AWS

This happened:

At ${DAYJOB} I happen to manipulate quite a few AWS accounts for different customers, and I find it really annoying to log out from one web console, to log into a new one, with the right credentials, account ids and MFA. Here you can read a good blog post on how to enable cross account access for third parties and use a basic script to open a web browser to switch from one account to the other.

I found myself searching ridiculously too long to achieve what I believed was a simple task: to apply an Ansible role to newly created instances… started by an Auto Scaling Group. If you’re used to Ansible you know that it relies on an inventory to apply a playbook, but obviously, when you’re firing up EC2 instances with the same playbook, you are not able to know what will be your virtual machines IP addresses, nor can ec2.

For a mysterious reason, EC2 VPN connection informations are stored in XML within the JSON data retrieved by either boto or the awscli command line tool. Here’s a quick python snippet to convert those datas in a convenient, easily parsable dict: Combining this piece of code with jinja2 could help you generate racoon (or whatever IPSec software you use) on the fly. Update here’s a complete example of an automatic generation for racoon / ipsec configuration files using the previous snippet, along with jinja2.

Yes, I know I write a lot about AWS these days, but you know, obsession is my thing. So as I wrote earlier, I generate my CloudFormation templates using troposphere, and the one thing I had to finish today was to register a latency based Alias record on Route53 for an ELB. While Route53 GUI is fairly easy to use, I’ve been stuck on its programmatic emanation for quite a while, so here’s a troposphere definition of such a CloudFormation object:

So you’re using AWS CloudFormation in order to bring up complex infrastructures; haven’t you already told yourself that instead of writing down all those JSON lines by hand, you could bring more fun to your architect life? I did, and I found a way to programmatically design a whole architecture using troposphere and boto3. Simply put, troposphere gives you bindings in order to generate CloudFormation’s JSON template, but hey, it’s python, meaning that you can create loops, use conditions and even dynamically build objects.

AWS is an amazing piece of cloud, but the documentation is not always clear. I’ve been scratching my head trying to understand how Reserved Instances pricing was applied to actual instances. First I was searching for a “Launch a Reserved Instance” button, or even “Associate this Reserved Instance”, but no, nothing. I found the official documentation to be quite evasive so I took my chance on the ##aws IRC channel on irc.

Long time no see huh? ;) I’m diving into Amazon Web Services for some months now, and I must say I’m pretty impressed by the overall quality. Compared to the other “clouds” I’ve played with, it’s the most mature and comprehensive by far. While writing a couple of tools to make my life easier, there’s one piece that took me longer: filtering the output of the aws ec2 describe-instances command. The output is in JSON, which is quite nice you might say, and it is, but when it comes to interact with JSON in the command line, things can get a little messy.