DevOps AWS EC2 Environment - larz7/larzworksamples GitHub Wiki

Overview

The complexities of managing multiple VPCs in the DevOps AWS EC2 environment demands that DevOps have full visibility into all changes that occur. The primary method used is running diff snapshots. At this time, some snapshot processes are run manually and some diff processes are automated.

Prerequisites

  • Install jq
  • Install colordiff
  • Set the STATE_REPO_DIR environment variable to the location of the state-repo.

Set Up and Configure AWS CLI

If you do not have AWS CLI installed, check here for instructions.

After installing AWS CLI, configure it using the AWS configure command.

aws configure
AWS Access Key ID [None]: AKIAxxxxxxNN7 **EXAMPLE**
AWS Secret Access Key [None]: wJalxxxxxFEMI/K7MDENG/xxxxxx **EXAMPLEKEY**
Default region name [None]: us-west-2
Default output format [None]: ENTER

State Commands

State commands are used to automate processes that define the state of an EC2 instance.

The following top level commands should be used by automation scripts that are created.

  • init-state takes a snapshot of the current state and places is within STATE_REPO_DIR.
  • diff-state takes a new snapshot of the current state and places it within /tmp then compares the state to the saved state under STATE_REPO_DIR.
  • commit-state commits the diffs to git under STATE_REPO_DIR.

aws-state Commands

aws-state setup
aws-state capture vpc-ffffffff --create # --create is passed the first time only
aws-state diff vpc-ffffffff

Diffing the AWS EC2 Environment

Perform the following to take a snapshot and diff the entire environment.

Clone the awsctl project

git clone https://github.xxx.xxxx.net/xxxx/awsctl.git

Add awsctl to your PATH

export PATH=$PATH:$PWD/awsctl

Clone the cloud-state repository

git clone https://github.xxx.xxxx.net/xxx/cloud-state.git

set the STATE_REPO_DIR environment variable

export STATE_REPO_DIR=$PWD/cloud-state

Run the script

diff-commit-all

Use Cases for awsctl

We use AWS EC2 to host considerable network traffic. Within EC2 are several VPCs to manage.

A VPC (Virtual Private Cloud) is a virtual network with its own IP address range, subnets, route tables, network gateways, and security settings. This section details how to extract details for all VPCs in our AWS EC2 environment.

List all VPCs

$ awsctl list vpcs
VPC ID			STATE		CIDR BLOCK
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.x.0.0/16
vpc-ffffffff	available	10.x.0.0/16
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.xx.xxx.0/24
vpc-ffffffff	available	10.xx.0.0/16
vpc-ffffffff	available	10.0.0.0/16
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.x.0.0/16
vpc-ffffffff	available	10.x.0.0/16
vpc-ffffffff	available	10.xxx.0.0/16
vpc-ffffffff	available	10.x.x.0/24
vpc-ffffffff	available	10.xx.xxx.0/24
vpc-ffffffff	available	10.xxx.0.0/24
vpc-ffffffff	available	10.xxx.0.0/16

Describe VPC by VPC-ID

$ awsctl describe vpcs --vpcId vpc-xxxxxxxx
{
  "VpcId": "vpc-xxxxxxxx",
  "InstanceTenancy": "default",
  "Tags": [
    {
      "Value": "dev-drm-vpc-xxxxxxxx-xxxxxxxxxxxx-xxxxxxxxxxxxx",
      "Key": "Name"
    },
    {
      "Value": "DrmVpcId",
      "Key": "aws:cloudformation:logical-id"
    },
    {
      "Value": "arn:aws:cloudformation:us-east-1:xxxxxxxxxxxx:stack/dev-drm-vpc-xxxxxxxx-VpcsDrmVpc-xxxxxxxxxx/xxxxxxxxx-xxxx-xxxxx-xxxx-xxxxxxxx",
      "Key": "aws:cloudformation:stack-id"
    },
    {
      "Value": "dev-drm-vpc-xxxxxxxx-VpcsDrmVpc-xxxxxxxxxx",
      "Key": "aws:cloudformation:stack-name"
    }
  ],
  "State": "available",
  "DhcpOptionsId": "dopt-xxxxxxxx",
  "CidrBlock": "10.xxxx.0.0/16",
  "IsDefault": false
}

List subnets by VPC-ID

$ awsctl list subnets --vpcId vpc-6b93160f
SUBNET ID		VPC ID			STATE		CIDR BLOCK		AVAILABILITY-ZONE
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1a
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.0.0/24	us-east-1a
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1c
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1a
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1b
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1c
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1b
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1a
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1c
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1c
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1b
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1c
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1a
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1b
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1b
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1c
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1b
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1a
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1a
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1b
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1c
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1c
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1a
subnet-ffffffff	vpc-ffffffff	available	10.xxxx.00.0/24	us-east-1b

Describe subnets by subnet ID

awsctl describe subnets --subnetId subnet-xxxxxx
[
  {
    "VpcId": "vpc-xxxxxxxx",
    "Tags": [
      {
        "Value": "arn:aws:cloudformation:us-east-1:xxxxffxxxxxx:stack/dev-drm-vpc-xxxxxxxx-VpcsDrmNetworking-xxxxxxx/xxxxxxx-xxxx-xxxxx-xxxx-xxxxxxxxxxx",
        "Key": "aws:cloudformation:stack-id"
      },
      {
        "Value": "ZtrusteeAVpcSubnet",
        "Key": "aws:cloudformation:logical-id"
      },
      {
        "Value": "dev-drm-vpc-xxxxxxxx-VpcsDrmNetworking-xxxxxxxx",
        "Key": "aws:cloudformation:stack-name"
      },
      {
        "Value": "dev-drm-vpc-xxxxxxxx-VpcsDrmNetworking-xxxxxxxx ztrustee_a",
        "Key": "Name"
      }
    ],
    "CidrBlock": "10.xxxx.xx.0/24",
    "MapPublicIpOnLaunch": false,
    "DefaultForAz": false,
    "State": "available",
    "AvailabilityZone": "us-east-1a",
    "SubnetId": "subnet-xxxxxxxx",
    "AvailableIpAddressCount": 250
  }
]

List Route Tables by VPC-ID

$ awsctl list routetables --vpcId vpc-xxxxxxxx
VPC ID		ROUTE-TABLE ID
vpc-xxxxxxxx	rtb-xxxxxxxx
vpc-xxxxxxxx	rtb-xxxxxxxx
vpc-xxxxxxxx	rtb-xxxxxxxx
vpc-xxxxxxxx	rtb-xxxxxxxx

Describe Route Table by Route Table ID

$ awsctl describe routetables --routeTableId rtb-6b1c6b0f
[
  {
    "Associations": [
      {
        "RouteTableAssociationId": "rtbassoc-fffffff",
        "Main": true,
        "RouteTableId": "rtb-fffffff"
      }
    ],
    "RouteTableId": "rtb-fffffff",
    "VpcId": "vpc-fffffff",
    "PropagatingVgws": [],
    "Tags": [],
    "Routes": [
      {
        "GatewayId": "local",
        "DestinationCidrBlock": "10.xxx.0.0/16",
        "State": "active",
        "Origin": "CreateRouteTable"
      }
    ]
  }
]