In [72]:
import os

import boto3
import botocore
import configparser

from botocore.exceptions import ClientError

In [93]:
config_aws = configparser.ConfigParser()
config_aws.read_file(open('../config/aws_credentials.cfg'))

KEY                    = config_aws.get('AWS','KEY')
SECRET                 = config_aws.get('AWS','SECRET')
IAM_ARN                = config_aws.get('AWS', 'IAM_ARN')

In [74]:
config_instance = configparser.ConfigParser()
config_instance.read_file(open('../config/aws_setup.cfg'))

AMI_ID                 = config_instance.get("AWS", "AMI_ID")
KEY_PAIR_NAME          = config_instance.get("AWS", "KEY_PAIR_NAME")
## EC2 config
EC2_REGION             = config_instance.get("EC2", "REGION")
EC2_TYPE               = config_instance.get("EC2", "INSTANCE_TYPE")
EC2_NAME               = config_instance.get("EC2", "NAME")
## VPC config
VPC_NAME               = config_instance.get("VPC", "NAME")
VPC_CIDR_BLOCK         = config_instance.get("VPC", "CIDR_BLOCK")
## public subnet config
PUB_SUBNET_NAME        = config_instance.get("SUBNET", "PUB_SUBNET_NAME")
PUB_SUBNET_CIDR_BLOCK  = config_instance.get("SUBNET", "PUB_SUBNET_CIDR_BLOCK")
PUB_SUBNET_REGION      = config_instance.get("SUBNET", "PUB_SUBNET_REGION")
PVR_SUBNET_NAME        = config_instance.get("SUBNET", "PVR_SUBNET_NAME")
## public subnet for EMR cluster config
PUB_SPARK_SUBNET_NAME        = config_instance.get("SUBNET", "PUB_SPARK_SUBNET_NAME")
PUB_SPARK_SUBNET_CIDR_BLOCK  = config_instance.get("SUBNET", "PUB_SPARK_SUBNET_CIDR_BLOCK")
PUB_SPARK_SUBNET_REGION      = config_instance.get("SUBNET", "PUB_SPARK_SUBNET_REGION")
## private subnet (empty)
PVR_SUBNET_NAME        = config_instance.get("SUBNET", "PVR_SUBNET_NAME")
PVR_SUBNET_CIDR_BLOCK  = config_instance.get("SUBNET", "PVR_SUBNET_CIDR_BLOCK")
PVR_SUBNET_REGION      = config_instance.get("SUBNET", "PVR_SUBNET_REGION")
## private subnet for RDS
PVR_RDS_SUBNET_NAME        = config_instance.get("SUBNET", "PVR_RDS_SUBNET_NAME")
PVR_RDS_SUBNET_CIDR_BLOCK  = config_instance.get("SUBNET", "PVR_RDS_SUBNET_CIDR_BLOCK")
PVR_RDS_SUBNET_REGION      = config_instance.get("SUBNET", "PVR_RDS_SUBNET_REGION")
## route table config
RT_NAME                = config_instance.get("ROUTE_TABLE", "NAME")
## internet gateway config
IG_NAME                = config_instance.get("IG", "NAME")
## security group
RDS_SG_NAME            = config_instance.get("SG", 'RDS_SG_NAM')
RDS_NAME               = config_instance.get("RDS", "NAME")
RDS_IDENTIFIER         = config_instance.get("RDS", "RDS_IDENTIFIER")


In [75]:
def get_keypair(ec2):
    # call the boto ec2 function to create a key pair
    key_pair = ec2.create_key_pair(KeyName=KEY_PAIR_NAME)
    print("Created a new key pair in AWS.")

    # capture the key and store it in a file
    KeyPairOut = str(key_pair.key_material)

    # create a file to store the key locally
    print("Saving the keypair.")
    key_pair_path = KEY_PAIR_NAME + '.pem'
    with open(key_pair_path, 'w') as f:
        f.write(KeyPairOut)
    os.chmod(key_pair_path, 0o600)
    print("Changed access permission to read-only.")

