09e1bc3eb37714763'
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-EC2Instance-Instructor'
      KeyName: 'CS4315Summer2019-Key-Share'
  CS4315Summer2019SecurityGroupInstructor:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Inbound and outbound rules for CS4315 Basic EC2 instance
      SecurityGroupEgress:
      -
        CidrIp: '0.0.0.0/0'
        Description: All
        FromPort: 0
        IpProtocol: tcp
        ToPort: 65535
      SecurityGroupIngress:
      -
        CidrIp: '0.0.0.0/0'
        Description: SSH
        FromPort: 22
        IpProtocol: tcp
        ToPort: 22
      Tags:
      -
        Key: Name
        Value: 'CS4315Summer2019-SecurityGroup-Instructor'
      VpcId: 'vpc-00b2b0d347ea0e3cc'
```

A few things to note here.

- You can find more information about this particular [Ubuntu AMI](https://cloud-images.ubuntu.com/locator/ec2/)

- I created a [Create Key Pair](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) which I will share with you. Anyone that has the key, can log onto your EC2 instance.

- You can ssh into your machine with something like `ssh -i ~/.ssh/CS4315Summer2019-Key-Share.pem ubuntu@18.191.249.99`. Your IP address will be different, of course.

Once you have an AWS client, make sure your template is valid by running the following AWS CLI instruction.

`aws cloudformation validate-template --template-body file://NameOfYourStackFile.yaml`

Once you're confident that your template is correct you can create the stack.

`aws cloudformation create-stack --template-body file://NameOfYourStackFile.yaml --stack-name CS4315Summer2019-EC2Stack-YourLastName`

In all likelihood, the above command will fail because at this point you do not have valid credentials. In **every** AWS CLI API request, your credentials are validated. If you haven't created any credentials, then your API request will surely fail. So, let's retrieve your credentials. Note that these credentials are different than the Key Pair that I shared with you to log onto your EC2 instance. 

Here's a program written by Bruce Chiarelli in the NPS ITACS department. We will use this python script to retrieve credentials:

```python
#!/usr/bin/python 
import sys 
import boto3
import requests 
import getpass 
import configparser
import base64 
import xml.etree.ElementTree as ET
import os
from bs4 import BeautifulSoup 
from os.path import expanduser 
from urllib.parse import urlparse, urlunparse 
from requests.auth import HTTPBasicAuth
 
##########################################################################
# Variables 
 
# region: The default AWS region that this script will connect 
# to for all API calls
print("Available regions:")
print('\n'.join(boto3.session.Session().get_available_regions('sts')))

region = input("Choose a region (Default: us-west-2): ")
if region == '':
    region = "us-west-2"
 
# output format: The AWS CLI output format that will be configured in the 
# saml profile (affects subsequent CLI calls) 
outputformat = 'json'
 
# awsconfigfile: The file where this script will store the temp 
# credentials under the saml profile 
awsconfigfile = os.path.join(os.path.expanduser('~'), '.aws', 'credentials')
 
# SSL certificate verification: Whether or not strict certificate 
# verification is done, False should only be used for dev/test 
sslverification = True 
 
# idpentryurl: The initial URL that starts the authentication process. 
idpentryurl = 'https://id.nps.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=urn:amazon:webservices' 

##########################################################################

# Get the federated credentials from the user
username = input("Username: ")
password = getpass.getpass()

# Initiate session handler 
session = requests.Session() 
  
# Opens the initial AD FS URL and follows all of the HTTP302 redirects 
response = session.get(idpentryurl, verify=sslverification, auth=HTTPBasicAuth(username, password)) 

username = '##############################################'
password = '##############################################'
del username
del password

# Decode the response and extract the SAML assertion 
soup = BeautifulSoup(response.text, features="html.parser")
assertion = '' 
 
# Look for the SAMLResponse attribute of the input tag (determined by 
# analyzing the debug print lines above) 
for inputtag in soup.find_all('input'): 
    if(inputtag.get('name') == 'SAMLResponse'): 
        assertion = inputtag.get('value')

# Parse the returned assertion and extract the authorized roles 
awsroles = []
root = ET.fromstring(base64.b64decode(assertion))
 
for saml2attribute in root.iter('{urn:oasis:names:tc:SAML:2.0:assertion}Attribute'): 
    if (saml2attribute.get('Name') == 'https://aws.amazon.com/SAML/Attributes/Role'): 
        for saml2attributevalue in saml2attribute.iter('{urn:oasis:names:tc:SAML:2.0:assertion}AttributeValue'):
            awsroles.append(saml2attributevalue.text)
 
# Note the format of the attribute value should be role_arn,principal_arn 
# but lots of blogs list it as principal_arn,role_arn so let's reverse 
# them if needed 
for awsrole in awsroles: 
    chunks = awsrole.split(',') 
    if'saml-provider' in chunks[0]:
        newawsrole = chunks[1] + ',' + chunks[0] 
        index = awsroles.index(awsrole) 
        awsroles.insert(index, newawsrole) 
        awsroles.remove(awsrole)

