-
Notifications
You must be signed in to change notification settings - Fork 0
/
ec2_instance_profile.py
executable file
·110 lines (91 loc) · 2.75 KB
/
ec2_instance_profile.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/usr/bin/env python
import boto3
import botocore.exceptions
# delegate access to EC2
delegate = """{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
"""
iam = boto3.resource('iam')
# create role, delegated to EC2
try:
iam.create_role(RoleName='s3_access_role', AssumeRolePolicyDocument=delegate)
except botocore.exceptions.ClientError:
pass
# give access to cpug bucket
policy_doc = """{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::cpug/*"
]
}
}
"""
# create policy to give access to S3
try:
policy = iam.create_policy(PolicyName='s3_access_policy', PolicyDocument=policy_doc)
policy.attach_role(RoleName='s3_access_role')
except botocore.exceptions.ClientError:
pass
# create instance profile, which uses the role, which has the policy attached
try:
instance_profile = iam.create_instance_profile(InstanceProfileName='s3_access_profile')
instance_profile.add_role(RoleName='s3_access_role')
except botocore.exceptions.ClientError:
pass
ec2 = boto3.resource('ec2')
# allow HTTP access
try:
security_group = ec2.create_security_group(GroupName='http_access',
Description='pug talk')
security_group.authorize_ingress(IpProtocol='tcp',
CidrIp='0.0.0.0/0',
FromPort=80,
ToPort=80)
except botocore.exceptions.ClientError:
pass
# download from s3, put it on web server
user_data = """#!/bin/bash
# install web server
yum install httpd -y
aws s3 cp s3://cpug/image.png /var/www/icons/image.png
echo "<img src='../icons/image.png'>" > /var/www/html/index.html
service httpd start"""
instances = ec2.create_instances(ImageId='ami-11032472',
InstanceType='t2.micro',
MinCount=1,
MaxCount=1,
KeyName='cpug',
SecurityGroupIds=['http_access'],
UserData=user_data,
IamInstanceProfile={'Name': 's3_access_profile'})
print('launching')
instances[0].wait_until_running()
print('running (and installing web server)')
ip_address = ec2.Instance(instances[0].id).public_ip_address
import time
import socket
while True:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(1)
try:
s.connect((ip_address, 80))
break
except:
pass
s.close()
time.sleep(1)
print('type: open http://' + ip_address)