In [76]:
def create_vpc(ec2):
    # create a new VPC
    print("Creating VPC...")
    vpc = ec2.create_vpc(CidrBlock=VPC_CIDR_BLOCK,
                         TagSpecifications=[{'ResourceType': 'vpc',
                                             'Tags':[{"Key": "Name", 
                                                      "Value": VPC_NAME},
                                                    ]
                                            }])
    
    # wait till available and return VPC ID
    vpc.wait_until_available()
    print(f"VPC {VPC_NAME} is available!")
    return vpc

In [77]:
def create_subnet(ec2, vpc, 
                  subnet_name,
                  subnet_region, 
                  subnet_cidr_block,
                  subnet_type='private'):
    # create a public subnet within the VPC
    print("Creating a "+subnet_type+" subnet...")
    subnet = ec2.create_subnet(
        AvailabilityZone=subnet_region,
    #     AvailabilityZoneId='use2-az2',
        CidrBlock=subnet_cidr_block,
        VpcId=vpc.vpc_id,
        DryRun=False,
        TagSpecifications=[{
            'ResourceType':'subnet',
            'Tags':[{"Key": "Name", "Value": subnet_name},
                   ]
        }])
    print(f"Subnet {subnet_name} is available!")
    return subnet

In [78]:
def stop_instance(ec2_client, instances):
    # get a list of instance ids
    instances_ids = [i.instance_id for i in instances]
    # start the instances
    ec2_client.stop_instances(InstanceIds=instances_ids)
    
    # wait till instance is stopped
    waiter = ec2_client.get_waiter('instance_stopped')
    waiter.wait(InstanceIds=instances_ids)
    print("EC2 instance has stopped!")

In [79]:
def start_instance(ec2_client, instances):
    # get a list of instance ids
    instances_ids = [i.instance_id for i in instances]
    # start the instances
    ec2_client.start_instances(InstanceIds=instances_ids)
    
    # wait till instance is ready
    waiter = ec2_client.get_waiter('instance_running')
    waiter.wait(InstanceIds=instances_ids)
    print("EC2 instance is ready!")

In [80]:
## create a ec2 resource instance
ec2 = boto3.resource('ec2', 
                    region_name = EC2_REGION,
                    aws_access_key_id = KEY,
                    aws_secret_access_key = SECRET)

In [81]:
## create a ec2 client instnace
ec2_client = boto3.client('ec2')

In [82]:
rds_client = boto3.client('rds')

In [84]:
## create a key pair and download them 
get_keypair(ec2)

Created a new key pair in AWS.
Saving the keypair.
Changed access permission to read-only.


In [85]:
## create a VPC instance
vpc = create_vpc(ec2)

Creating VPC...
VPC IMMIGRATE_DEMOGRAPHICS_VPC is available!


In [86]:
# create a public subnet
subnet_pub_ec2 = create_subnet(ec2=ec2, vpc=vpc, subnet_name=PUB_SUBNET_NAME,
                        subnet_region=PUB_SUBNET_REGION, 
                        subnet_cidr_block=PUB_SUBNET_CIDR_BLOCK,
                        subnet_type='public')
# create a private subnet
subnet_prv_empty = create_subnet(ec2=ec2, vpc=vpc, subnet_name=PVR_SUBNET_NAME,
                        subnet_region=PVR_SUBNET_REGION, 
                        subnet_cidr_block=PVR_SUBNET_CIDR_BLOCK,
                        subnet_type='private')

Creating a public subnet...
Subnet IMMIGRATE_DEMOGRAPHICS_PUB is available!
Creating a private subnet...
Subnet IMMIGRATE_DEMOGRAPHICS_PVR is available!


In [87]:
## create a public subnet for EMR cluster
subnet_pub_emr = create_subnet(ec2=ec2, vpc=vpc, subnet_name=PUB_SPARK_SUBNET_NAME,
                        subnet_region=PUB_SPARK_SUBNET_REGION,
                        subnet_cidr_block=PUB_SPARK_SUBNET_CIDR_BLOCK,
                        subnet_type="public")
subnet_prv2_rds = create_subnet(ec2=ec2, vpc=vpc, subnet_name=PVR_RDS_SUBNET_NAME,
                        subnet_region=PVR_RDS_SUBNET_REGION,
                        subnet_cidr_block=PVR_RDS_SUBNET_CIDR_BLOCK,
                        subnet_type="private")

Creating a public subnet...
Subnet IMMIGRATE_DEMOGRAPHICS_SPARK_PUB is available!
Creating a private subnet...
Subnet IMMIGRATE_DEMOGRAPHICS_RDS_PVR is available!