# If I have more than one role, ask the user which one they want, 
# otherwise just proceed 
print("")
if len(awsroles) > 1: 
    i = 0 
    print("Please choose the role you would like to assume:")
    for awsrole in awsroles: 
        print('[', i, ']: ', awsrole.split(',')[0])
        i += 1 

    selectedroleindex = input("Select a role: ") 
 
    # Basic sanity check of input 
    if int(selectedroleindex) > (len(awsroles) - 1): 
        print('You selected an invalid role index, please try again')
        sys.exit(0) 
 
    role_arn = awsroles[int(selectedroleindex)].split(',')[0] 
    principal_arn = awsroles[int(selectedroleindex)].split(',')[1]
 
else: 
    role_arn = awsroles[0].split(',')[0] 
    principal_arn = awsroles[0].split(',')[1]

# Use the assertion to get an AWS STS token using Assume Role with SAML
client = boto3.client('sts')
token = client.assume_role_with_saml(RoleArn=role_arn, PrincipalArn=principal_arn, SAMLAssertion=assertion)

config = configparser.RawConfigParser()
config.read(awsconfigfile)

profilename = input("Enter a profile name (Default: overwrite the \"default\" profile): ")
if profilename == '':
    profilename = "default"
# Put the credentials into a specific profile instead of clobbering
# the default credentials
if not config.has_section(profilename):
    config.add_section(profilename)

config.set(profilename, 'output', outputformat)
config.set(profilename, 'region', region)
config.set(profilename, 'aws_access_key_id', token['Credentials']['AccessKeyId'])
config.set(profilename, 'aws_secret_access_key', token['Credentials']['SecretAccessKey'])
config.set(profilename, 'aws_session_token', token['Credentials']['SessionToken'])

if not os.path.exists(os.path.dirname(awsconfigfile)):
    os.mkdir(os.path.dirname(awsconfigfile))

# Write the updated config file
with open(awsconfigfile, 'w+') as configfile:
    config.write(configfile)

# Give the user some basic info as to what has just happened
print('Your new access key pair has been stored in the AWS configuration file {0} under the {1} profile.'.format(awsconfigfile, profilename))
print('It will expire at {0}. Rerun this script at any time to get a new access key.'.format(token['Credentials']['Expiration'].strftime('%Y-%m-%d %H:%M:%S')))
if profilename != 'default':
    print('To use this credential call the AWS CLI with the --profile option (e.g. aws --profile saml ec2 describe-instances).')
```

Don't worry about the content of the program. You are just going to execute it. However, if you'd like to dive deeper, you can observe that the program visits the NPS ID server https://id.nps.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=urn:amazon:webservices to verify your identity through LDAP. The program then returns temporary AWS credentials to you, which are based on your AWS *Role*. We have given you a *Power User* role, which has the ability to do most things in AWS, except for some very priviledged tasks. Please use these privledges responsibly. I will outline some ground rules at the end of this lab, which you need to acknowledge.

You can save the above program as *fetch_aws_credentials.py*, if you like. Execute the program with `python fetch_aws_credentials.py`, and follow the on-screen prompts. Use your LDAP username and password (i.e. the username and password you used to log onto AWS). For the **region**, use **us-east-2**. If you don't use the correct region, your Stack will fail to create because the VPC that we are using only exists in **us-east-2**. Finally, pick a **profile** name for your credentials. The profile name can be anything. You'll need to remember the name when you issue AWS CLI commands.

Now, create your Stack with `aws cloudformation create-stack --template-body file://NameOfYourStackFile.yaml --stack-name CS4315Summer2019-EC2Stack-YourLastName --profile theProfileNameYouChoseAbove`

**AWS Usage Groud Rules**

-   Don't create any resources outside of your assigned subnet, without explicit permission
-   Tag all of your resources with *CS4315Summer2019-ResourceDescription-YourLastName*
-   Don't delete other students' resources
-   Unless explicitly instructed, only create resources with Cloud Formation stack templates
-   Unless explicitly instructed, don't create any EC2 instances larger than *a1.medium*
-   In general, you shouldn't be creating resources outside the scope of the lab assignments
-   The account is shared by other people. Don't delete resources that aren't yours. Leave it alone if you are not sure, or ask me. 
-   Again, **TAG ALL OF YOUR RESOURCES**. I will have to clean up after the course, and this will make my job a lot easier and will reduce the chances of having unknown resources which consume $$$.

<a id='cidr-exercise'></a>
## CIDR Notation

Let's say that I've assigned the following CIDR block to a VPC: `192.168.16.0/20`. Next, I create *Subnet A* within the VPC with CIDR block `192.168.16.128/25`. 

CIDR blocks are not allowed to overlap between subnets (i.e. no two subnets can contain the same IP address). Is it okay to create *Subnet B* with CIDR block `192.168.31.128/25`? What about `192.168.16.64/26`? Provide a brief description of your reasoning.

<a id='deliverables'></a>
## Deliverables

Submit all deliverables via the Assignments tab in CLE.

- The python and R code that was used to solve Exercise 1 (10 pts)
- There is no deliverable for the Cloud Formation exercise, but I need to be able to ssh into your EC2 instance by the due date (10 pts)
- The answer to the CIDR Notation exercise (10 pts)
- Acknowledge the AWS Usage Ground Rules (10 pts)