Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
aws
GitHub Repository: aws/aws-cli
 Path: blob/develop/awscli/customizations/configservice/subscribe.py
1567 views
1
# Copyright 2014 Amazon.com, Inc. or its affiliates. All Rights Reserved.

2
#

3
# Licensed under the Apache License, Version 2.0 (the "License"). You

4
# may not use this file except in compliance with the License. A copy of

5
# the License is located at

6
#

7
#     http://aws.amazon.com/apache2.0/

8
#

9
# or in the "license" file accompanying this file. This file is

10
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF

11
# ANY KIND, either express or implied. See the License for the specific

12
# language governing permissions and limitations under the License.

13
import json

14
import sys

15


16
from awscli.customizations.commands import BasicCommand

17
from awscli.customizations.utils import s3_bucket_exists

18
from awscli.customizations.s3.utils import find_bucket_key

19


20


21
S3_BUCKET = {'name': 's3-bucket', 'required': True,

22
             'help_text': ('The S3 bucket that the AWS Config delivery channel'

23
                           ' will use. If the bucket does not exist, it will '

24
                           'be automatically created. The value for this '

25
                           'argument should follow the form '

26
                           'bucket/prefix. Note that the prefix is optional.')}

27


28
SNS_TOPIC = {'name': 'sns-topic', 'required': True,

29
             'help_text': ('The SNS topic that the AWS Config delivery channel'

30
                           ' will use. If the SNS topic does not exist, it '

31
                           'will be automatically created. Value for this '

32
                           'should be a valid SNS topic name or the ARN of an '

33
                           'existing SNS topic.')}

34


35
IAM_ROLE = {'name': 'iam-role', 'required': True,

36
            'help_text': ('The IAM role that the AWS Config configuration '

37
                          'recorder will use to record current resource '

38
                          'configurations. Value for this should be the '

39
                          'ARN of the desired IAM role.')}

40


41


42
def register_subscribe(cli):

43
    cli.register('building-command-table.configservice', add_subscribe)

44


45


46
def add_subscribe(command_table, session, **kwargs):

47
    command_table['subscribe'] = SubscribeCommand(session)

48


49


50
class SubscribeCommand(BasicCommand):

51
    NAME = 'subscribe'

52
    DESCRIPTION = ('Subscribes user to AWS Config by creating an AWS Config '

53
                   'delivery channel and configuration recorder to track '

54
                   'AWS resource configurations. The names of the default '

55
                   'channel and configuration recorder will be default.')

56
    ARG_TABLE = [S3_BUCKET, SNS_TOPIC, IAM_ROLE]

57


58
    def __init__(self, session):

59
        self._s3_client = None

60
        self._sns_client = None

61
        self._config_client = None

62
        super(SubscribeCommand, self).__init__(session)

63


64
    def _run_main(self, parsed_args, parsed_globals):

65
        # Setup the necessary all of the necessary clients.

66
        self._setup_clients(parsed_globals)

67


68
        # Prepare a s3 bucket for use.

69
        s3_bucket_helper = S3BucketHelper(self._s3_client)

70
        bucket, prefix = s3_bucket_helper.prepare_bucket(parsed_args.s3_bucket)

71


72
        # Prepare a sns topic for use.

73
        sns_topic_helper = SNSTopicHelper(self._sns_client)

74
        sns_topic_arn = sns_topic_helper.prepare_topic(parsed_args.sns_topic)

75


76
        name = 'default'

77


78
        # Create a configuration recorder.

79
        self._config_client.put_configuration_recorder(

80
            ConfigurationRecorder={

81
                'name': name,

82
                'roleARN': parsed_args.iam_role

83
            }

84
        )

85


86
        # Create a delivery channel.

87
        delivery_channel = {

88
            'name': name,

89
            's3BucketName': bucket,

90
            'snsTopicARN': sns_topic_arn

91
        }

92


93
        if prefix:

94
            delivery_channel['s3KeyPrefix'] = prefix

95


96
        self._config_client.put_delivery_channel(

97
            DeliveryChannel=delivery_channel)

98


99
        # Start the configuration recorder.

100
        self._config_client.start_configuration_recorder(

101
            ConfigurationRecorderName=name

102
        )

103


104
        # Describe the configuration recorders

105
        sys.stdout.write('Subscribe succeeded:\n\n')

106
        sys.stdout.write('Configuration Recorders: ')

107
        response = self._config_client.describe_configuration_recorders()

108
        sys.stdout.write(

109
            json.dumps(response['ConfigurationRecorders'], indent=4))

110
        sys.stdout.write('\n\n')

111


112
        # Describe the delivery channels

113
        sys.stdout.write('Delivery Channels: ')

114
        response = self._config_client.describe_delivery_channels()

115
        sys.stdout.write(json.dumps(response['DeliveryChannels'], indent=4))

116
        sys.stdout.write('\n')

117


118
        return 0

119


120
    def _setup_clients(self, parsed_globals):

121
        client_args = {

122
            'verify': parsed_globals.verify_ssl,

123
            'region_name': parsed_globals.region

124
        }

125
        self._s3_client = self._session.create_client('s3', **client_args)

126
        self._sns_client = self._session.create_client('sns', **client_args)

127
        # Use the specified endpoint only for config related commands.

128
        client_args['endpoint_url'] = parsed_globals.endpoint_url

129
        self._config_client = self._session.create_client('config',

130
                                                          **client_args)

131


132


133
class S3BucketHelper(object):

134
    def __init__(self, s3_client):

135
        self._s3_client = s3_client

136


137
    def prepare_bucket(self, s3_path):

138
        bucket, key = find_bucket_key(s3_path)

139
        bucket_exists = self._check_bucket_exists(bucket)

140
        if not bucket_exists:

141
            self._create_bucket(bucket)

142
            sys.stdout.write('Using new S3 bucket: %s\n' % bucket)

143
        else:

144
            sys.stdout.write('Using existing S3 bucket: %s\n' % bucket)

145
        return bucket, key

146


147
    def _check_bucket_exists(self, bucket):

148
        return s3_bucket_exists(self._s3_client, bucket)

149


150
    def _create_bucket(self, bucket):

151
        region_name = self._s3_client.meta.region_name

152
        params = {

153
            'Bucket': bucket

154
        }

155
        bucket_config = {'LocationConstraint': region_name}

156
        if region_name != 'us-east-1':

157
            params['CreateBucketConfiguration'] = bucket_config

158
        self._s3_client.create_bucket(**params)

159


160


161
class SNSTopicHelper(object):

162
    def __init__(self, sns_client):

163
        self._sns_client = sns_client

164


165
    def prepare_topic(self, sns_topic):

166
        sns_topic_arn = sns_topic

167
        # Create the topic if a name is given.

168
        if not self._check_is_arn(sns_topic):

169
            response = self._sns_client.create_topic(Name=sns_topic)

170
            sns_topic_arn = response['TopicArn']

171
            sys.stdout.write('Using new SNS topic: %s\n' % sns_topic_arn)

172
        else:

173
            sys.stdout.write('Using existing SNS topic: %s\n' % sns_topic_arn)

174
        return sns_topic_arn

175


176
    def _check_is_arn(self, sns_topic):

177
        # The name of topic cannot contain a colon only arns have colons.

178
        return ':' in sns_topic

179


180