In [88]:
## create internet gateway
ig = ec2.create_internet_gateway(TagSpecifications=[{
            'ResourceType':'internet-gateway',
            'Tags':[{"Key": "Name", "Value": IG_NAME},
                   ]}])
## attach the internet gateway to the VPC
vpc.attach_internet_gateway(InternetGatewayId = ig.id)

{'ResponseMetadata': {'RequestId': '7e3e92b4-283b-45fd-b34c-84f469698ce2',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '7e3e92b4-283b-45fd-b34c-84f469698ce2',
   'content-type': 'text/xml;charset=UTF-8',
   'content-length': '243',
   'date': 'Fri, 09 Oct 2020 18:45:11 GMT',
   'server': 'AmazonEC2'},
  'RetryAttempts': 0}}

In [89]:
###### the next 2 steps is to allow SSH connection from outside of VPC to the EC instance

In [90]:
## 1.1 create a new route table for public subnet and
routetable = vpc.create_route_table(
    TagSpecifications=[
        {
            'ResourceType': 'route-table',
            'Tags': [
                {
                    'Key': 'Name',
                    'Value': RT_NAME
                },
            ]
        },
    ]
)
## 1.2 create new route, that allows traffic outside of VPC to go to the internet gateway
route = routetable.create_route(DestinationCidrBlock='0.0.0.0/0', GatewayId=ig.id)
## 1.3 attach the new route to the public subnet
routetable.associate_with_subnet(SubnetId=subnet_pub_ec2.id)
routetable.associate_with_subnet(SubnetId=subnet_pub_emr.id)

ec2.RouteTableAssociation(id='rtbassoc-0c65bf40afd9840ce')

In [91]:
## 2.1 get default security group id
sg = ec2_client.describe_security_groups(Filters=[{'Name': 'vpc-id',
                                                    'Values': [vpc.vpc_id]}
                                                 ])

for sg_ in sg['SecurityGroups']:
    if sg_['Description'] == 'default VPC security group':
        sg_default = sg_
        break
        
sg_default_id = sg_default['GroupId']
## 2.2 add imbound rule for the security group, allowing SSH connect from all the internet
ec2_client.authorize_security_group_ingress(GroupId = sg_default_id,
                                        IpPermissions=[
                                        {
                                            'FromPort': 22,
                                            'IpProtocol': 'tcp',
                                            'IpRanges': [
                                                {
                                                    'CidrIp': '0.0.0.0/0',
                                                    'Description': 'SSH access from outside',
                                                },
                                            ],
                                            'ToPort': 22,
                                        },
                                        {
                                            "FromPort": 8080,
                                            "IpProtocol": "tcp",
                                            "IpRanges": [
                                                {
                                                    "CidrIp": "0.0.0.0/0",
                                                    "Description": "Apache Airflow",
                                                },
                                            ],
                                            "ToPort": 8080,
                                        }
                                    ],)

{'ResponseMetadata': {'RequestId': 'd5196968-635f-4f8b-9611-b6a5e239adf0',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': 'd5196968-635f-4f8b-9611-b6a5e239adf0',
   'content-type': 'text/xml;charset=UTF-8',
   'content-length': '259',
   'date': 'Fri, 09 Oct 2020 18:45:22 GMT',
   'server': 'AmazonEC2'},
  'RetryAttempts': 0}}

In [94]:
## create EC2 instance
instances = ec2.create_instances(
     ImageId=AMI_ID,
     MinCount=1,
     MaxCount=1,
     InstanceType=EC2_TYPE,
     KeyName=KEY_PAIR_NAME,
     NetworkInterfaces=[{
             'DeviceIndex':0,
             'SubnetId': subnet_pub_ec2.id}],
#               'SubnetId': 'subnet-0ee2d46148e05870f'}],
     TagSpecifications=[{
            'ResourceType':'instance',
            'Tags':[{"Key": "Name", "Value": EC2_NAME}]
            }]
 )

# get instance ids
instances_ids = [i.instance_id for i in instances]

# wait till instance is ready
waiter = ec2_client.get_waiter('instance_running')
waiter.wait(InstanceIds=instances_ids)


KeyboardInterrupt: 

In [None]:
# ## associate IAM instance profile to running EC2 instance
# ec2_client.associate_iam_instance_profile(
#     IamInstanceProfile={
#         'Arn': IAM_ARN,
#         'Name': 'string'
#     },
#     InstanceId='string'
# )
# )

In [107]:
## create new EIP and attach it to existing EC2 instance
instance_id = instances[0].instance_id
try:
    allocation = ec2_client.allocate_address(Domain='vpc')
    response = ec2_client.associate_address(AllocationId=allocation['AllocationId'],
                                        InstanceId='i-027b435789a791103')
#                                      InstanceId=instance_id)
    print(response)
except ClientError as e:
    print(e)
print(f"\nThe EIP is: {allocation['PublicIp']}")

