# Infrustructure as Code

### Import libraries

In [5]:
import boto3
import configparser
from botocore.exceptions import ClientError
import json
import psycopg2
%load_ext sql

The sql extension is already loaded. To reload it, use:
  %reload_ext sql


### Read in configuration file and assign config data to variables

In [14]:
config = configparser.ConfigParser()
config.read_file(open('dwh.cfg'))

key = config.get('AWS','key')
secret = config.get('AWS','secret')

cluster_identifier = config.get('REDSHIFT','cluster_identifier')
cluster_type = config.get('REDSHIFT','cluster_type')
node_type = config.get('REDSHIFT','node_type')
database_name = config.get('REDSHIFT','db_name')
username = config.get('REDSHIFT','username')
password = config.get('REDSHIFT','password')
port = config.get('REDSHIFT','port')

role_name = config.get('IAM', 'role_name')
policy_name = config.get('IAM', 'policy_name')

### Create an IAM client

In [7]:
iam = boto3.client('iam',aws_access_key_id=key,
                     aws_secret_access_key=secret,
                     region_name='us-east-1'
                  )

### Create a role to attach to IAM 

In [8]:
try:
    warehouse_role = iam.create_role(
        RoleName = role_name,
        Description = 'Allows Redshift cluster to call AWS services on behalf of the user',
        AssumeRolePolicyDocument = json.dumps(
            {
                'Statement': [
                    {
                        'Action': 'sts:AssumeRole',
                        'Effect': 'Allow',
                        'Principal': {
                            'Service': 'redshift.amazonaws.com'
                        }
                     }
                ],
                'Version': '2012-10-17'
            }
        )
    )
    print("Role named '{}' has been created".format(role_name))

except Exception as e:
    print(str(e))    

Role named 'redshiftrole' has been created


### Attach s3 access policy to IAM Role

In [9]:
try:
    iam.attach_role_policy(
        RoleName=role_name,
        PolicyArn='arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess'
    )['ResponseMetadata']['HTTPStatusCode']   
except Exception as e:
    print(str(e))

### Extract ARN from IAM Role

In [10]:
role_arn = iam.get_role(
    RoleName = role_name
)['Role']['Arn']

print("Role {}'s ARN is: {}".format(role_name, role_arn))

Role redshiftrole's ARN is: arn:aws:iam::406724209145:role/redshiftrole


## Redshift

### Create a Redshift client 

In [11]:
redshift = boto3.client('redshift',
                       region_name='us-east-1',
                       aws_access_key_id=key,
                       aws_secret_access_key=secret
                       )

### Check to see if a cluster already exists, delete if true

In [12]:
try:
    redshift.delete_cluster(
        ClusterIdentifier = cluster_identifier,
        SkipFinalClusterSnapshot = True,
    )

    print("The cluster '{}' already exists".format(cluster_identifier))
    print("Deleting '{}'...".format(cluster_identifier))
    
    # Create a waiter object that will check to see if cluster has been deleted if it exists 
    # Checks every 20 seconds, 30 tries if needed
    redshift_waiter = redshift.get_waiter('cluster_deleted')
    redshift_waiter.wait(
        ClusterIdentifier = cluster_identifier,
        WaiterConfig={
            'Delay': 20,
            'MaxAttempts':20
        }
    )
    print("{} was successfully deleted".format(cluster_identifier))
    
except:
    print("There are no clusters called {}.".format(cluster_identifier))
    

There are no clusters called Sparkify-clutser.


### Create a new cluster

In [13]:
try:
    cluster = redshift.create_cluster(
        DBName=database_name,
        ClusterIdentifier=cluster_identifier,
        ClusterType=cluster_type,
        NodeType=node_type,
        MasterUsername=username,
        MasterUserPassword=password,
        Port=int(port),
        IamRoles=[role_arn]
    )

    print("Creating a new cluster called {}.".format(cluster_identifier))
    
    # Create a waiter object that will check to see if cluster is available
    # Checks every 20 seconds, 30 tries if needed
    waiter = redshift.get_waiter('cluster_available')
    waiter.wait(
        ClusterIdentifier=cluster_identifier,
        WaiterConfig={
                'Delay': 20,
                'MaxAttempts':20
            }
    )

    print("{} is up and running.".format(cluster_identifier))

except Exception as e:
    print(str(e)) 

Creating a new cluster called Sparkify-clutser.
Sparkify-clutser is up and running.


### Get cluster endpoint and vpc security group

In [15]:
clusters = redshift.describe_clusters(
    ClusterIdentifier=cluster_identifier
)['Clusters']
        
cluster_endpoint = clusters[0]['Endpoint']['Address']
vpc_security_group_id = clusters[0]["VpcSecurityGroups"][0]['VpcSecurityGroupId']

print("The endpoint for {} is {}.".format(cluster_identifier, cluster_endpoint))
print("The VPC security group ID for '{}' is '{}'.".format(vpc_security_group_id, cluster_identifier))

The endpoint for Sparkify-clutser is sparkify-clutser.cy91beix6dy8.us-east-1.redshift.amazonaws.com.
The VPC security group ID for 'sg-0f91be8569b75756a' is 'Sparkify-clutser'.


## EC2

### Create an ec2 instance

In [17]:
try:
    ec2 = boto3.resource('ec2',
                         region_name='us-east-1',
                         aws_access_key_id=key,
                         aws_secret_access_key=secret
    )

    ec2_security_group = ec2.SecurityGroup(vpc_security_group_id)

    ec2_security_group.authorize_ingress(
        GroupName = ec2_security_group.group_name,
        CidrIp='0.0.0.0/0',
        IpProtocol='TCP',
        FromPort=int(port),
        ToPort=int(port)
    )
except Exception as e:
    print(e)

## Create a connection to the database and test

In [18]:
conn_string = "postgresql://{}:{}@{}:{}/{}".format(
    username,
    password,
    cluster_endpoint,
    port,
    database_name
)

print(conn_string)


%sql $conn_string

postgresql://awsuser:Scott123@sparkify-clutser.cy91beix6dy8.us-east-1.redshift.amazonaws.com:5439/sparkify


'Connected: awsuser@sparkify'

## Delete Redshift cluster

In [19]:
try:
    redshift.delete_cluster(
        ClusterIdentifier = cluster_identifier,
        SkipFinalClusterSnapshot = True,
    )
    
    print("Now deleting {}...".format(cluster_identifier))
    
    # Create a waiter object that will check to see if cluster has been deleted
    # Checks every 20 seconds, 30 tries if needed
    delete_waiter = redshift.get_waiter('cluster_deleted')
    delete_waiter.wait(
        ClusterIdentifier=cluster_identifier,
        WaiterConfig={
            'Delay': 20,
            'MaxAttempts':30
        }
    )
    
    print("{} has been deleted.".format(cluster_identifier))
    
except :
    print("{} does not exist.".format(cluster_identifier))    

Now deleting Sparkify-clutser...
Sparkify-clutser has been deleted.


## Detach S3 policy from IAM role 

In [20]:
try:
    iam.detach_role_policy(RoleName=role_name, PolicyArn="arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess")
    iam.delete_role(RoleName=role_name)
except :
    print("{} does not exist.".format(role_name)) 