{'AssociationId': 'eipassoc-0d4f045c3ca7e141f', 'ResponseMetadata': {'RequestId': 'fd817438-44a3-41c8-9758-3bcaa6842794', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': 'fd817438-44a3-41c8-9758-3bcaa6842794', 'content-type': 'text/xml;charset=UTF-8', 'content-length': '295', 'date': 'Fri, 09 Oct 2020 19:18:00 GMT', 'server': 'AmazonEC2'}, 'RetryAttempts': 0}}

The EIP is: 18.189.235.99


In [96]:
## 3.1 create security group for RDS
rds_sg = ec2_client.create_security_group(
#      VpcId=vpc.id,
    Description="IMMIGRATE_RDS_SG",
    GroupName="IMMIGRATE_RDS_SG",
    VpcId=vpc.id,
    TagSpecifications=[{
        'ResourceType':'security-group',
         'Tags':[{"Key": "Name", "Value": RDS_SG_NAME}]
        }]
)

In [97]:
rds_sg

{'GroupId': 'sg-0369da460f67f0275',
 'Tags': [{'Key': 'Name', 'Value': 'IMMIGRATE_RDS_SG'}],
 'ResponseMetadata': {'RequestId': '7bee94a4-1e3a-434a-a2ae-8443e2c399c4',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '7bee94a4-1e3a-434a-a2ae-8443e2c399c4',
   'content-type': 'text/xml;charset=UTF-8',
   'content-length': '413',
   'date': 'Fri, 09 Oct 2020 19:14:47 GMT',
   'server': 'AmazonEC2'},
  'RetryAttempts': 0}}

In [103]:
## 3.2 get default security group id
sg = ec2_client.describe_security_groups(Filters=[{'Name': 'vpc-id',
                                                    'Values': [vpc.vpc_id]}
                                                 ])

for sg_ in sg['SecurityGroups']:
    if sg_['Description'] == 'default VPC security group':
        sg_default = sg_
        break
        
sg_default_id = sg_default['GroupId']

In [99]:
## 3.3 allow TCP connect to port 5432
ec2_client.authorize_security_group_ingress(GroupId = rds_sg['GroupId'],
                                        IpPermissions=[
                                        {
                                            'FromPort': 5432,
                                            'IpProtocol': 'tcp',
                                            'UserIdGroupPairs': [
                                                {
                                                    'GroupId': sg_default_id,
                                                    'Description': 'Postgres RDS',
                                                },
                                            ],
                                            'ToPort': 5432,
                                        },
                                    ],)

{'ResponseMetadata': {'RequestId': 'cd458640-b7b4-462e-885b-fb377658b1cf',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': 'cd458640-b7b4-462e-885b-fb377658b1cf',
   'content-type': 'text/xml;charset=UTF-8',
   'content-length': '259',
   'date': 'Fri, 09 Oct 2020 19:14:51 GMT',
   'server': 'AmazonEC2'},
  'RetryAttempts': 0}}

In [104]:
## 3.4 create subnet group
subnet_group = rds_client.create_db_subnet_group(
    DBSubnetGroupName='IMMIGRATE_RDS_SUBNET_GROUPS',
    DBSubnetGroupDescription='IMMIGRATE_RDS_SUBNET_GROUPS',
    SubnetIds=[
        subnet_prv_empty.id,
        subnet_prv2_rds.id
    ],
    Tags=[
        {
            'Key': 'Name',
            'Value': 'IMMIGRATE_RDS_SUBNET_GROUPS'
        },
    ]
)

In [105]:
RDS_NAME

'IMMIGRATE_DEMOGRAPHICS_DB'

In [110]:
## 3.5 create database instance
rds_instance = rds_client.create_db_instance(
                   DBInstanceIdentifier=RDS_IDENTIFIER,
                   AllocatedStorage=20,
                   DBName=RDS_NAME,
                   Engine='postgres',
                   # General purpose SSD
                   StorageType='gp2',
#                    StorageEncrypted=True,
#                    AutoMinorVersionUpgrade=True,
                   # Set this to true later?
                   MultiAZ=False,
                   MasterUsername='immigrate_demo',
                   MasterUserPassword='pGs7TSpd',
                   VpcSecurityGroupIds=[rds_sg['GroupId']],
                   DBSubnetGroupName='immigrate_rds_subnet_groups',
                   DBInstanceClass='db.t2.micro' 
                        #,
#                    Tags=[{'Key': 'MyTag', 'Value': 'Hawaii'}]
)

# wait till instance is ready
waiter = rds_client.get_waiter('db_instance_available')
waiter.wait(DBInstanceIdentifier=RDS_IDENTIFIER)

In [None]:
rds_instance